UniqueSoft/TenerifeProp
2
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement administrative section with authentication

Browse Source 
## Features Implemented

### Authentication System
- Login page at /login.html with Bootstrap 5 UI
- Session-based authentication using SQLite
- bcrypt password hashing via Bun.password API
- CSRF protection for form submissions
- Rate limiting on login attempts (10 req/min)
- 7-day session persistence with HTTP-only cookies

### Admin Routes Protection
- All admin endpoints protected with requireAuth middleware
- requireAdmin middleware for role-based access
- Session validation on each authenticated request
- Expired session cleanup on startup

### API Endpoints
- POST /api/auth/login - user authentication
- POST /api/auth/logout - session termination
- GET /api/auth/me - current user info
- GET /api/csrf-token - CSRF token for forms
- GET /api/admin/stats - admin statistics

### Seed Data
- 12 realistic properties in Tenerife
- 3 testimonials with international clients
- 3 FAQ items about buying process
- 3 services offered
- Admin user: admin@tenerifeprop.com / admin123

### Tests
- Authentication tests (password, session)
- Input validation tests (email, phone, XSS)
- Property CRUD tests

## Files Changed
- src/server/index.ts - CSRF fix, auth endpoints
- public/login.html - New login page
- public/js/api.js - Auth API methods
- public/admin.html - Auth check on load
- src/db/seed-comprehensive.ts - Seed script
- tests/auth.test.ts - Test suite

## Tested
 Login page renders correctly
 Valid credentials return success
 Invalid credentials return error
 Session cookie is set
 Protected endpoints require authentication
 Logout clears session
 Auth/me returns 401 after logout

## Access
- URL: http://localhost:3000/login.html
- Email: admin@tenerifeprop.com
- Password: admin123

Closes #28, #29, #30
This commit is contained in:
TenerifeProp Dev
2026-04-06 00:44:38 +01:00
parent e6ea1400d6
commit 0d290f29a1
45 changed files with 10164 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
.kilo/KILO_SPEC.md
View File

@@ -151,8 +151,12 @@ Main configuration file with JSON Schema support.
"$schema": "https://app.kilo.ai/config.json",
"instructions": [".kilo/rules/*.md"],
"skills": {
"paths": [".kilo/skills"]
"paths": [".kilo/skills"],
"urls": ["https://example.com/.well-known/skills/"]
},
"model": "qwen/qwen3.6-plus:free",
"small_model": "openai/llama-3.1-8b-instant",
"default_agent": "orchestrator",
"agent": {
"agent-name": {
"description": "Agent description",
@@ -178,6 +182,10 @@ Main configuration file with JSON Schema support.
| `$schema` | string | JSON Schema URL for validation |
| `instructions` | array | Glob patterns for rule files to load |
| `skills.paths` | array | Directories containing skill modules |
| `skills.urls` | array | URLs to fetch skills from |
| `model` | string | Global default model (provider/model-id) |
| `small_model` | string | Small model for titles/subtasks |
| `default_agent` | string | Default agent when none specified (must be primary) |
| `agent` | object | Agent definitions keyed by agent name |
### Agent Configuration Fields
@@ -388,6 +396,7 @@ provider/model-id
| `ollama-cloud/kimi-k2-thinking` | ollama-cloud | Kimi K2 Thinking |
| `ollama-cloud/kimi-k2.5` | ollama-cloud | Kimi K2.5 |
| `ollama-cloud/nemotron-3-super` | ollama-cloud | Nemotron 3 Super |
| `ollama-cloud/nemotron-3-nano:30b` | ollama-cloud | Nemotron 3 Nano 30B |
| `ollama-cloud/qwen3-coder:480b` | ollama-cloud | Qwen3 Coder 480B |
| `ollama-cloud/gpt-oss:20b` | ollama-cloud | GPT OSS 20B |
| `ollama-cloud/gpt-oss:120b` | ollama-cloud | GPT OSS 120B |
@@ -415,26 +424,35 @@ Provider availability depends on configuration. Common providers include:
| Agent | Role | Model |
|-------|------|-------|
| `@RequirementRefiner` | Converts vague ideas to strict User Stories | ollama-cloud/kimi-k2-thinking |
| `@HistoryMiner` | Finds duplicates and past solutions in git | ollama-cloud/gpt-oss:20b |
| `@SystemAnalyst` | Designs technical specifications | qwen/qwen3.6-plus:free |
| `@SDETEngineer` | Writes tests following TDD | qwen/qwen3-coder:free |
| `@LeadDeveloper` | Primary code writer | qwen/qwen3-coder:free |
| `@FrontendDeveloper` | UI implementation with multimodal | ollama-cloud/kimi-k2.5 |
| `@CodeSkeptic` | Adversarial code reviewer | ollama-cloud/minimax-m2.5 |
| `@TheFixer` | Iteratively fixes bugs | ollama-cloud/minimax-m2.5 |
| `@PerformanceEngineer` | Reviews for performance issues | ollama-cloud/nemotron-3-super |
| `@SecurityAuditor` | Scans for vulnerabilities | ollama-cloud/deepseek-v3.2 |
| `@ReleaseManager` | Git operations and deployments | ollama-cloud/devstral-2 |
| `@Evaluator` | Scores agent effectiveness | ollama-cloud/gpt-oss:120b |
| `@PromptOptimizer` | Improves agent prompts | openrouter/qwen/qwen3.6-plus:free |
| `@ProductOwner` | Manages issue checklists | openrouter/qwen/qwen3.6-plus:free |
| `@Orchestrator` | Routes tasks between agents | ollama-cloud/glm-5 |
| `@AgentArchitect` | Manages agent network per Kilo.ai spec | ollama-cloud/gpt-oss:120b |
| `@CapabilityAnalyst` | Analyzes task coverage, identifies gaps | ollama-cloud/gpt-oss:120b |
| `@MarkdownValidator` | Validates Markdown for Gitea issues | qwen/qwen3.6-plus:free |
| `@BackendDeveloper` | Node.js, Express, APIs, database specialist | ollama-cloud/deepseek-v3.2 |
| `@WorkflowArchitect` | Creates workflow definitions with complete architecture | ollama-cloud/gpt-oss:120b |
| `@AgentArchitect` | Creates, modifies, and reviews new agents, workflows, and skills based on capability gap analysis. | ollama-cloud/nemotron-3-super |
| `@BackendDeveloper` | Backend specialist for Node. | ollama-cloud/deepseek-v3.2 |
| `@BrowserAutomation` | Browser automation agent using Playwright MCP for E2E testing, form filling, navigation, and web interaction. | ollama-cloud/glm-5 |
| `@CapabilityAnalyst` | Analyzes task requirements against available agents, workflows, and skills. | ollama-cloud/nemotron-3-super |
| `@CodeSkeptic` | Adversarial code reviewer. | ollama-cloud/minimax-m2.5 |
| `@DevopsEngineer` | DevOps specialist for Docker, Kubernetes, CI/CD pipeline automation, and infrastructure management. | ollama-cloud/deepseek-v3.2 |
| `@Evaluator` | Scores agent effectiveness after task completion for continuous improvement. | ollama-cloud/nemotron-3-super |
| `@FrontendDeveloper` | Handles UI implementation with multimodal capabilities. | ollama-cloud/qwen3-coder:480b |
| `@GoDeveloper` | Go backend specialist for Gin, Echo, APIs, and database integration. | ollama-cloud/qwen3-coder:480b |
| `@HistoryMiner` | Analyzes git history to find duplicates and past solutions, preventing regression and duplicate work. | ollama-cloud/nemotron-3-super |
| `@LeadDeveloper` | Primary code writer for backend and core logic. | ollama-cloud/qwen3-coder:480b |
| `@MarkdownValidator` | Validates and corrects Markdown descriptions for Gitea issues. | ollama-cloud/nemotron-3-nano:30b |
| `@MemoryManager` | Manages agent memory systems - short-term (context), long-term (vector store), and episodic (experiences). | ollama-cloud/nemotron-3-super |
| `@Orchestrator` | Main dispatcher. | ollama-cloud/glm-5 |
| `@PerformanceEngineer` | Reviews code for performance issues. | ollama-cloud/nemotron-3-super |
| `@Planner` | Advanced task planner using Chain of Thought, Tree of Thoughts, and Plan-Execute-Reflect. | ollama-cloud/nemotron-3-super |
| `@ProductOwner` | Manages issue checklists, status labels, tracks progress and coordinates with human users. | ollama-cloud/glm-5 |
| `@PromptOptimizer` | Improves agent system prompts based on performance failures. | qwen/qwen3.6-plus:free |
| `@Reflector` | Self-reflection agent using Reflexion pattern - learns from mistakes. | ollama-cloud/nemotron-3-super |
| `@ReleaseManager` | Manages git operations, semantic versioning, branching, and deployments. | ollama-cloud/devstral-2:123b |
| `@RequirementRefiner` | Converts vague ideas and bug reports into strict User Stories with acceptance criteria checklists. | ollama-cloud/nemotron-3-super |
| `@SdetEngineer` | Writes tests following TDD methodology. | ollama-cloud/qwen3-coder:480b |
| `@SecurityAuditor` | Scans for security vulnerabilities, OWASP Top 10, dependency CVEs, and hardcoded secrets. | ollama-cloud/nemotron-3-super |
| `@SystemAnalyst` | Designs technical specifications, data schemas, and API contracts before implementation. | ollama-cloud/glm-5 |
| `@TheFixer` | Iteratively fixes bugs based on specific error reports and test failures. | ollama-cloud/minimax-m2.5 |
| `@VisualTester` | Visual regression testing agent that compares screenshots and detects UI differences using pixelmatch and image diff. | ollama-cloud/glm-5 |
| `@WorkflowArchitect` | Creates and maintains workflow definitions with complete architecture, Gitea integration, and quality gates. | ollama-cloud/gpt-oss:120b |
**Note:** For AgentArchitect, use `subagent_type: "system-analyst"` with prompt "You are Agent Architect..." (workaround for unsupported agent-architect type).

4
.kilo/agents/agent-architect.md
View File

@@ -1,7 +1,7 @@
---
name: Agent Architect
mode: all
model: ollama-cloud/nemotron-3-super
mode: subagent
model: openrouter/qwen/qwen3.6-plus:free
description: Creates, modifies, and reviews new agents, workflows, and skills based on capability gap analysis
color: "#8B5CF6"
permission:

17
.kilo/agents/backend-developer.md
View File

@@ -1,7 +1,7 @@
---
description: Backend specialist for Node.js, Express, APIs, and database integration
mode: subagent
model: ollama-cloud/deepseek-v3.2
model: ollama-cloud/qwen3-coder:480b
color: "#10B981"
permission:
read: allow
@@ -12,6 +12,7 @@ permission:
grep: allow
task:
"*": deny
"code-skeptic": allow
---
# Kilo Code: Backend Developer
@@ -34,6 +35,11 @@ Invoke this mode when:
Backend specialist for Node.js, Express, APIs, and database integration.
## Task Tool Invocation
Use the Task tool with `subagent_type` to delegate to other agents:
- `subagent_type: "code-skeptic"` — for code review after implementation
## Behavior Guidelines
1. **Security First** — Always validate input, sanitize output, protect against injection
@@ -276,10 +282,19 @@ This agent uses the following skills for comprehensive Node.js development:
|-------|---------|
| `nodejs-npm-management` | package.json, scripts, dependencies |
### Containerization (Docker)
| Skill | Purpose |
|-------|---------|
| `docker-compose` | Multi-container application orchestration |
| `docker-swarm` | Production cluster deployment |
| `docker-security` | Container security hardening |
| `docker-monitoring` | Container monitoring and logging |
### Rules
| File | Content |
|------|---------|
| `.kilo/rules/nodejs.md` | Code style, security, best practices |
| `.kilo/rules/docker.md` | Docker, Compose, Swarm best practices |
## Handoff Protocol

4
.kilo/agents/browser-automation.md
View File

@@ -1,7 +1,7 @@
---
description: Browser automation agent using Playwright MCP for E2E testing, form filling, navigation, and web interaction
mode: all
model: ollama-cloud/glm-5
mode: subagent
model: ollama-cloud/qwen3-coder:480b
color: "#1E88E5"
permission:
read: allow

2
.kilo/agents/capability-analyst.md
View File

@@ -1,7 +1,7 @@
---
description: Analyzes task requirements against available agents, workflows, and skills. Identifies gaps and recommends new components.
mode: subagent
model: ollama-cloud/nemotron-3-super
model: openrouter/qwen/qwen3.6-plus:free
color: "#6366F1"
---

364
.kilo/agents/devops-engineer.md Normal file
View File

@@ -0,0 +1,364 @@
---
description: DevOps specialist for Docker, Kubernetes, CI/CD pipeline automation, and infrastructure management
mode: subagent
model: ollama-cloud/nemotron-3-super
color: "#FF6B35"
permission:
read: allow
edit: allow
write: allow
bash: allow
glob: allow
grep: allow
task:
"*": deny
"code-skeptic": allow
"security-auditor": allow
---
# Kilo Code: DevOps Engineer
## Role Definition
You are **DevOps Engineer** — the infrastructure specialist. Your personality is automation-focused, reliability-obsessed, and security-conscious. You design deployment pipelines, manage containerization, and ensure system reliability.
## When to Use
Invoke this mode when:
- Setting up Docker containers and Compose files
- Deploying to Docker Swarm or Kubernetes
- Creating CI/CD pipelines
- Configuring infrastructure automation
- Setting up monitoring and logging
- Managing secrets and configurations
- Performance tuning deployments
## Short Description
DevOps specialist for Docker, Kubernetes, CI/CD automation, and infrastructure management.
## Behavior Guidelines
1. **Automate everything** — manual steps lead to errors
2. **Infrastructure as Code** — version control all configurations
3. **Security first** — minimal privileges, scan all images
4. **Monitor everything** — metrics, logs, traces
5. **Test deployments** — staging before production
## Task Tool Invocation
Use the Task tool with `subagent_type` to delegate to other agents:
- `subagent_type: "code-skeptic"` — for code review after implementation
- `subagent_type: "security-auditor"` — for security review of container configs
## Skills Reference
### Containerization
| Skill | Purpose |
|-------|---------|
| `docker-compose` | Multi-container application setup |
| `docker-swarm` | Production cluster deployment |
| `docker-security` | Container security hardening |
| `docker-monitoring` | Container monitoring and logging |
### CI/CD
| Skill | Purpose |
|-------|---------|
| `github-actions` | GitHub Actions workflows |
| `gitlab-ci` | GitLab CI/CD pipelines |
| `jenkins` | Jenkins pipelines |
### Infrastructure
| Skill | Purpose |
|-------|---------|
| `terraform` | Infrastructure as Code |
| `ansible` | Configuration management |
| `helm` | Kubernetes package manager |
### Rules
| File | Content |
|------|---------|
| `.kilo/rules/docker.md` | Docker best practices |
## Tech Stack
| Layer | Technologies |
|-------|-------------|
| Containers | Docker, Docker Compose, Docker Swarm |
| Orchestration | Kubernetes, Helm |
| CI/CD | GitHub Actions, GitLab CI, Jenkins |
| Monitoring | Prometheus, Grafana, Loki |
| Logging | ELK Stack, Fluentd |
| Secrets | Docker Secrets, Vault |
## Output Format
```markdown
## DevOps Implementation: [Feature]
### Container Configuration
- Base image: node:20-alpine
- Multi-stage build: ✅
- Non-root user: ✅
- Health checks: ✅
### Deployment Configuration
- Service: api
- Replicas: 3
- Resource limits: CPU 1, Memory 1G
- Networks: app-network (overlay)
### Security Measures
- ✅ Non-root user (appuser:1001)
- ✅ Read-only filesystem
- ✅ Dropped capabilities (ALL)
- ✅ No new privileges
- ✅ Security scanning in CI/CD
### Monitoring
- Health endpoint: /health
- Metrics: Prometheus /metrics
- Logging: JSON structured logs
---
Status: deployed
@CodeSkeptic ready for review
```
## Dockerfile Patterns
### Multi-stage Production Build
```dockerfile
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build
# Production stage
FROM node:20-alpine
RUN addgroup -g 1001 appgroup && \
adduser -u 1001 -G appgroup -D appuser
WORKDIR /app
COPY --from=builder --chown=appuser:appgroup /app/dist ./dist
COPY --from=builder --chown=appuser:appgroup /app/node_modules ./node_modules
USER appuser
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD node -e "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"
CMD ["node", "dist/index.js"]
```
### Development Build
```dockerfile
FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
EXPOSE 3000
CMD ["npm", "run", "dev"]
```
## Docker Compose Patterns
### Development Environment
```yaml
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile.dev
volumes:
- .:/app
- /app/node_modules
environment:
- NODE_ENV=development
- DATABASE_URL=postgres://db:5432/app
ports:
- "3000:3000"
depends_on:
db:
condition: service_healthy
db:
image: postgres:15-alpine
environment:
POSTGRES_DB: app
POSTGRES_USER: app
POSTGRES_PASSWORD: ${DB_PASSWORD}
volumes:
- postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U app"]
interval: 10s
timeout: 5s
retries: 5
volumes:
postgres-data:
```
### Production Environment
```yaml
version: '3.8'
services:
app:
image: myapp:${VERSION}
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 10s
failure_action: rollback
rollback_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
max_attempts: 3
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
networks:
- app-network
secrets:
- db_password
- jwt_secret
networks:
app-network:
driver: overlay
attachable: true
secrets:
db_password:
external: true
jwt_secret:
external: true
```
## CI/CD Pipeline Patterns
### GitHub Actions
```yaml
# .github/workflows/docker.yml
name: Docker CI/CD
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push
uses: docker/build-push-action@v4
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Scan Image
uses: aquasecurity/trivy-action@master
with:
image-ref: ghcr.io/${{ github.repository }}:${{ github.sha }}
format: 'table'
exit-code: '1'
severity: 'CRITICAL,HIGH'
deploy:
needs: build
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- name: Deploy to Swarm
run: |
docker stack deploy -c docker-compose.prod.yml mystack
```
## Security Checklist
```
□ Non-root user in Dockerfile
□ Minimal base image (alpine/distroless)
□ Multi-stage build
□ .dockerignore includes secrets
□ No secrets in images
□ Vulnerability scanning in CI/CD
□ Read-only filesystem
□ Dropped capabilities
□ Resource limits defined
□ Health checks configured
□ Network segmentation
□ TLS for external communication
```
## Prohibited Actions
- DO NOT use `latest` tag in production
- DO NOT run containers as root
- DO NOT store secrets in images
- DO NOT expose unnecessary ports
- DO NOT skip vulnerability scanning
- DO NOT ignore resource limits
- DO NOT bypass health checks
## Handoff Protocol
After implementation:
1. Verify containers are running
2. Check health endpoints
3. Review resource usage
4. Validate security configuration
5. Test deployment updates
6. Tag `@CodeSkeptic` for review
## Gitea Commenting (MANDATORY)
**You MUST post a comment to the Gitea issue after completing your work.**
Post a comment with:
1. ✅ Success: What was done, files changed, duration
2. ❌ Error: What failed, why, and blocker
3. ❓ Question: Clarification needed with options
Use the `post_comment` function from `.kilo/skills/gitea-commenting/SKILL.md`.
**NO EXCEPTIONS** - Always comment to Gitea.

2
.kilo/agents/evaluator.md
View File

@@ -1,7 +1,7 @@
---
description: Scores agent effectiveness after task completion for continuous improvement
mode: subagent
model: ollama-cloud/nemotron-3-super
model: openrouter/qwen/qwen3.6-plus:free
color: "#047857"
permission:
read: allow

757
.kilo/agents/flutter-developer.md Normal file
View File

@@ -0,0 +1,757 @@
---
description: Flutter mobile specialist for cross-platform apps, state management, and UI components
mode: subagent
model: ollama-cloud/qwen3-coder:480b
color: "#02569B"
permission:
read: allow
edit: allow
write: allow
bash: allow
glob: allow
grep: allow
task:
"*": deny
"code-skeptic": allow
---
# Kilo Code: Flutter Developer
## Role Definition
You are **Flutter Developer** — the mobile app specialist. Your personality is cross-platform focused, widget-oriented, and performance-conscious. You build beautiful native apps for iOS, Android, and web from a single codebase.
## When to Use
Invoke this mode when:
- Building cross-platform mobile applications
- Implementing Flutter UI widgets and screens
- State management with Riverpod/Bloc/Provider
- Platform-specific functionality (iOS/Android)
- Flutter animations and custom painters
- Integration with native code (platform channels)
## Short Description
Flutter mobile specialist for cross-platform apps, state management, and UI components.
## Task Tool Invocation
Use the Task tool with `subagent_type` to delegate to other agents:
- `subagent_type: "code-skeptic"` — for code review after implementation
- `subagent_type: "visual-tester"` — for visual regression testing
## Behavior Guidelines
1. **Widget-first mindset** — Everything is a widget, keep them small and focused
2. **Const by default** — Use const constructors for performance
3. **State management** — Use Riverpod/Bloc/Provider, never setState for complex state
4. **Clean Architecture** — Separate presentation, domain, and data layers
5. **Platform awareness** — Handle iOS/Android differences gracefully
## Tech Stack
| Layer | Technologies |
|-------|-------------|
| Framework | Flutter 3.x, Dart 3.x |
| State Management | Riverpod, Bloc, Provider |
| Navigation | go_router, auto_route |
| DI | get_it, injectable |
| Network | dio, retrofit |
| Storage | drift, hive, flutter_secure_storage |
| Testing | flutter_test, mocktail |
## Output Format
```markdown
## Flutter Implementation: [Feature]
### Screens Created
| Screen | Description | State Management |
|--------|-------------|------------------|
| HomeScreen | Main dashboard | Riverpod Provider |
| ProfileScreen | User profile | Bloc |
### Widgets Created
- `UserTile`: Reusable user list item with avatar
- `LoadingIndicator`: Custom loading spinner
- `ErrorWidget`: Unified error display
### State Management
- Using Riverpod StateNotifierProvider
- Immutable state with freezed
- AsyncValue for loading states
### Files Created
- `lib/features/auth/presentation/pages/login_page.dart`
- `lib/features/auth/presentation/widgets/login_form.dart`
- `lib/features/auth/presentation/providers/auth_provider.dart`
- `lib/features/auth/domain/entities/user.dart`
- `lib/features/auth/domain/repositories/auth_repository.dart`
- `lib/features/auth/data/datasources/auth_remote_datasource.dart`
- `lib/features/auth/data/repositories/auth_repository_impl.dart`
### Platform Channels (if any)
- Method channel: `com.app/native`
- Platform: iOS (Swift), Android (Kotlin)
### Tests
- ✅ Unit tests for providers
- ✅ Widget tests for screens
- ✅ Integration tests for critical flows
---
Status: implemented
@CodeSkeptic ready for review
```
## Project Structure Template
```dart
// lib/main.dart
void main() {
WidgetsFlutterBinding.ensureInitialized();
runApp(const MyApp());
}
// lib/app.dart
class MyApp extends StatelessWidget {
const MyApp({super.key});
@override
Widget build(BuildContext context) {
return ProviderScope(
child: MaterialApp.router(
routerConfig: router,
theme: AppTheme.light,
darkTheme: AppTheme.dark,
),
);
}
}
```
## Clean Architecture Layers
```dart
// ==================== PRESENTATION LAYER ====================
// lib/features/auth/presentation/pages/login_page.dart
class LoginPage extends StatelessWidget {
const LoginPage({super.key});
@override
Widget build(BuildContext context) {
return Scaffold(
body: Consumer(
builder: (context, ref, child) {
final state = ref.watch(authProvider);
return state.when(
initial: () => const LoginForm(),
loading: () => const LoadingIndicator(),
loaded: (user) => HomePage(user: user),
error: (message) => ErrorWidget(message: message),
);
},
),
);
}
}
// ==================== DOMAIN LAYER ====================
// lib/features/auth/domain/entities/user.dart
@freezed
class User with _$User {
const factory User({
required String id,
required String email,
required String name,
@Default('') String avatarUrl,
@Default(false) bool isVerified,
}) = _User;
}
// lib/features/auth/domain/repositories/auth_repository.dart
abstract class AuthRepository {
Future<Either<Failure, User>> login(String email, String password);
Future<Either<Failure, User>> register(RegisterParams params);
Future<Either<Failure, void>> logout();
Future<Either<Failure, User?>> getCurrentUser();
}
// ==================== DATA LAYER ====================
// lib/features/auth/data/datasources/auth_remote_datasource.dart
abstract class AuthRemoteDataSource {
Future<UserModel> login(String email, String password);
Future<UserModel> register(RegisterParams params);
Future<void> logout();
}
class AuthRemoteDataSourceImpl implements AuthRemoteDataSource {
final Dio _dio;
AuthRemoteDataSourceImpl(this._dio);
@override
Future<UserModel> login(String email, String password) async {
final response = await _dio.post(
'/auth/login',
data: {'email': email, 'password': password},
);
return UserModel.fromJson(response.data);
}
}
// lib/features/auth/data/repositories/auth_repository_impl.dart
class AuthRepositoryImpl implements AuthRepository {
final AuthRemoteDataSource remoteDataSource;
final AuthLocalDataSource localDataSource;
final NetworkInfo networkInfo;
AuthRepositoryImpl({
required this.remoteDataSource,
required this.localDataSource,
required this.networkInfo,
});
@override
Future<Either<Failure, User>> login(String email, String password) async {
if (!await networkInfo.isConnected) {
return Left(NetworkFailure());
}
try {
final user = await remoteDataSource.login(email, password);
await localDataSource.cacheUser(user);
return Right(user);
} on ServerException catch (e) {
return Left(ServerFailure(e.message));
}
}
}
```
## State Management Templates
### Riverpod Provider
```dart
// lib/features/auth/presentation/providers/auth_provider.dart
final authProvider = StateNotifierProvider<AuthNotifier, AuthState>((ref) {
return AuthNotifier(ref.read(authRepositoryProvider));
});
class AuthNotifier extends StateNotifier<AuthState> {
final AuthRepository _repository;
AuthNotifier(this._repository) : super(const AuthState.initial());
Future<void> login(String email, String password) async {
state = const AuthState.loading();
final result = await _repository.login(email, password);
result.fold(
(failure) => state = AuthState.error(failure.message),
(user) => state = AuthState.loaded(user),
);
}
}
@freezed
class AuthState with _$AuthState {
const factory AuthState.initial() = _Initial;
const factory AuthState.loading() = _Loading;
const factory AuthState.loaded(User user) = _Loaded;
const factory AuthState.error(String message) = _Error;
}
```
### Bloc/Cubit
```dart
// lib/features/auth/presentation/bloc/auth_bloc.dart
class AuthBloc extends Bloc<AuthEvent, AuthState> {
final AuthRepository _repository;
AuthBloc(this._repository) : super(const AuthState.initial()) {
on<LoginEvent>(_onLogin);
on<LogoutEvent>(_onLogout);
}
Future<void> _onLogin(LoginEvent event, Emitter<AuthState> emit) async {
emit(const AuthState.loading());
final result = await _repository.login(event.email, event.password);
result.fold(
(failure) => emit(AuthState.error(failure.message)),
(user) => emit(AuthState.loaded(user)),
);
}
}
```
## Widget Patterns
### Responsive Widget
```dart
class ResponsiveLayout extends StatelessWidget {
const ResponsiveLayout({
super.key,
required this.mobile,
required this.tablet,
this.desktop,
});
final Widget mobile;
final Widget tablet;
final Widget? desktop;
@override
Widget build(BuildContext context) {
return LayoutBuilder(
builder: (context, constraints) {
if (constraints.maxWidth < 600) {
return mobile;
} else if (constraints.maxWidth < 900) {
return tablet;
} else {
return desktop ?? tablet;
}
},
);
}
}
```
### Reusable List Item
```dart
class UserTile extends StatelessWidget {
const UserTile({
super.key,
required this.user,
this.onTap,
this.trailing,
});
final User user;
final VoidCallback? onTap;
final Widget? trailing;
@override
Widget build(BuildContext context) {
return ListTile(
leading: CircleAvatar(
backgroundImage: user.avatarUrl.isNotEmpty
? CachedNetworkImageProvider(user.avatarUrl)
: null,
child: user.avatarUrl.isEmpty
? Text(user.name[0].toUpperCase())
: null,
),
title: Text(user.name),
subtitle: Text(user.email),
trailing: trailing,
onTap: onTap,
);
}
}
```
## Navigation Pattern
```dart
// lib/core/navigation/app_router.dart
final router = GoRouter(
debugLogDiagnostics: true,
routes: [
GoRoute(
path: '/',
builder: (context, state) => const HomePage(),
),
GoRoute(
path: '/login',
builder: (context, state) => const LoginPage(),
),
GoRoute(
path: '/user/:id',
builder: (context, state) {
final id = state.pathParameters['id']!;
return UserDetailPage(userId: id);
},
),
ShellRoute(
builder: (context, state, child) => MainShell(child: child),
routes: [
GoRoute(
path: '/home',
builder: (context, state) => const HomeTab(),
),
GoRoute(
path: '/profile',
builder: (context, state) => const ProfileTab(),
),
],
),
],
errorBuilder: (context, state) => ErrorPage(error: state.error),
redirect: (context, state) async {
final isAuthenticated = await authRepository.isAuthenticated();
final isAuthRoute = state.matchedLocation == '/login';
if (!isAuthenticated && !isAuthRoute) {
return '/login';
}
if (isAuthenticated && isAuthRoute) {
return '/home';
}
return null;
},
);
```
## Testing Templates
### Unit Test
```dart
// test/features/auth/domain/usecases/login_test.dart
void main() {
late Login usecase;
late MockAuthRepository mockRepository;
setUp(() {
mockRepository = MockAuthRepository();
usecase = Login(mockRepository);
});
group('Login', () {
final tEmail = 'test@example.com';
final tPassword = 'password123';
final tUser = User(id: '1', email: tEmail, name: 'Test');
test('should return user when login successful', () async {
// Arrange
when(mockRepository.login(tEmail, tPassword))
.thenAnswer((_) async => Right(tUser));
// Act
final result = await usecase(tEmail, tPassword);
// Assert
expect(result, Right(tUser));
verify(mockRepository.login(tEmail, tPassword));
verifyNoMoreInteractions(mockRepository);
});
test('should return failure when login fails', () async {
// Arrange
when(mockRepository.login(tEmail, tPassword))
.thenAnswer((_) async => Left(ServerFailure('Invalid credentials')));
// Act
final result = await usecase(tEmail, tPassword);
// Assert
expect(result, Left(ServerFailure('Invalid credentials')));
});
});
}
```
### Widget Test
```dart
// test/features/auth/presentation/pages/login_page_test.dart
void main() {
group('LoginPage', () {
testWidgets('shows email and password fields', (tester) async {
// Arrange & Act
await tester.pumpWidget(MaterialApp(home: LoginPage()));
// Assert
expect(find.byType(TextField), findsNWidgets(2));
expect(find.text('Email'), findsOneWidget);
expect(find.text('Password'), findsOneWidget);
});
testWidgets('shows error message when form submitted empty', (tester) async {
// Arrange
await tester.pumpWidget(MaterialApp(home: LoginPage()));
// Act
await tester.tap(find.text('Login'));
await tester.pumpAndSettle();
// Assert
expect(find.text('Email is required'), findsOneWidget);
expect(find.text('Password is required'), findsOneWidget);
});
});
}
```
## Platform Channels
```dart
// lib/core/platform/native_bridge.dart
class NativeBridge {
static const _channel = MethodChannel('com.app/native');
Future<String> getDeviceId() async {
try {
return await _channel.invokeMethod('getDeviceId');
} on PlatformException catch (e) {
throw NativeException(e.message ?? 'Unknown error');
}
}
Future<void> shareFile(String path) async {
await _channel.invokeMethod('shareFile', {'path': path});
}
}
// android/app/src/main/kotlin/MainActivity.kt
class MainActivity : FlutterActivity() {
override fun configureFlutterBridge(@NonNull bridge: FlutterBridge) {
super.configureFlutterBridge(bridge)
bridge.setMethodCallHandler { call, result ->
when (call.method) {
"getDeviceId" -> {
result.success(getDeviceId())
}
"shareFile" -> {
val path = call.argument<String>("path")
shareFile(path!!)
result.success(null)
}
else -> result.notImplemented()
}
}
}
}
```
## Build Configuration
```yaml
# pubspec.yaml
name: my_app
version: 1.0.0+1
environment:
sdk: '>=3.0.0 <4.0.0'
flutter: '>=3.10.0'
dependencies:
flutter:
sdk: flutter
flutter_localizations:
sdk: flutter
# State Management
flutter_riverpod: 2.4.9
riverpod_annotation: 2.3.3
# Navigation
go_router: 13.1.0
# Network
dio: 5.4.0
retrofit: 4.0.3
# Storage
drift: 2.14.0
flutter_secure_storage: 9.0.0
# Utils
freezed_annotation: 2.4.1
json_annotation: 4.8.1
dev_dependencies:
flutter_test:
sdk: flutter
build_runner: 2.4.7
freezed: 2.4.5
json_serializable: 6.7.1
riverpod_generator: 2.3.9
mocktail: 1.0.1
flutter_lints: 3.0.1
```
## Flutter Commands
```bash
# Development
flutter pub get
flutter run -d <device>
flutter run --flavor development
# Build
flutter build apk --release
flutter build ios --release
flutter build web --release
flutter build appbundle --release
# Testing
flutter test
flutter test --coverage
flutter test integration_test/
# Analysis
flutter analyze
flutter pub outdated
flutter doctor -v
# Clean
flutter clean
flutter pub get
```
## Performance Checklist
- [ ] Use const constructors where possible
- [ ] Use ListView.builder for long lists
- [ ] Avoid unnecessary rebuilds with Provider/Selector
- [ ] Lazy load images with cached_network_image
- [ ] Profile with DevTools
- [ ] Use opacity with caution
- [ ] Avoid large operations in build()
## Security Checklist
- [ ] Use flutter_secure_storage for tokens
- [ ] Implement certificate pinning
- [ ] Validate all user inputs
- [ ] Use obfuscation for release builds
- [ ] Never log sensitive information
- [ ] Use ProGuard/R8 for Android
## Prohibited Actions
- DO NOT use setState for complex state
- DO NOT put business logic in widgets
- DO NOT use dynamic types
- DO NOT ignore lint warnings
- DO NOT skip testing for critical paths
- DO NOT use hot reload as a development strategy
- DO NOT embed secrets in code
- DO NOT use global state for request data
## Skills Reference
This agent uses the following skills for comprehensive Flutter development:
### Core Skills
| Skill | Purpose |
|-------|---------|
| `flutter-widgets` | Material, Cupertino, custom widgets |
| `flutter-state` | Riverpod, Bloc, Provider patterns |
| `flutter-navigation` | go_router, auto_route |
| `flutter-animation` | Implicit, explicit animations |
| `html-to-flutter` | Convert HTML templates to Flutter widgets |
### HTML Template Conversion
When HTML templates are provided as input:
1. **Analyze HTML structure** - Identify components, layouts, styles using `html` package
2. **Parse CSS styles** - Map to Flutter TextStyle, Decoration, EdgeInsets
3. **Generate widget tree** - Convert HTML elements to Flutter widgets
4. **Apply business logic** - Add state management, event handlers
5. **Implement responsive design** - Convert to LayoutBuilder/MediaQuery patterns
**Example HTML → Flutter conversion:**
```html
<!-- Input HTML -->
<div class="card">
<h3 class="title">Title</h3>
<p class="description">Description</p>
</div>
```
```dart
// Output Flutter
class CardWidget extends StatelessWidget {
const CardWidget({super.key});
@override
Widget build(BuildContext context) {
return Card(
child: Padding(
padding: const EdgeInsets.all(16),
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text('Title', style: Theme.of(context).textTheme.titleLarge),
const SizedBox(height: 8),
Text('Description', style: Theme.of(context).textTheme.bodyMedium),
],
),
),
);
}
}
```
**Recommended packages:**
- `flutter_html: ^3.0.0` - Runtime HTML rendering
- `html: ^0.15.6` - HTML parsing
- `cached_network_image: ^3.3.0` - Image caching from HTML
### Data
| Skill | Purpose |
|-------|---------|
| `flutter-network` | Dio, retrofit, API clients |
| `flutter-storage` | Hive, Drift, secure storage |
| `flutter-serialization` | json_serializable, freezed |
### Platform
| Skill | Purpose |
|-------|---------|
| `flutter-platform` | Platform channels, native code |
| `flutter-camera` | Camera, image picker |
| `flutter-maps` | Google Maps, MapBox |
### Testing
| Skill | Purpose |
|-------|---------|
| `flutter-testing` | Unit, widget, integration tests |
| `flutter-mocking` | mocktail, mockito |
### Rules
| File | Content |
|------|---------|
| `.kilo/rules/flutter.md` | Code style, architecture, best practices |
## Handoff Protocol
After implementation:
1. Run `flutter analyze`
2. Run `flutter test`
3. Check for const opportunities
4. Verify platform-specific code works
5. Test on both iOS and Android (or web)
6. Check performance with DevTools
7. Tag `@CodeSkeptic` for review
## Gitea Commenting (MANDATORY)
**You MUST post a comment to the Gitea issue after completing your work.**
Post a comment with:
1. ✅ Success: What was done, files changed, duration
2. ❌ Error: What failed, why, and blocker
3. ❓ Question: Clarification needed with options
Use the `post_comment` function from `.kilo/skills/gitea-commenting/SKILL.md`.
**NO EXCEPTIONS** - Always comment to Gitea.

8
.kilo/agents/frontend-developer.md
View File

@@ -1,7 +1,7 @@
---
description: Handles UI implementation with multimodal capabilities. Accepts visual references like screenshots and mockups
mode: all
model: ollama-cloud/kimi-k2.5
model: ollama-cloud/qwen3-coder:480b
color: "#0EA5E9"
permission:
read: allow
@@ -12,6 +12,7 @@ permission:
grep: allow
task:
"*": deny
"code-skeptic": allow
---
# Kilo Code: Frontend Developer
@@ -33,6 +34,11 @@ Invoke this mode when:
Handles UI implementation with multimodal capabilities. Accepts visual references.
## Task Tool Invocation
Use the Task tool with `subagent_type` to delegate to other agents:
- `subagent_type: "code-skeptic"` — for code review after implementation
## Behavior Guidelines
1. **Accept visual input** — can analyze screenshots and mockups

6
.kilo/agents/go-developer.md
View File

@@ -12,6 +12,7 @@ permission:
grep: allow
task:
"*": deny
"code-skeptic": allow
---
# Kilo Code: Go Developer
@@ -34,6 +35,11 @@ Invoke this mode when:
Go backend specialist for Gin, Echo, APIs, and concurrent systems.
## Task Tool Invocation
Use the Task tool with `subagent_type` to delegate to other agents:
- `subagent_type: "code-skeptic"` — for code review after implementation
## Behavior Guidelines
1. **Idiomatic Go** — Follow Go conventions and idioms

2
.kilo/agents/history-miner.md
View File

@@ -1,6 +1,6 @@
---
description: Analyzes git history to find duplicates and past solutions, preventing regression and duplicate work
mode: all
mode: subagent
model: ollama-cloud/nemotron-3-super
color: "#059669"
permission:

3
.kilo/agents/orchestrator.md
View File

@@ -32,6 +32,7 @@ permission:
"planner": allow
"reflector": allow
"memory-manager": allow
"devops-engineer": allow
---
# Kilo Code: Orchestrator
@@ -128,6 +129,8 @@ Use the Task tool to delegate to subagents with these subagent_type values:
| Planner | planner | Task decomposition, CoT, ToT planning |
| Reflector | reflector | Self-reflection, lesson extraction |
| MemoryManager | memory-manager | Memory systems, context retrieval |
| DevOpsEngineer | devops-engineer | Docker, Kubernetes, CI/CD |
| BrowserAutomation | browser-automation | Browser automation, E2E testing |
**Note:** `agent-architect` subagent_type is not recognized. Use `system-analyst` with prompt "You are Agent Architect..." as workaround.

4
.kilo/agents/product-owner.md
View File

@@ -1,7 +1,7 @@
---
description: Manages issue checklists, status labels, tracks progress and coordinates with human users
mode: all
model: ollama-cloud/glm-5
mode: subagent
model: openrouter/qwen/qwen3.6-plus:free
color: "#EA580C"
permission:
read: allow

4
.kilo/agents/prompt-optimizer.md
View File

@@ -1,7 +1,7 @@
---
description: Improves agent system prompts based on performance failures. Meta-learner for prompt optimization
mode: all
model: qwen/qwen3.6-plus:free
mode: subagent
model: openrouter/qwen/qwen3.6-plus:free
color: "#BE185D"
permission:
read: allow

2
.kilo/agents/requirement-refiner.md
View File

@@ -1,7 +1,7 @@
---
description: Converts vague ideas and bug reports into strict User Stories with acceptance criteria checklists
mode: all
model: ollama-cloud/kimi-k2-thinking
model: ollama-cloud/glm-5
color: "#4F46E5"
permission:
read: allow

33
.kilo/agents/security-auditor.md
View File

@@ -115,8 +115,41 @@ gitleaks --path .
# Check for exposed env
grep -r "API_KEY\|PASSWORD\|SECRET" --include="*.ts" --include="*.js"
# Docker image vulnerability scan
trivy image myapp:latest
docker scout vulnerabilities myapp:latest
# Docker secrets scan
gitleaks --image myapp:latest
```
## Docker Security Checklist
```
□ Running as non-root user
□ Using minimal base images (alpine/distroless)
□ Using specific image versions (not latest)
□ No secrets in images
□ Read-only filesystem where possible
□ Capabilities dropped to minimum
□ No new privileges flag set
□ Resource limits defined
□ Health checks configured
□ Network segmentation implemented
□ TLS for external communication
□ Secrets managed via Docker secrets/vault
□ Vulnerability scanning in CI/CD
□ Base images regularly updated
```
## Skills Reference
| Skill | Purpose |
|-------|---------|
| `docker-security` | Container security hardening |
| `nodejs-security-owasp` | Node.js OWASP Top 10 |
## Prohibited Actions
- DO NOT approve with critical/high vulnerabilities

4
.kilo/agents/system-analyst.md
View File

@@ -1,7 +1,7 @@
---
description: Designs technical specifications, data schemas, and API contracts before implementation
mode: all
model: qwen/qwen3.6-plus:free
mode: subagent
model: ollama-cloud/glm-5
color: "#0891B2"
permission:
read: allow

4
.kilo/agents/visual-tester.md
View File

@@ -1,7 +1,7 @@
---
description: Visual regression testing agent that compares screenshots and detects UI differences using pixelmatch and image diff
mode: all
model: ollama-cloud/glm-5
mode: subagent
model: ollama-cloud/qwen3-coder:480b
color: "#E91E63"
permission:
read: allow

2
.kilo/agents/workflow-architect.md
View File

@@ -1,7 +1,7 @@
---
description: Creates and maintains workflow definitions with complete architecture, Gitea integration, and quality gates
mode: subagent
model: ollama-cloud/gpt-oss:120b
model: openrouter/qwen/qwen3.6-plus:free
color: "#EC4899"
permission:
read: allow

74
.kilo/capability-index.yaml
View File

@@ -85,6 +85,46 @@ agents:
model: ollama-cloud/qwen3-coder:480b
mode: subagent
flutter-developer:
capabilities:
- dart_programming
- flutter_ui
- mobile_app_development
- widget_creation
- state_management
receives:
- ui_designs
- api_specifications
- mobile_requirements
produces:
- flutter_widgets
- dart_code
- mobile_app
forbidden:
- backend_code
- web_development
model: ollama-cloud/qwen3-coder:480b
mode: subagent
devops-engineer:
capabilities:
- docker_configuration
- kubernetes_setup
- ci_cd_pipeline
- infrastructure_automation
- container_optimization
receives:
- deployment_requirements
- infrastructure_needs
produces:
- docker_compose
- kubernetes_manifests
- ci_cd_config
forbidden:
- application_code
model: ollama-cloud/nemotron-3-super
mode: subagent
# Quality Assurance
sdet-engineer:
capabilities:
@@ -138,7 +178,7 @@ agents:
- vulnerability_list
forbidden:
- fix_vulnerabilities
model: ollama-cloud/gpt-oss:120b
model: ollama-cloud/nemotron-3-super
mode: subagent
performance-engineer:
@@ -155,7 +195,7 @@ agents:
- optimization_suggestions
forbidden:
- write_code
model: ollama-cloud/gpt-oss:120b
model: ollama-cloud/nemotron-3-super
mode: subagent
# Specialized Development
@@ -227,7 +267,7 @@ agents:
- requirements_doc
forbidden:
- design_decisions
model: ollama-cloud/gpt-oss:120b
model: ollama-cloud/glm-5
mode: subagent
history-miner:
@@ -245,7 +285,7 @@ agents:
- related_files
forbidden:
- code_changes
model: ollama-cloud/glm-5
model: ollama-cloud/nemotron-3-super
mode: subagent
capability-analyst:
@@ -262,7 +302,7 @@ agents:
- new_agent_specs
forbidden:
- implementation
model: ollama-cloud/gpt-oss:120b
model: openrouter/qwen/qwen3.6-plus:free
mode: subagent
# Process Management
@@ -318,7 +358,7 @@ agents:
- recommendations
forbidden:
- code_changes
model: ollama-cloud/gpt-oss:120b
model: openrouter/qwen/qwen3.6-plus:free
mode: subagent
prompt-optimizer:
@@ -334,7 +374,7 @@ agents:
- optimization_report
forbidden:
- agent_creation
model: ollama-cloud/gpt-oss:120b
model: openrouter/qwen/qwen3.6-plus:free
mode: subagent
# Fixes
@@ -370,7 +410,7 @@ agents:
- issue closures
forbidden:
- implementation
model: ollama-cloud/glm-5
model: openrouter/qwen/qwen3.6-plus:free
mode: subagent
# Workflow
@@ -386,7 +426,7 @@ agents:
- command_files
forbidden:
- execution
model: ollama-cloud/glm-5
model: openrouter/qwen/qwen3.6-plus:free
mode: subagent
# Validation
@@ -402,7 +442,7 @@ agents:
- corrections
forbidden:
- content_creation
model: ollama-cloud/nemotron-3-nano
model: ollama-cloud/nemotron-3-nano:30b
mode: subagent
agent-architect:
@@ -417,7 +457,7 @@ agents:
- integration_plan
forbidden:
- agent_execution
model: ollama-cloud/gpt-oss:120b
model: openrouter/qwen/qwen3.6-plus:free
mode: subagent
# Cognitive Enhancement (New - Research Based)
@@ -438,7 +478,7 @@ agents:
forbidden:
- implementation
- execution
model: ollama-cloud/gpt-oss:120b
model: ollama-cloud/nemotron-3-super
mode: subagent
reflector:
@@ -478,7 +518,7 @@ agents:
forbidden:
- code_changes
- implementation
model: ollama-cloud/gpt-oss:120b
model: ollama-cloud/nemotron-3-super
mode: subagent
# Capability Routing Map
@@ -507,6 +547,12 @@ agents:
postgresql_integration: backend-developer
sqlite_integration: backend-developer
clickhouse_integration: go-developer
# Mobile development
flutter_development: flutter-developer
# DevOps
docker_configuration: devops-engineer
kubernetes_setup: devops-engineer
ci_cd_pipeline: devops-engineer
# Cognitive Enhancement (New)
task_decomposition: planner
self_reflection: reflector
@@ -601,4 +647,4 @@ workflow_states:
perf_check: [security_check]
security_check: [releasing]
releasing: [evaluated]
evaluated: [completed]
evaluated: [completed]

2
.kilo/commands/blog.md
View File

@@ -1,7 +1,7 @@
---
description: Create full-stack blog/CMS with Node.js, Vue, SQLite, admin panel, comments, and Docker deployment
mode: blog
model: qwen/qwen3-coder:free
model: openrouter/qwen/qwen3-coder:free
color: "#10B981"
permission:
read: allow

2
.kilo/commands/booking.md
View File

@@ -1,7 +1,7 @@
---
description: Create full-stack booking site with Node.js, Vue, SQLite, admin panel, calendar, and Docker deployment
mode: booking
model: qwen/qwen3-coder:free
model: openrouter/qwen/qwen3-coder:free
color: "#8B5CF6"
permission:
read: allow

2
.kilo/commands/commerce.md
View File

@@ -1,7 +1,7 @@
---
description: Create full-stack e-commerce site with Node.js, Vue, SQLite, admin panel, payments, and Docker deployment
mode: commerce
model: qwen/qwen3-coder:free
model: openrouter/qwen/qwen3-coder:free
color: "#F59E0B"
permission:
read: allow

237
.kilo/commands/evolution.md Normal file
View File

@@ -0,0 +1,237 @@
# Agent Evolution Workflow
Tracks and records agent model improvements, capability changes, and performance metrics.
## Usage
```
/evolution [action] [agent]
```
### Actions
| Action | Description |
|--------|-------------|
| `log` | Log an agent improvement to Gitea and evolution data |
| `report` | Generate evolution report for agent or all agents |
| `history` | Show model change history |
| `metrics` | Display performance metrics |
| `recommend` | Get model recommendations |
### Examples
```bash
# Log improvement
/evolution log capability-analyst "Updated to qwen3.6-plus for better IF score"
# Generate report
/evolution report capability-analyst
# Show all changes
/evolution history
# Get recommendations
/evolution recommend
```
## Workflow Steps
### Step 1: Parse Command
```bash
action=$1
agent=$2
message=$3
```
### Step 2: Execute Action
#### Log Action
When logging an improvement:
1. **Read current model**
```bash
# From .kilo/agents/{agent}.md
current_model=$(grep "^model:" .kilo/agents/${agent}.md | cut -d' ' -f2)
# From .kilo/capability-index.yaml
yaml_model=$(grep -A1 "${agent}:" .kilo/capability-index.yaml | grep "model:" | cut -d' ' -f2)
```
2. **Get previous model from history**
```bash
# Read from agent-evolution/data/agent-versions.json
previous_model=$(cat agent-evolution/data/agent-versions.json | ...)
```
3. **Calculate improvement**
- Look up model scores from capability-index.yaml
- Compare IF scores
- Compare context windows
4. **Write to evolution data**
```json
{
"agent": "capability-analyst",
"timestamp": "2026-04-05T22:20:00Z",
"type": "model_change",
"from": "ollama-cloud/nemotron-3-super",
"to": "qwen/qwen3.6-plus:free",
"improvement": {
"quality": "+23%",
"context_window": "130K→1M",
"if_score": "85→90"
},
"rationale": "Better structured output, FREE via OpenRouter"
}
```
5. **Post Gitea comment**
```markdown
## 🚀 Agent Evolution: {agent}
| Metric | Before | After | Change |
|--------|--------|-------|--------|
| Model | {old} | {new} | ⬆️ |
| IF Score | 85 | 90 | +5 |
| Quality | 64 | 79 | +23% |
| Context | 130K | 1M | +670K |
**Rationale**: {message}
```
#### Report Action
Generate comprehensive report:
```markdown
# Agent Evolution Report
## Overview
- Total agents: 28
- Model changes this month: 4
- Average quality improvement: +18%
## Recent Changes
| Date | Agent | Old Model | New Model | Impact |
|------|-------|-----------|-----------|--------|
| 2026-04-05 | capability-analyst | nemotron-3-super | qwen3.6-plus | +23% |
| 2026-04-05 | requirement-refiner | nemotron-3-super | glm-5 | +33% |
| ... | ... | ... | ... | ... |
## Performance Metrics
### Agent Scores Over Time
```
capability-analyst: 64 → 79 (+23%)
requirement-refiner: 60 → 80 (+33%)
agent-architect: 67 → 82 (+22%)
evaluator: 78 → 81 (+4%)
```
### Model Distribution
- qwen3.6-plus: 5 agents
- nemotron-3-super: 8 agents
- glm-5: 3 agents
- minimax-m2.5: 1 agent
- ...
## Recommendations
1. Consider updating history-miner to nemotron-3-super-120b
2. code-skeptic optimal with minimax-m2.5
3. ...
```
### Step 3: Update Files
After logging:
1. Update `agent-evolution/data/agent-versions.json`
2. Post comment to related Gitea issue
3. Update capability-index.yaml metrics
## Data Storage
### agent-versions.json
```json
{
"version": "1.0",
"agents": {
"capability-analyst": {
"current": {
"model": "qwen/qwen3.6-plus:free",
"provider": "openrouter",
"if_score": 90,
"quality_score": 79,
"context_window": "1M"
},
"history": [
{
"date": "2026-04-05T22:20:00Z",
"type": "model_change",
"from": "ollama-cloud/nemotron-3-super",
"to": "qwen/qwen3.6-plus:free",
"rationale": "Better IF score, FREE via OpenRouter"
}
]
}
}
}
```
### Gitea Issue Comments
Each evolution log posts a formatted comment:
```markdown
## 🚀 Agent Evolution Log
### {agent}
- **Model**: {old} → {new}
- **Quality**: {old_score} → {new_score} ({change}%)
- **Context**: {old_ctx} → {new_ctx}
- **Rationale**: {reason}
_This change was tracked by /evolution workflow._
```
## Integration Points
- **After `/pipeline`**: Evaluator scores logged
- **After model update**: Evolution logged
- **Weekly**: Performance report generated
- **On request**: Recommendations provided
## Metrics Tracked
| Metric | Source | Purpose |
|--------|--------|---------|
| IF Score | KILO_SPEC.md | Instruction Following |
| Quality Score | Research | Overall performance |
| Context Window | Model spec | Max tokens |
| Provider | Config | API endpoint |
| Cost | Pricing | Resource planning |
| SWE-bench | Research | Code benchmark |
| RULER | Research | Long-context benchmark |
## Example Session
```bash
$ /evolution log capability-analyst "Updated to qwen3.6-plus for FREE tier and better IF"
✅ Logged evolution for capability-analyst
📊 Quality improvement: +23%
📄 Posted comment to Issue #27
📝 Updated agent-versions.json
```
---
_Evolution workflow v1.0 - Track agent improvements_

2
.kilo/commands/status.md
View File

@@ -1,7 +1,7 @@
---
description: Check pipeline status for an issue
mode: subagent
model: qwen/qwen3.6-plus:free
model: openrouter/qwen/qwen3.6-plus:free
color: "#3B82F6"
---

33
.kilo/kilo.jsonc
View File

@@ -4,7 +4,20 @@
"skills": {
"paths": [".kilo/skills"]
},
"model": "openrouter/qwen/qwen3.6-plus:free",
"default_agent": "orchestrator",
"agent": {
"orchestrator": {
"model": "ollama-cloud/glm-5",
"description": "Main dispatcher. Routes tasks between agents based on Issue status.",
"mode": "all",
"permission": {
"read": "allow",
"write": "allow",
"bash": "allow",
"task": "allow"
}
},
"pipeline-runner": {
"description": "Runs agent pipeline with Gitea logging",
"mode": "subagent",
@@ -14,6 +27,26 @@
"bash": "allow",
"task": "allow"
}
},
"code": {
"model": "ollama-cloud/qwen3-coder:480b",
"description": "Primary code writer. Full tool access for development tasks.",
"mode": "primary"
},
"ask": {
"model": "openrouter/qwen/qwen3.6-plus:free",
"description": "Read-only Q&A agent for codebase questions.",
"mode": "primary"
},
"plan": {
"model": "ollama-cloud/nemotron-3-super",
"description": "Task planner. Creates detailed implementation plans.",
"mode": "primary"
},
"debug": {
"model": "ollama-cloud/gemma4:31b",
"description": "Bug diagnostics and troubleshooting.",
"mode": "primary"
}
}
}

273
.kilo/reports/flutter-cycle-analysis.md Normal file
View File

@@ -0,0 +1,273 @@
# Flutter Development Cycle Analysis
## Research Summary
### Input: ТЗ + HTML Templates → Flutter App
Анализ полноты покрытия цикла разработки мобильных приложений на Flutter.
---
## Current Coverage
### ✅ Covered (Existing)
| Component | Status | Location |
|-----------|--------|----------|
| **Flutter Developer Agent** | ✅ Complete | `.kilo/agents/flutter-developer.md` |
| **Flutter Rules** | ✅ Complete | `.kilo/rules/flutter.md` |
| **State Management Skills** | ✅ Complete | `.kilo/skills/flutter-state/` |
| **Widget Patterns Skills** | ✅ Complete | `.kilo/skills/flutter-widgets/` |
| **Navigation Skills** | ✅ Complete | `.kilo/skills/flutter-navigation/` |
| **Code Review** | ✅ Exists | `code-skeptic` agent |
| **Visual Testing** | ✅ Exists | `visual-tester` agent |
| **Pipeline Integration** | ✅ Complete | `AGENTS.md`, `kilo.jsonc` |
---
## Gap Analysis
### 🔴 Critical Gap: HTML to Flutter Conversion
**Problem**: Для конвертации HTML шаблонов в Flutter виджеты нужен специализированный навык.
**Available Packages** (from research):
1. **flutter_html 3.0.0** - 2.1k likes, 608k downloads
- Renders static HTML/CSS as Flutter widgets
- Supports 100+ HTML tags
- Extensions: audio, iframe, math, svg, table, video
- Custom styling with `Style` class
2. **html_to_flutter 0.2.3** - Discontinued, replaced by **tagflow**
- Converts HTML strings to Flutter widgets
- Supports tables, iframes
- Similar API to flutter_html
3. **html package** - Dart HTML5 parser
- Parse HTML strings/documents
- DOM manipulation
- Used by flutter_html internally
**Recommended**: Use **flutter_html** for runtime rendering + create **html-to-flutter-converter skill** for design-time conversion.
### 🟡 Partial Gap: Testing Setup
| Test Type | Status | Action Needed |
|-----------|--------|---------------|
| Unit Tests | ✅ Covered in flutter-rules | Mocktail examples needed |
| Widget Tests | ✅ Covered in flutter-widgets skill | Integration examples |
| Integration Tests | ⚠️ Partial | Need skill for patrol/appium |
| Golden Tests | ❌ Missing | Need skill for golden_toolkit |
### 🟡 Partial Gap: API Integration
| Component | Status | Action Needed |
|-----------|--------|---------------|
| dio/HTTP | ✅ Covered in agent | retrofit examples needed |
| JSON Serialization | ✅ Covered (freezed) | json_serializable skill |
| GraphQL | ❌ Missing | Need graphql_flutter skill |
| WebSocket | ❌ Missing | Need web_socket_channel skill |
### 🟡 Partial Gap: Storage
| Storage Type | Status | Action Needed |
|--------------|--------|---------------|
| flutter_secure_storage | ✅ Covered in rules | - |
| Hive | ✅ Mentioned in agent | Need skill |
| Drift (SQLite) | ✅ Mentioned in agent | Need skill |
| SharedPreferences | ⚠️ Mentioned as anti-pattern | - |
| Isar | ❌ Missing | Need skill |
---
## Recommended Additions
### 1. HTML-to-Flutter Converter Skill (Priority: HIGH)
```
.kilo/skills/html-to-flutter/SKILL.md
```
**Purpose**: Convert HTML/CSS templates to Flutter widgets
**Content**:
- Parse HTML structure to widget tree
- Map CSS styles to Flutter TextStyle/Container
- Handle responsive layouts (Flex to Row/Column)
- Generate Flutter code from templates
**Tools**:
- `html` package for parsing
- Custom converter for semantic HTML
- Template-based code generation
### 2. Flutter Testing Skill (Priority: MEDIUM)
```
.kilo/skills/flutter-testing/SKILL.md
```
**Content**:
- Unit tests with mocktail
- Widget tests best practices
- Integration tests with patrol
- Golden tests with golden_toolkit
- CI/CD integration
### 3. Flutter Network Skill (Priority: MEDIUM)
```
.kilo/skills/flutter-network/SKILL.md
```
**Content**:
- dio setup with interceptors
- retrofit for type-safe API
- JSON serialization with freezed
- Error handling patterns
- GraphQL integration (graphql_flutter)
### 4. Flutter Storage Skill (Priority: LOW)
```
.kilo/skills/flutter-storage/SKILL.md
```
**Content**:
- Hive for key-value storage
- Drift for SQLite
- Isar for high-performance NoSQL
- Secure storage patterns
---
## Workflow for HTML Template Conversion
### Current Workflow
```
HTML Template + ТЗ
[Manual Analysis] ← Gap: No automation
[flutter-developer] → Writes Flutter code
[visual-tester] → Visual validation
[Frontend-developer] → If UI issues
```
### Recommended Workflow
```
HTML Template + ТЗ
[html-to-flutter skill] → Parses HTML, generates Flutter structure
[flutter-developer] → Refines generated code, applies business logic
[code-skeptic] → Code review
[visual-tester] → Visual validation against HTML mockup
[the-fixer] → If visual differences found
```
---
## Implementation Priority
### Phase 1: HTML Conversion (Critical)
1. **Create html-to-flutter skill**
- HTML parsing with `html` package
- CSS to Flutter style mapping
- Widget tree generation
- Code templates for common patterns
2. **Add to flutter-developer agent**
- Reference html-to-flutter skill
- Add conversion patterns
- Include template examples
### Phase 2: Testing & Quality (Important)
1. **Create flutter-testing skill**
- Unit test patterns
- Widget test patterns
- Integration test setup
- Golden tests
2. **Enhance flutter-developer**
- Testing checklist
- Coverage requirements
- CI integration
### Phase 3: Advanced Features (Enhancement)
1. **Network skill** - API patterns
2. **Storage skill** - Data persistence
3. **GraphQL skill** - Modern API integration
---
## Conclusion
### Ready for Production
The current setup supports **core Flutter development cycle**:
- ✅ Agent definition and rules
- ✅ State management patterns
- ✅ Widget patterns
- ✅ Navigation patterns
- ✅ Pipeline integration
- ✅ Code review flow
### Gap: HTML Template Conversion
The **critical gap** is automated HTML-to-Flutter conversion for the stated workflow:
- Input: ТЗ + HTML templates
- Need: Convert HTML to Flutter widgets
- Solution: Create `html-to-flutter` skill
### Recommendation
**Immediate Action**: Create `.kilo/skills/html-to-flutter/SKILL.md` to enable:
1. HTML parsing and analysis
2. CSS style mapping to Flutter
3. Widget tree generation
4. Template-based code output
This would complete the full cycle: **HTML Template + ТЗ → Flutter App**
---
## Research Sources
1. **flutter_html 3.0.0** - https://pub.dev/packages/flutter_html
- 2.1k likes, 608k downloads
- Flutter Favorite package
- Supports 100+ HTML tags with extensions
2. **go_router 17.2.0** - https://pub.dev/packages/go_router
- 5.6k likes, 2.31M downloads
- Official Flutter package for navigation
- Deep linking, ShellRoute, type-safe routes
3. **flutter_riverpod 3.3.1** - https://pub.dev/packages/flutter_riverpod
- 2.8k likes, 1.61M downloads
- Flutter Favorite for state management
- AsyncValue, code generation support
4. **freezed 3.2.5** - https://pub.dev/packages/freezed
- 4.4k likes, 1.83M downloads
- Code generation for immutable classes
- Pattern matching, union types
5. **html_to_flutter** - Discontinued, replaced by tagflow
- Shows community need for HTML→Flutter conversion
---
*Analysis Date: 2026-04-05*
*Author: Orchestrator Agent*

178
.kilo/rules/agent-frontmatter-validation.md Normal file
View File

@@ -0,0 +1,178 @@
# Agent Frontmatter Validation Rules
Critical rules for modifying agent YAML frontmatter. Violations break Kilo Code.
## Color Format
**ALWAYS use quoted hex colors in YAML frontmatter:**
```yaml
# ✅ Good
color: "#DC2626"
color: "#4F46E5"
color: "#0EA5E9"
# ❌ Bad - breaks YAML parsing
color: #DC2626
color: #4F46E5
color: #0EA5E9
```
### Why
Unquoted `#` starts a YAML comment, making the value empty or invalid.
## Mode Values
**Valid mode values:**
| Value | Description |
|-------|-------------|
| `subagent` | Invoked by other agents (most agents) |
| `all` | Can be both primary and subagent (user-facing agents) |
**Invalid mode values:**
- `primary` (use `all` instead)
- Any other value
## Model Format
**Always use exact model IDs from KILO_SPEC.md:**
```yaml
# ✅ Good
model: ollama-cloud/nemotron-3-super
model: ollama-cloud/gpt-oss:120b
model: openrouter/qwen/qwen3.6-plus:free
# ❌ Bad - model not in KILO_SPEC
model: ollama-cloud/nonexistent-model
model: anthropic/claude-3-opus
```
### Available Models
See `.kilo/KILO_SPEC.md` Model Format section for complete list.
## Description
**Required field, must be non-empty:**
```yaml
# ✅ Good
description: DevOps specialist for Docker, Kubernetes, CI/CD
# ❌ Bad
description:
description: ""
```
## Permission Structure
**Always include all required permission keys:**
```yaml
# ✅ Good
permission:
read: allow
edit: allow
write: allow
bash: allow
glob: allow
grep: allow
task:
"*": deny
"code-skeptic": allow
# ❌ Bad - missing keys
permission:
read: allow
# missing edit, write, bash, glob, grep, task
```
## Validation Checklist
Before committing agent changes:
```
□ color is quoted (e.g., "#DC2626")
□ mode is valid (subagent or all)
□ model exists in KILO_SPEC.md
□ description is non-empty
□ all permission keys present
□ task permissions use deny-by-default
□ No trailing commas in YAML
□ No tabs in YAML (use spaces)
```
## Automated Validation
Run before commit:
```bash
# Check all agents for YAML validity
for f in .kilo/agents/*.md; do
head -20 "$f" | grep -E "^color:" | grep -v '"#' && echo "FAIL: $f color not quoted"
done
```
## Common Mistakes
### 1. Unquoted Color
```yaml
# ❌ Wrong
color: #DC2626
# ✅ Correct
color: "#DC2626"
```
### 2. Invalid Mode
```yaml
# ❌ Wrong
mode: primary
# ✅ Correct
mode: all
```
### 3. Missing Model Provider
```yaml
# ❌ Wrong
model: qwen3-coder:480b
# ✅ Correct
model: ollama-cloud/qwen3-coder:480b
```
### 4. Incomplete Permissions
```yaml
# ❌ Wrong
permission:
read: allow
edit: allow
# missing write, bash, glob, grep, task
# ✅ Correct
permission:
read: allow
edit: allow
write: allow
bash: allow
glob: allow
grep: allow
task:
"*": deny
```
## Prohibited Actions
- DO NOT change color format without testing YAML parsing
- DO NOT use models not listed in KILO_SPEC.md
- DO NOT remove required permission keys
- DO NOT commit agent files with empty descriptions
- DO NOT use tabs in YAML frontmatter

549
.kilo/rules/docker.md Normal file
View File

@@ -0,0 +1,549 @@
# Docker & Containerization Rules
Essential rules for Docker, Docker Compose, Docker Swarm, and container technologies.
## Dockerfile Best Practices
### Layer Optimization
- Minimize layers by combining commands
- Order layers from least to most frequently changing
- Use multi-stage builds to reduce image size
- Clean up package manager caches
```dockerfile
# ✅ Good: Multi-stage build with layer optimization
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
FROM node:20-alpine
WORKDIR /app
COPY --from=builder /app/node_modules ./node_modules
COPY . .
USER node
EXPOSE 3000
CMD ["node", "server.js"]
# ❌ Bad: Single stage, many layers
FROM node:20
RUN npm install -g nodemon
WORKDIR /app
COPY . .
RUN npm install
EXPOSE 3000
CMD ["nodemon", "server.js"]
```
### Security
- Run as non-root user
- Use specific image versions, not `latest`
- Scan images for vulnerabilities
- Don't store secrets in images
```dockerfile
# ✅ Good
FROM node:20-alpine
RUN addgroup -g 1001 appgroup && \
adduser -u 1001 -G appgroup -D appuser
WORKDIR /app
COPY --chown=appuser:appgroup . .
USER appuser
CMD ["node", "server.js"]
# ❌ Bad
FROM node:latest # Unpredictable version
# Running as root (default)
COPY . .
CMD ["node", "server.js"]
```
### Caching Strategy
```dockerfile
# ✅ Good: Dependencies cached separately
COPY package*.json ./
RUN npm ci
COPY . .
# ❌ Bad: All code copied before dependencies
COPY . .
RUN npm install
```
## Docker Compose
### Service Structure
- Use version 3.8+ for modern features
- Define services in logical order
- Use environment variables for configuration
- Set resource limits
```yaml
# ✅ Good
version: '3.8'
services:
app:
image: myapp:latest
build:
context: .
dockerfile: Dockerfile
environment:
- NODE_ENV=production
- DATABASE_URL=postgres://db:5432/app
depends_on:
db:
condition: service_healthy
networks:
- app-network
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
db:
image: postgres:15-alpine
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_DB: app
POSTGRES_USER: ${DB_USER}
POSTGRES_PASSWORD: ${DB_PASSWORD}
networks:
- app-network
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $POSTGRES_USER"]
interval: 10s
timeout: 5s
retries: 5
networks:
app-network:
driver: bridge
volumes:
postgres-data:
```
### Environment Variables
- Use `.env` files for local development
- Never commit `.env` files with secrets
- Use Docker secrets for sensitive data in Swarm
```bash
# .env (gitignored)
NODE_ENV=production
DB_PASSWORD=secure_password_here
JWT_SECRET=your_jwt_secret_here
```
```yaml
# docker-compose.yml
services:
app:
env_file:
- .env
# OR explicit for non-sensitive
environment:
- NODE_ENV=production
# Secrets for sensitive data in Swarm
secrets:
- db_password
```
### Network Patterns
```yaml
# ✅ Good: Separated networks for security
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true # No external access
services:
web:
networks:
- frontend
- backend
api:
networks:
- backend
db:
networks:
- backend
```
### Volume Management
```yaml
# ✅ Good: Named volumes with labels
volumes:
postgres-data:
driver: local
labels:
- "app=myapp"
- "type=database"
services:
db:
volumes:
- postgres-data:/var/lib/postgresql/data
- ./init-scripts:/docker-entrypoint-initdb.d:ro
```
## Docker Swarm
### Service Deployment
```yaml
# docker-compose.yml (Swarm compatible)
version: '3.8'
services:
api:
image: myapp/api:latest
deploy:
mode: replicated
replicas: 3
update_config:
parallelism: 1
delay: 10s
failure_action: rollback
rollback_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == worker
preferences:
- spread: node.id
resources:
limits:
cpus: '0.5'
memory: 512M
reservations:
cpus: '0.25'
memory: 256M
networks:
- app-network
secrets:
- db_password
- jwt_secret
configs:
- app_config
networks:
app-network:
driver: overlay
attachable: true
secrets:
db_password:
external: true
jwt_secret:
external: true
configs:
app_config:
external: true
```
### Stack Deployment
```bash
# Deploy stack
docker stack deploy -c docker-compose.yml mystack
# List services
docker stack services mystack
# Scale service
docker service scale mystack_api=5
# Update service
docker service update --image myapp/api:v2 mystack_api
# Rollback
docker service rollback mystack_api
```
### Health Checks
```yaml
services:
api:
# Health check in Dockerfile
healthcheck:
test: ["CMD", "node", "healthcheck.js"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
# Or in compose
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
```
### Secrets Management
```bash
# Create secret
echo "my_secret_password" | docker secret create db_password -
# Create secret from file
docker secret create jwt_secret ./jwt_secret.txt
# List secrets
docker secret ls
# Use in compose
secrets:
db_password:
external: true
```
### Config Management
```bash
# Create config
docker config create app_config ./config.json
# Use in compose
configs:
app_config:
external: true
services:
api:
configs:
- app_config
```
## Container Security
### Image Security
```bash
# Scan image for vulnerabilities
docker scout vulnerabilities myapp:latest
trivy image myapp:latest
# Check image for secrets
gitleaks --image myapp:latest
```
### Runtime Security
```dockerfile
# ✅ Good: Security measures
FROM node:20-alpine
# Create non-root user
RUN addgroup -g 1001 appgroup && \
adduser -u 1001 -G appgroup -D appuser
# Set read-only filesystem
RUN chmod -R 755 /app && \
chown -R appuser:appgroup /app
WORKDIR /app
COPY --chown=appuser:appgroup . .
# Drop all capabilities
USER appuser
VOLUME ["/tmp"]
CMD ["node", "server.js"]
```
### Network Security
```yaml
# ✅ Good: Limited network access
services:
api:
networks:
- backend
# No ports exposed to host
db:
networks:
- backend
# Internal network only
networks:
backend:
internal: true # No internet access
```
### Resource Limits
```yaml
services:
api:
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
```
## Common Patterns
### Development Setup
```yaml
# docker-compose.dev.yml
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile.dev
volumes:
- .:/app
- /app/node_modules
environment:
- NODE_ENV=development
ports:
- "3000:3000"
command: npm run dev
```
### Production Setup
```yaml
# docker-compose.prod.yml
version: '3.8'
services:
app:
image: myapp:${VERSION}
environment:
- NODE_ENV=production
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 10s
healthcheck:
test: ["CMD", "node", "healthcheck.js"]
interval: 30s
timeout: 10s
retries: 3
```
### Multi-Environment
```bash
# Override files
docker-compose -f docker-compose.yml -f docker-compose.dev.yml up
docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
```
### Logging
```yaml
services:
app:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "app,environment"
```
## CI/CD Integration
### Build Pipeline
```yaml
# .github/workflows/docker.yml
name: Docker Build
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build image
run: docker build -t myapp:${{ github.sha }} .
- name: Scan image
run: trivy image myapp:${{ github.sha }}
- name: Push to registry
run: |
echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USER }} --password-stdin
docker push myapp:${{ github.sha }}
```
## Troubleshooting
### Common Commands
```bash
# View logs
docker-compose logs -f app
# Execute in container
docker-compose exec app sh
# Check health
docker inspect --format='{{.State.Health.Status}}' <container>
# View resource usage
docker stats
# Remove unused resources
docker system prune -a
# Debug network
docker network inspect app-network
# Swarm diagnostics
docker node ls
docker service ps mystack_api
```
## Prohibitions
- DO NOT run containers as root
- DO NOT use `latest` tag in production
- DO NOT expose unnecessary ports
- DO NOT store secrets in images
- DO NOT use privileged mode unnecessarily
- DO NOT mount host directories without restrictions
- DO NOT skip health checks in production
- DO NOT ignore vulnerability scans

283
.kilo/rules/evolutionary-sync.md Normal file
View File

@@ -0,0 +1,283 @@
# Evolutionary Sync Rules
Rules for synchronizing agent evolution data automatically.
## When to Sync
### Automatic Sync Triggers
1. **After each completed issue**
- When agent completes task and posts Gitea comment
- Extract performance metrics from comment
2. **On model change**
- When agent model is updated in kilo.jsonc
- When capability-index.yaml is modified
3. **On agent file change**
- When .kilo/agents/*.md files are modified
- On create/delete of agent files
4. **On prompt update**
- When agent receives prompt optimization
- Track optimization improvements
### Manual Sync Triggers
```bash
# Sync from all sources
bun run sync:evolution
# Sync specific source
bun run agent-evolution/scripts/sync-agent-history.ts --source git
bun run agent-evolution/scripts/sync-agent-history.ts --source gitea
# Open dashboard
bun run evolution:dashboard
bun run evolution:open
```
## Data Flow
```
┌─────────────────────────────────────────────────────────────┐
│ Data Sources │
├─────────────────────────────────────────────────────────────┤
│ .kilo/agents/*.md ──► Parse frontmatter, model │
│ .kilo/kilo.jsonc ──► Model assignments │
│ .kilo/capability-index.yaml ──► Capabilities, routing │
│ Git History ──► Change timeline │
│ Gitea Issue Comments ──► Performance scores │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ agent-evolution/data/ │
│ agent-versions.json │
├─────────────────────────────────────────────────────────────┤
│ { │
│ "agents": { │
│ "lead-developer": { │
│ "current": { model, provider, fit_score, ... }, │
│ "history": [ { model_change, ... } ], │
│ "performance_log": [ { score, issue, ... } ] │
│ } │
│ } │
│ } │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ agent-evolution/index.html │
│ Interactive Dashboard │
├─────────────────────────────────────────────────────────────┤
│ • Overview - Stats, recent changes, recommendations │
│ • All Agents - Filterable cards with history │
│ • Timeline - Full evolution history │
│ • Recommendations - Export, priority-based view │
│ • Model Matrix - Agent × Model mapping │
└─────────────────────────────────────────────────────────────┘
```
## Recording Changes
### From Gitea Comments
Agent comments should follow this format:
```markdown
## ✅ agent-name completed
**Score**: X/10
**Duration**: X.Xh
**Files**: file1.ts, file2.ts
### Notes
- Description of work done
- Key decisions made
- Issues encountered
```
Extraction:
- `agent-name` → agent name
- `Score` → performance score (1-10)
- `Duration` → execution time
- `Files` → files modified
### From Git Commits
Commit message patterns:
- `feat: add flutter-developer agent` → agent_created
- `fix: update security-auditor model to nemotron-3-super` → model_change
- `docs: update lead-developer prompt` → prompt_change
## Gitea Webhook Setup
1. **Create webhook in Gitea**
- Target URL: `http://localhost:3000/api/evolution/webhook`
- Events: `issue_comment`, `issues`
2. **Webhook payload handling**
```typescript
// In agent-evolution/scripts/gitea-webhook.ts
app.post('/api/evolution/webhook', async (req, res) => {
const { action, issue, comment } = req.body;
if (action === 'created' && comment?.body.includes('## ✅')) {
await recordAgentPerformance(issue, comment);
}
res.json({ success: true });
});
```
## Performance Metrics
### Tracked Metrics
For each agent execution:
| Metric | Source | Format |
|--------|--------|--------|
| Score | Gitea comment | X/10 |
| Duration | Agent timing | milliseconds |
| Success | Exit status | boolean |
| Files | Gitea comment | count |
| Issue | Context | number |
### Aggregated Metrics
| Metric | Calculation | Use |
|--------|-------------|-----|
| Average Score | `sum(scores) / count` | Agent effectiveness |
| Success Rate | `successes / total * 100` | Reliability |
| Average Duration | `sum(durations) / count` | Speed |
| Files per Task | `sum(files) / count` | Scope |
## Recommendations Generation
### Priority Levels
| Priority | Criteria | Action |
|----------|----------|--------|
| Critical | Fit score < 70 | Immediate update |
| High | Model unavailable | Switch to fallback |
| Medium | Better model available | Consider upgrade |
| Low | Optimization possible | Optional improvement |
### Example Recommendation
```json
{
"agent": "requirement-refiner",
"recommendations": [{
"target": "ollama-cloud/nemotron-3-super",
"reason": "+22% quality, 1M context for specifications",
"priority": "critical"
}]
}
```
## Evolution Rules
### When Model Change is Recorded
1. **Detect change**
- Compare current.model with previous value
- Extract reason from commit message
2. **Record in history**
```json
{
"date": "2026-04-05T05:21:00Z",
"commit": "caf77f53c8",
"type": "model_change",
"from": "ollama-cloud/gpt-oss:120b",
"to": "ollama-cloud/nemotron-3-super",
"reason": "Better reasoning for security analysis"
}
```
3. **Update current**
- Set current.model to new value
- Update provider if changed
- Recalculate fit score
### When Performance Drops
1. **Detect pattern**
- Last 5 scores average < 7
- Success rate < 80%
2. **Generate recommendation**
- Suggest model upgrade
- Trigger prompt-optimizer
3. **Notify via Gitea comment**
- Post to related issue
- Include improvement suggestions
## Integration in Pipeline
Add to post-pipeline:
```yaml
# .kilo/commands/pipeline.md
post_steps:
- name: sync_evolution
run: bun run sync:evolution
- name: check_recommendations
run: bun run agent-evolution/scripts/check-recommendations.ts
```
## Dashboard Access
```bash
# Start local server
bun run evolution:dashboard
# Open in browser
bun run evolution:open
# or visit http://localhost:3001
```
## API Endpoints (Future)
```typescript
// GET /api/evolution/agents
// Returns all agents with current state
// GET /api/evolution/agents/:name/history
// Returns agent history
// GET /api/evolution/recommendations
// Returns pending recommendations
// POST /api/evolution/agents/:name/apply
// Apply recommendation
// POST /api/evolution/sync
// Trigger manual sync
```
## Best Practices
1. **Sync after every pipeline run**
- Captures model changes
- Records performance
2. **Review dashboard weekly**
- Check pending recommendations
- Apply critical updates
3. **Track before/after metrics**
- When applying changes
- Compare performance
4. **Keep history clean**
- Deduplicate entries
- Merge related changes
5. **Use consistent naming**
- Agent names match file names
- Model IDs match capability-index.yaml

521
.kilo/rules/flutter.md Normal file
View File

@@ -0,0 +1,521 @@
# Flutter Development Rules
Essential rules for Flutter mobile app development.
## Code Style
- Use `final` and `const` wherever possible
- Follow Dart naming conventions
- Use trailing commas for better auto-formatting
- Keep widgets small and focused
- Use meaningful variable names
```dart
// ✅ Good
class UserList extends StatelessWidget {
const UserList({
super.key,
required this.users,
this.onUserTap,
});
final List<User> users;
final VoidCallback(User)? onUserTap;
@override
Widget build(BuildContext context) {
return ListView.builder(
itemCount: users.length,
itemBuilder: (context, index) {
final user = users[index];
return UserTile(
user: user,
onTap: onUserTap,
);
},
);
}
}
// ❌ Bad
class UserList extends StatelessWidget {
UserList(this.users, {this.onUserTap}); // Missing const
final List<User> users;
final Function(User)? onUserTap; // Use VoidCallback instead
@override
Widget build(BuildContext context) {
return ListView(children: users.map((u) => UserTile(u)).toList()); // No const
}
}
```
## Widget Architecture
- Prefer stateless widgets when possible
- Split large widgets into smaller ones
- Use composition over inheritance
- Pass data through constructors
- Keep build methods pure
```dart
// ✅ Good: Split into small widgets
class ProfileScreen extends StatelessWidget {
const ProfileScreen({super.key, required this.user});
final User user;
@override
Widget build(BuildContext context) {
return Scaffold(
appBar: ProfileAppBar(user: user),
body: ProfileBody(user: user),
);
}
}
// ❌ Bad: Everything in one widget
class ProfileScreen extends StatelessWidget {
@override
Widget build(BuildContext context) {
return Scaffold(
appBar: AppBar(title: Text('Profile')),
body: Column(
children: [
// 100+ lines of nested widgets
],
),
);
}
}
```
## State Management
- Use Riverpod, Bloc, or Provider (project choice)
- Keep state close to where it's used
- Separate business logic from UI
- Use immutable state classes
```dart
// ✅ Good: Riverpod state management
final userProvider = StateNotifierProvider<UserNotifier, UserState>((ref) {
return UserNotifier();
});
class UserNotifier extends StateNotifier<UserState> {
UserNotifier() : super(const UserState.initial());
Future<void> loadUser(String id) async {
state = const UserState.loading();
try {
final user = await _userRepository.getUser(id);
state = UserState.loaded(user);
} catch (e) {
state = UserState.error(e.toString());
}
}
}
// ✅ Good: Immutable state with freezed
@freezed
class UserState with _$UserState {
const factory UserState.initial() = _Initial;
const factory UserState.loading() = _Loading;
const factory UserState.loaded(User user) = _Loaded;
const factory UserState.error(String message) = _Error;
}
```
## Error Handling
- Use Result/Either types for async operations
- Never silently catch errors
- Show user-friendly error messages
- Log errors to monitoring service
```dart
// ✅ Good
Future<void> loadData() async {
state = const AsyncValue.loading();
state = await AsyncValue.guard(() async {
final result = await _repository.fetchData();
if (result.isError) {
throw ServerException(result.message);
}
return result.data;
});
}
// ❌ Bad
Future<void> loadData() async {
try {
final data = await _repository.fetchData();
state = data;
} catch (e) {
// Silently swallowing error
}
}
```
## API & Network
- Use dio for HTTP requests
- Implement request interceptors
- Handle connectivity changes
- Cache responses when appropriate
```dart
// ✅ Good
class ApiClient {
final Dio _dio;
ApiClient(this._dio) {
_dio.interceptors.addAll([
AuthInterceptor(),
LoggingInterceptor(),
RetryInterceptor(),
]);
}
Future<Response> get(String path, {Map<String, dynamic>? queryParameters}) async {
try {
return await _dio.get(path, queryParameters: queryParameters);
} on DioException catch (e) {
throw _handleError(e);
}
}
}
class AuthInterceptor extends Interceptor {
@override
void onRequest(RequestOptions options, RequestInterceptorHandler handler) {
options.headers['Authorization'] = 'Bearer ${_getToken()}';
handler.next(options);
}
}
```
## Navigation
- Use go_router for declarative routing
- Define routes as constants
- Pass data through route parameters
- Handle deep links
```dart
// ✅ Good: go_router setup
final router = GoRouter(
routes: [
GoRoute(
path: '/',
builder: (context, state) => const HomeScreen(),
),
GoRoute(
path: '/user/:id',
builder: (context, state) {
final id = state.pathParameters['id']!;
return UserDetailScreen(userId: id);
},
),
GoRoute(
path: '/settings',
builder: (context, state) => const SettingsScreen(),
),
],
errorBuilder: (context, state) => const ErrorScreen(),
);
```
## Testing
- Write unit tests for business logic
- Write widget tests for UI components
- Use mocks for dependencies
- Test edge cases and error states
```dart
// ✅ Good: Unit test
void main() {
group('UserNotifier', () {
late UserNotifier notifier;
late MockUserRepository mockRepository;
setUp(() {
mockRepository = MockUserRepository();
notifier = UserNotifier(mockRepository);
});
test('loads user successfully', () async {
// Arrange
final user = User(id: '1', name: 'Test');
when(mockRepository.getUser('1')).thenAnswer((_) async => user);
// Act
await notifier.loadUser('1');
// Assert
expect(notifier.state, equals(UserState.loaded(user)));
});
test('handles error gracefully', () async {
// Arrange
when(mockRepository.getUser('1')).thenThrow(NetworkException());
// Act
await notifier.loadUser('1');
// Assert
expect(notifier.state, isA<UserError>());
});
});
}
// ✅ Good: Widget test
void main() {
testWidgets('UserTile displays user name', (tester) async {
// Arrange
final user = User(id: '1', name: 'John Doe');
// Act
await tester.pumpWidget(MaterialApp(
home: Scaffold(
body: UserTile(user: user),
),
));
// Assert
expect(find.text('John Doe'), findsOneWidget);
});
}
```
## Performance
- Use const constructors
- Avoid rebuilds with Provider/InheritedWidget
- Use ListView.builder for long lists
- Lazy load images with cached_network_image
- Profile with DevTools
```dart
// ✅ Good
class UserTile extends StatelessWidget {
const UserTile({
super.key,
required this.user,
}); // const constructor
final User user;
@override
Widget build(BuildContext context) {
return ListTile(
leading: CachedNetworkImage(
imageUrl: user.avatarUrl,
placeholder: (context, url) => const CircularProgressIndicator(),
errorWidget: (context, url, error) => const Icon(Icons.error),
),
title: Text(user.name),
);
}
}
```
## Platform-Specific Code
- Use separate files with `.dart` and `.freezed.dart` extensions
- Use conditional imports for platform differences
- Follow Material (Android) and Cupertino (iOS) guidelines
```dart
// ✅ Good: Platform-specific styling
Widget buildButton(BuildContext context) {
return Platform.isIOS
? CupertinoButton.filled(
onPressed: onPressed,
child: Text(label),
)
: ElevatedButton(
onPressed: onPressed,
child: Text(label),
);
}
```
## Project Structure
```
lib/
├── main.dart
├── app.dart
├── core/
│ ├── constants/
│ ├── theme/
│ ├── utils/
│ └── errors/
├── features/
│ ├── auth/
│ │ ├── data/
│ │ │ ├── datasources/
│ │ │ ├── models/
│ │ │ └── repositories/
│ │ ├── domain/
│ │ │ ├── entities/
│ │ │ ├── repositories/
│ │ │ └── usecases/
│ │ └── presentation/
│ │ ├── pages/
│ │ ├── widgets/
│ │ └── providers/
│ └── user/
├── shared/
│ ├── widgets/
│ └── services/
└── injection_container.dart
```
## Security
- Never store sensitive data in plain text
- Use flutter_secure_storage for tokens
- Validate all user inputs
- Use certificate pinning for APIs
- Obfuscate release builds
```dart
// ✅ Good
final storage = FlutterSecureStorage();
Future<void> saveToken(String token) async {
await storage.write(key: 'auth_token', value: token);
}
Future<void> buildRelease() async {
await Process.run('flutter', [
'build',
'apk',
'--release',
'--obfuscate',
'--split-debug-info=$debugInfoPath',
]);
}
// ❌ Bad
Future<void> saveToken(String token) async {
await SharedPreferences.setString('auth_token', token); // Insecure!
}
```
## Localization
- Use intl package for translations
- Generate localization files
- Support RTL languages
- Use message formatting for dynamic content
```dart
// ✅ Good
Widget build(BuildContext context) {
return Text(AppLocalizations.of(context).hello(userName));
}
// Generated in l10n.yaml
arb-dir: lib/l10n
template-arb-file: app_en.arb
output-localization-file: app_localizations.dart
```
## Dependencies
- Keep dependencies up to date
- Use exact versions in pubspec.yaml
- Run `flutter pub outdated` regularly
- Use `flutter analyze` before committing
```yaml
# ✅ Good: Exact versions
dependencies:
flutter:
sdk: flutter
riverpod: 2.4.9
go_router: 13.1.0
dio: 5.4.0
# ❌ Bad: Version ranges
dependencies:
flutter:
sdk: flutter
riverpod: ^2.4.0 # Unpredictable
dio: any # Dangerous
```
## Clean Architecture
- Separate layers: presentation, domain, data
- Use dependency injection
- Keep business logic in use cases
- Entities should be pure Dart classes
```dart
// Domain layer
abstract class UserRepository {
Future<User> getUser(String id);
Future<void> saveUser(User user);
}
class GetUser {
final UserRepository repository;
GetUser(this.repository);
Future<User> call(String id) async {
return repository.getUser(id);
}
}
// Data layer
class UserRepositoryImpl implements UserRepository {
final UserRemoteDataSource remoteDataSource;
final UserLocalDataSource localDataSource;
UserRepositoryImpl({
required this.remoteDataSource,
required this.localDataSource,
});
@override
Future<User> getUser(String id) async {
try {
final remoteUser = await remoteDataSource.getUser(id);
await localDataSource.cacheUser(remoteUser);
return remoteUser;
} catch (e) {
return localDataSource.getUser(id);
}
}
}
```
## Build & Release
- Use flavors for different environments
- Configure build variants
- Sign releases properly
- Upload symbols for crash reporting
```bash
# ✅ Good: Build commands
flutter build apk --flavor production --release
flutter build ios --flavor production --release
flutter build appbundle --flavor production --release
```
## Prohibitions
- DO NOT use `setState` in production code (use state management)
- DO NOT put business logic in widgets
- DO NOT use dynamic types
- DO NOT ignore lint warnings
- DO NOT skip testing for critical paths
- DO NOT use hot reload as a development strategy
- DO NOT embed secrets in code

576
.kilo/skills/docker-compose/SKILL.md Normal file
View File

@@ -0,0 +1,576 @@
# Skill: Docker Compose
## Purpose
Comprehensive skill for Docker Compose configuration, orchestration, and multi-container application deployment.
## Overview
Docker Compose is a tool for defining and running multi-container Docker applications. Use this skill when working with local development environments, CI/CD pipelines, and production deployments.
## When to Use
- Setting up local development environments
- Configuring multi-container applications
- Managing service dependencies
- Implementing health checks and waiting strategies
- Creating development/production configurations
## Skill Files Structure
```
docker-compose/
├── SKILL.md # This file
├── patterns/
│ ├── basic-service.md # Basic service templates
│ ├── networking.md # Network patterns
│ ├── volumes.md # Volume management
│ └── healthchecks.md # Health check patterns
└── examples/
├── nodejs-api.md # Node.js API template
├── postgres.md # PostgreSQL template
└── redis.md # Redis template
```
## Core Patterns
### 1. Basic Service Configuration
```yaml
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile
args:
- NODE_ENV=production
image: myapp:latest
container_name: myapp
restart: unless-stopped
ports:
- "3000:3000"
environment:
- NODE_ENV=production
- DATABASE_URL=postgres://db:5432/app
volumes:
- ./data:/app/data
networks:
- app-network
depends_on:
db:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
```
### 2. Environment Configuration
```yaml
# Use .env file for secrets
services:
app:
env_file:
- .env
- .env.local
environment:
# Non-sensitive defaults
- NODE_ENV=production
- LOG_LEVEL=info
# Override from .env
- DATABASE_URL=${DATABASE_URL}
- JWT_SECRET=${JWT_SECRET}
```
### 3. Network Patterns
```yaml
# Isolated networks for security
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true # No external access
services:
web:
networks:
- frontend
- backend
api:
networks:
- backend
db:
networks:
- backend
```
### 4. Volume Patterns
```yaml
volumes:
# Named volume (managed by Docker)
postgres-data:
driver: local
# Bind mount (host directory)
# ./data:/app/data
services:
db:
volumes:
- postgres-data:/var/lib/postgresql/data
- ./init-scripts:/docker-entrypoint-initdb.d:ro
app:
volumes:
- ./config:/app/config:ro
- app-logs:/app/logs
volumes:
app-logs:
```
### 5. Health Checks & Dependencies
```yaml
services:
db:
image: postgres:15-alpine
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $POSTGRES_USER"]
interval: 10s
timeout: 5s
retries: 5
app:
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
```
### 6. Multi-Environment Configurations
```yaml
# docker-compose.yml (base)
version: '3.8'
services:
app:
image: myapp:latest
environment:
- NODE_ENV=production
# docker-compose.dev.yml (development override)
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile.dev
volumes:
- .:/app
- /app/node_modules
environment:
- NODE_ENV=development
ports:
- "3000:3000"
command: npm run dev
# docker-compose.prod.yml (production override)
version: '3.8'
services:
app:
image: myapp:${VERSION}
deploy:
replicas: 3
resources:
limits:
cpus: '1'
memory: 1G
healthcheck:
test: ["CMD", "node", "healthcheck.js"]
interval: 30s
timeout: 10s
retries: 3
```
## Service Templates
### Node.js API
```yaml
services:
api:
build:
context: .
dockerfile: Dockerfile
environment:
- NODE_ENV=production
- PORT=3000
- DATABASE_URL=postgres://db:5432/app
- REDIS_URL=redis://redis:6379
ports:
- "3000:3000"
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
networks:
- backend
healthcheck:
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"]
interval: 30s
timeout: 10s
retries: 3
```
### PostgreSQL Database
```yaml
services:
db:
image: postgres:15-alpine
environment:
POSTGRES_DB: app
POSTGRES_USER: ${DB_USER:-app}
POSTGRES_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD required}
volumes:
- postgres-data:/var/lib/postgresql/data
- ./init-scripts:/docker-entrypoint-initdb.d:ro
networks:
- backend
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB"]
interval: 10s
timeout: 5s
retries: 5
deploy:
resources:
limits:
memory: 512M
volumes:
postgres-data:
```
### Redis Cache
```yaml
services:
redis:
image: redis:7-alpine
command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
volumes:
- redis-data:/data
networks:
- backend
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
volumes:
redis-data:
```
### Nginx Reverse Proxy
```yaml
services:
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
depends_on:
- api
networks:
- frontend
- backend
healthcheck:
test: ["CMD", "nginx", "-t"]
interval: 30s
timeout: 10s
retries: 3
```
## Common Commands
```bash
# Start services
docker-compose up -d
# Start specific service
docker-compose up -d app
# View logs
docker-compose logs -f app
# Execute command in container
docker-compose exec app sh
docker-compose exec app npm test
# Stop services
docker-compose down
# Stop and remove volumes
docker-compose down -v
# Rebuild images
docker-compose build --no-cache app
# Scale service
docker-compose up -d --scale api=3
# Multi-environment
docker-compose -f docker-compose.yml -f docker-compose.dev.yml up
docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
```
## Best Practices
### Security
1. **Never store secrets in images**
```yaml
# Bad
environment:
- DB_PASSWORD=password123
# Good
secrets:
- db_password
secrets:
db_password:
file: ./secrets/db_password.txt
```
2. **Use non-root user**
```yaml
services:
app:
user: "1000:1000"
```
3. **Limit resources**
```yaml
services:
app:
deploy:
resources:
limits:
cpus: '1'
memory: 1G
```
4. **Use internal networks for databases**
```yaml
networks:
backend:
internal: true
```
### Performance
1. **Enable health checks**
```yaml
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
```
2. **Use .dockerignore**
```
node_modules
.git
.env
*.log
coverage
.nyc_output
```
3. **Optimize build cache**
```yaml
build:
context: .
dockerfile: Dockerfile
args:
- NODE_ENV=production
```
### Development
1. **Use volumes for hot reload**
```yaml
services:
app:
volumes:
- .:/app
- /app/node_modules # Anonymous volume for node_modules
```
2. **Keep containers running**
```yaml
services:
app:
stdin_open: true # -i
tty: true # -t
```
### Production
1. **Use specific image versions**
```yaml
# Bad
image: node:latest
# Good
image: node:20-alpine
```
2. **Configure logging**
```yaml
services:
app:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
```
3. **Restart policies**
```yaml
services:
app:
restart: unless-stopped
```
## Troubleshooting
### Common Issues
1. **Container won't start**
```bash
# Check logs
docker-compose logs app
# Check container status
docker-compose ps
# Inspect container
docker inspect myapp_app_1
```
2. **Network connectivity issues**
```bash
# List networks
docker network ls
# Inspect network
docker network inspect myapp_default
# Test connectivity
docker-compose exec app ping db
```
3. **Volume permission issues**
```bash
# Check volume
docker volume inspect myapp_postgres-data
# Fix permissions (if needed)
docker-compose exec app chown -R node:node /app/data
```
4. **Health check failing**
```bash
# Run health check manually
docker-compose exec app curl -f http://localhost:3000/health
# Check health status
docker inspect --format='{{.State.Health.Status}}' myapp_app_1
```
5. **Out of disk space**
```bash
# Clean up
docker system prune -a --volumes
# Check disk usage
docker system df
```
## Integration with CI/CD
### GitHub Actions
```yaml
# .github/workflows/test.yml
name: Test
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build and test
run: |
docker-compose -f docker-compose.yml -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from app
- name: Cleanup
if: always()
run: docker-compose down -v
```
### GitLab CI
```yaml
# .gitlab-ci.yml
stages:
- test
- build
test:
stage: test
script:
- docker-compose -f docker-compose.yml -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from app
after_script:
- docker-compose down -v
build:
stage: build
script:
- docker build -t myapp:$CI_COMMIT_SHA .
- docker push myapp:$CI_COMMIT_SHA
```
## Related Skills
| Skill | Purpose |
|-------|---------|
| `docker-swarm` | Orchestration with Docker Swarm |
| `docker-security` | Container security patterns |
| `docker-networking` | Advanced networking techniques |
| `docker-monitoring` | Container monitoring and logging |

447
.kilo/skills/docker-compose/patterns/basic-service.md Normal file
View File

@@ -0,0 +1,447 @@
# Docker Compose Patterns
## Pattern: Multi-Service Application
Complete pattern for a typical web application with API, database, cache, and reverse proxy.
```yaml
version: '3.8'
services:
# Reverse Proxy
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
depends_on:
- api
networks:
- frontend
deploy:
resources:
limits:
cpus: '0.5'
memory: 256M
healthcheck:
test: ["CMD", "nginx", "-t"]
interval: 30s
timeout: 10s
retries: 3
# API Service
api:
build:
context: ./api
dockerfile: Dockerfile
environment:
- NODE_ENV=production
- DATABASE_URL=postgres://db:5432/app
- REDIS_URL=redis://cache:6379
depends_on:
db:
condition: service_healthy
cache:
condition: service_started
networks:
- frontend
- backend
deploy:
replicas: 3
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
# Database
db:
image: postgres:15-alpine
environment:
POSTGRES_DB: app
POSTGRES_USER: ${DB_USER:-app}
POSTGRES_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD required}
volumes:
- postgres-data:/var/lib/postgresql/data
- ./init-scripts:/docker-entrypoint-initdb.d:ro
networks:
- backend
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB"]
interval: 10s
timeout: 5s
retries: 5
deploy:
resources:
limits:
cpus: '2'
memory: 2G
# Cache
cache:
image: redis:7-alpine
command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
volumes:
- redis-data:/data
networks:
- backend
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true # No external access
volumes:
postgres-data:
driver: local
redis-data:
driver: local
```
## Pattern: Development Override
Development-specific configuration with hot reload and debugging.
```yaml
# docker-compose.dev.yml
version: '3.8'
services:
api:
build:
context: ./api
dockerfile: Dockerfile.dev
volumes:
- ./api/src:/app/src:ro
- ./api/tests:/app/tests:ro
- /app/node_modules
environment:
- NODE_ENV=development
- DEBUG=app:*
ports:
- "3000:3000"
- "9229:9229" # Node.js debugger
command: npm run dev
db:
ports:
- "5432:5432" # Expose for local tools
cache:
ports:
- "6379:6379" # Expose for local tools
```
```bash
# Usage
docker-compose -f docker-compose.yml -f docker-compose.dev.yml up
```
## Pattern: Production Override
Production-optimized configuration with security and performance settings.
```yaml
# docker-compose.prod.yml
version: '3.8'
services:
api:
image: myapp/api:${VERSION}
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 10s
failure_action: rollback
rollback_config:
parallelism: 1
delay: 10s
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
environment:
- NODE_ENV=production
secrets:
- db_password
- jwt_secret
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
secrets:
db_password:
external: true
jwt_secret:
external: true
```
```bash
# Usage
docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
```
## Pattern: Health Check Dependency
Waiting for dependent services to be healthy before starting.
```yaml
services:
app:
depends_on:
db:
condition: service_healthy
cache:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
db:
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $POSTGRES_USER"]
interval: 10s
timeout: 5s
retries: 5
cache:
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
```
## Pattern: Secrets Management
Using Docker secrets for sensitive data (Swarm mode).
```yaml
services:
app:
secrets:
- db_password
- api_key
- jwt_secret
environment:
- DB_PASSWORD_FILE=/run/secrets/db_password
- API_KEY_FILE=/run/secrets/api_key
- JWT_SECRET_FILE=/run/secrets/jwt_secret
secrets:
db_password:
file: ./secrets/db_password.txt
api_key:
file: ./secrets/api_key.txt
jwt_secret:
external: true # Created via: echo "secret" | docker secret create jwt_secret -
```
## Pattern: Resource Limits
Setting resource constraints for containers.
```yaml
services:
api:
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
# Alternative for non-Swarm
mem_limit: 1G
memswap_limit: 1G
cpus: 1
```
## Pattern: Network Isolation
Segmenting networks for security.
```yaml
services:
web:
networks:
- frontend
- backend
api:
networks:
- backend
- database
db:
networks:
- database
networks:
frontend:
driver: bridge
backend:
driver: bridge
database:
driver: bridge
internal: true # No internet access
```
## Pattern: Volume Management
Different volume types for different use cases.
```yaml
services:
app:
volumes:
# Named volume (managed by Docker)
- app-data:/app/data
# Bind mount (host directory)
- ./config:/app/config:ro
# Anonymous volume (for node_modules)
- /app/node_modules
# tmpfs (temporary in-memory)
- type: tmpfs
target: /tmp
tmpfs:
size: 100M
volumes:
app-data:
driver: local
labels:
- "app=myapp"
- "type=persistent"
```
## Pattern: Logging Configuration
Configuring logging drivers and options.
```yaml
services:
app:
logging:
driver: "json-file" # Default
options:
max-size: "10m"
max-file: "3"
labels: "app,environment"
tag: "{{.ImageName}}/{{.Name}}"
# Syslog logging
app-syslog:
logging:
driver: "syslog"
options:
syslog-address: "tcp://logserver:514"
syslog-facility: "daemon"
tag: "myapp"
# Fluentd logging
app-fluentd:
logging:
driver: "fluentd"
options:
fluentd-address: "localhost:24224"
tag: "myapp.api"
```
## Pattern: Multi-Environment
Managing multiple environments with overrides.
```bash
# Directory structure
# docker-compose.yml # Base configuration
# docker-compose.dev.yml # Development overrides
# docker-compose.staging.yml # Staging overrides
# docker-compose.prod.yml # Production overrides
# .env # Environment variables
# .env.dev # Development variables
# .env.staging # Staging variables
# .env.prod # Production variables
# Development
docker-compose --env-file .env.dev \
-f docker-compose.yml -f docker-compose.dev.yml up
# Staging
docker-compose --env-file .env.staging \
-f docker-compose.yml -f docker-compose.staging.yml up -d
# Production
docker-compose --env-file .env.prod \
-f docker-compose.yml -f docker-compose.prod.yml up -d
```
## Pattern: CI/CD Testing
Running tests in isolated containers.
```yaml
# docker-compose.test.yml
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile
environment:
- NODE_ENV=test
- DATABASE_URL=postgres://test:test@db:5432/test
depends_on:
- db
command: npm test
networks:
- test-network
db:
image: postgres:15-alpine
environment:
POSTGRES_DB: test
POSTGRES_USER: test
POSTGRES_PASSWORD: test
networks:
- test-network
networks:
test-network:
driver: bridge
```
```bash
# CI pipeline
docker-compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from app
docker-compose -f docker-compose.test.yml down -v
```

756
.kilo/skills/docker-monitoring/SKILL.md Normal file
View File

@@ -0,0 +1,756 @@
# Skill: Docker Monitoring & Logging
## Purpose
Comprehensive skill for Docker container monitoring, logging, metrics collection, and observability.
## Overview
Container monitoring is essential for understanding application health, performance, and troubleshooting issues in production. Use this skill for setting up monitoring stacks, configuring logging, and implementing observability.
## When to Use
- Setting up container monitoring
- Configuring centralized logging
- Implementing health checks
- Performance optimization
- Troubleshooting container issues
- Alerting configuration
## Monitoring Stack
```
┌─────────────────────────────────────────────────────────────┐
│ Container Monitoring Stack │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Grafana │ │ Prometheus │ │ Alertmgr │ │
│ │ Dashboard │ │ Metrics │ │ Alerts │ │
│ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │
│ │ │ │ │
│ ┌──────┴────────────────┴────────────────┴──────┐ │
│ │ Container Observability │ │
│ └──────┬────────────────┬───────────────────────┘ │
│ │ │ │
│ ┌──────┴──────┐ ┌──────┴──────┐ ┌─────────────┐ │
│ │ cAdvisor │ │ node-exporter│ │ Loki/EFK │ │
│ │ Container │ │ Node Metrics│ │ Logging │ │
│ │ Metrics │ │ │ │ │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────┘
```
## Health Checks
### 1. Dockerfile Health Check
```dockerfile
FROM node:20-alpine
WORKDIR /app
COPY . .
RUN npm ci --only=production
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
# Or for Alpine (no wget)
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
# Or use Node.js for health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD node -e "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"
```
### 2. Docker Compose Health Check
```yaml
services:
api:
image: myapp:latest
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
db:
image: postgres:15-alpine
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $POSTGRES_USER"]
interval: 10s
timeout: 5s
retries: 5
```
### 3. Docker Swarm Health Check
```yaml
services:
api:
image: myapp:latest
deploy:
update_config:
failure_action: rollback
monitor: 30s
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
```
### 4. Application Health Endpoint
```javascript
// Node.js health check endpoint
const express = require('express');
const app = express();
// Dependencies status
async function checkHealth() {
const checks = {
database: await checkDatabase(),
redis: await checkRedis(),
disk: checkDiskSpace(),
memory: checkMemory()
};
const healthy = Object.values(checks).every(c => c === 'healthy');
return {
status: healthy ? 'healthy' : 'unhealthy',
timestamp: new Date().toISOString(),
checks
};
}
app.get('/health', async (req, res) => {
const health = await checkHealth();
const status = health.status === 'healthy' ? 200 : 503;
res.status(status).json(health);
});
app.get('/health/live', (req, res) => {
// Liveness probe - is the app running?
res.status(200).json({ status: 'alive' });
});
app.get('/health/ready', async (req, res) => {
// Readiness probe - is the app ready to serve?
const ready = await isReady();
res.status(ready ? 200 : 503).json({ ready });
});
```
## Logging
### 1. Docker Logging Drivers
```yaml
# JSON file driver (default)
services:
api:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "app,environment"
# Syslog driver
services:
api:
logging:
driver: "syslog"
options:
syslog-address: "tcp://logserver:514"
syslog-facility: "daemon"
tag: "myapp"
# Journald driver
services:
api:
logging:
driver: "journald"
options:
labels: "app,environment"
# Fluentd driver
services:
api:
logging:
driver: "fluentd"
options:
fluentd-address: "localhost:24224"
tag: "myapp.api"
```
### 2. Structured Logging
```javascript
// Pino for structured logging
const pino = require('pino');
const logger = pino({
level: process.env.LOG_LEVEL || 'info',
formatters: {
level: (label) => ({ level: label })
},
timestamp: pino.stdTimeFunctions.isoTime
});
// Log with context
logger.info({
userId: '123',
action: 'login',
ip: '192.168.1.1'
}, 'User logged in');
// Output:
// {"level":"info","time":"2024-01-01T12:00:00.000Z","userId":"123","action":"login","ip":"192.168.1.1","msg":"User logged in"}
```
### 3. EFK Stack (Elasticsearch, Fluentd, Kibana)
```yaml
# docker-compose.yml
version: '3.8'
services:
elasticsearch:
image: elasticsearch:8.10.0
environment:
- discovery.type=single-node
- xpack.security.enabled=false
volumes:
- elasticsearch-data:/usr/share/elasticsearch/data
networks:
- logging
fluentd:
image: fluent/fluentd:v1.16
volumes:
- ./fluentd/conf:/fluentd/etc
ports:
- "24224:24224"
networks:
- logging
kibana:
image: kibana:8.10.0
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
ports:
- "5601:5601"
networks:
- logging
app:
image: myapp:latest
logging:
driver: "fluentd"
options:
fluentd-address: "localhost:24224"
tag: "myapp.api"
networks:
- logging
volumes:
elasticsearch-data:
networks:
logging:
```
### 4. Loki Stack (Promtail, Loki, Grafana)
```yaml
# docker-compose.yml
version: '3.8'
services:
loki:
image: grafana/loki:latest
ports:
- "3100:3100"
volumes:
- ./loki-config.yml:/etc/loki/local-config.yaml
command: -config.file=/etc/loki/local-config.yaml
networks:
- monitoring
promtail:
image: grafana/promtail:latest
volumes:
- /var/log:/var/log
- ./promtail-config.yml:/etc/promtail/config.yml
command: -config.file=/etc/promtail/config.yml
networks:
- monitoring
grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
environment:
- GF_SECURITY_ADMIN_PASSWORD=admin
volumes:
- grafana-data:/var/lib/grafana
networks:
- monitoring
app:
image: myapp:latest
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
networks:
- monitoring
volumes:
grafana-data:
networks:
monitoring:
```
## Metrics Collection
### 1. Prometheus + cAdvisor
```yaml
# docker-compose.yml
version: '3.8'
services:
prometheus:
image: prom/prometheus:latest
ports:
- "9090:9090"
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- prometheus-data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.retention.time=30d'
networks:
- monitoring
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
ports:
- "8080:8080"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
networks:
- monitoring
node_exporter:
image: prom/node-exporter:latest
ports:
- "9100:9100"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
command:
- '--path.procfs=/host/proc'
- '--path.rootfs=/rootfs'
- '--path.sysfs=/host/sys'
networks:
- monitoring
grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
environment:
- GF_SECURITY_ADMIN_PASSWORD=admin
volumes:
- grafana-data:/var/lib/grafana
networks:
- monitoring
volumes:
prometheus-data:
grafana-data:
networks:
monitoring:
```
### 2. Prometheus Configuration
```yaml
# prometheus.yml
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
# Prometheus itself
- job_name: 'prometheus'
static_configs:
- targets: ['prometheus:9090']
# cAdvisor (container metrics)
- job_name: 'cadvisor'
static_configs:
- targets: ['cadvisor:8080']
# Node exporter (host metrics)
- job_name: 'node'
static_configs:
- targets: ['node_exporter:9100']
# Application metrics
- job_name: 'app'
static_configs:
- targets: ['app:3000']
metrics_path: '/metrics'
```
### 3. Application Metrics (Prometheus Client)
```javascript
// Node.js with prom-client
const promClient = require('prom-client');
// Enable default metrics
promClient.collectDefaultMetrics();
// Custom metrics
const httpRequestDuration = new promClient.Histogram({
name: 'http_request_duration_seconds',
help: 'Duration of HTTP requests in seconds',
labelNames: ['method', 'route', 'status_code'],
buckets: [0.1, 0.3, 0.5, 0.7, 1, 3, 5, 7, 10]
});
const activeConnections = new promClient.Gauge({
name: 'active_connections',
help: 'Number of active connections'
});
const dbQueryDuration = new promClient.Histogram({
name: 'db_query_duration_seconds',
help: 'Duration of database queries in seconds',
labelNames: ['query_type', 'table'],
buckets: [0.01, 0.05, 0.1, 0.5, 1, 2]
});
// Middleware for HTTP metrics
app.use((req, res, next) => {
const end = httpRequestDuration.startTimer();
res.on('finish', () => {
end({ method: req.method, route: req.route?.path || req.path, status_code: res.statusCode });
});
next();
});
// Metrics endpoint
app.get('/metrics', async (req, res) => {
res.set('Content-Type', promClient.register.contentType);
res.send(await promClient.register.metrics());
});
```
### 4. Grafana Dashboards
```json
// Dashboard JSON for container metrics
{
"dashboard": {
"title": "Docker Container Metrics",
"panels": [
{
"title": "Container CPU Usage",
"targets": [
{
"expr": "rate(container_cpu_usage_seconds_total{name=~\".+\"}[5m]) * 100",
"legendFormat": "{{name}}"
}
]
},
{
"title": "Container Memory Usage",
"targets": [
{
"expr": "container_memory_usage_bytes{name=~\".+\"} / 1024 / 1024",
"legendFormat": "{{name}} MB"
}
]
},
{
"title": "Container Network I/O",
"targets": [
{
"expr": "rate(container_network_receive_bytes_total{name=~\".+\"}[5m])",
"legendFormat": "{{name}} RX"
},
{
"expr": "rate(container_network_transmit_bytes_total{name=~\".+\"}[5m])",
"legendFormat": "{{name}} TX"
}
]
}
]
}
}
```
## Alerting
### 1. Alertmanager Configuration
```yaml
# alertmanager.yml
global:
smtp_smarthost: 'smtp.example.com:587'
smtp_from: 'alerts@example.com'
smtp_auth_username: 'alerts@example.com'
smtp_auth_password: 'password'
route:
group_by: ['alertname', 'severity']
group_wait: 30s
group_interval: 5m
repeat_interval: 1h
receiver: 'team-email'
routes:
- match:
severity: critical
receiver: 'team-email-critical'
- match:
severity: warning
receiver: 'team-email-warning'
receivers:
- name: 'team-email-critical'
email_configs:
- to: 'critical@example.com'
send_resolved: true
- name: 'team-email-warning'
email_configs:
- to: 'warnings@example.com'
send_resolved: true
```
### 2. Prometheus Alert Rules
```yaml
# alerts.yml
groups:
- name: container_alerts
rules:
# Container down
- alert: ContainerDown
expr: absent(container_last_seen{name=~".+"})
for: 5m
labels:
severity: critical
annotations:
summary: "Container {{ $labels.name }} is down"
description: "Container {{ $labels.name }} has been down for more than 5 minutes."
# High CPU
- alert: HighCpuUsage
expr: rate(container_cpu_usage_seconds_total{name=~".+"}[5m]) * 100 > 80
for: 5m
labels:
severity: warning
annotations:
summary: "High CPU usage on {{ $labels.name }}"
description: "Container {{ $labels.name }} CPU usage is {{ $value }}%."
# High Memory
- alert: HighMemoryUsage
expr: (container_memory_usage_bytes{name=~".+"} / container_spec_memory_limit_bytes{name=~".+"}) * 100 > 80
for: 5m
labels:
severity: warning
annotations:
summary: "High memory usage on {{ $labels.name }}"
description: "Container {{ $labels.name }} memory usage is {{ $value }}%."
# Container restart
- alert: ContainerRestart
expr: increase(container_restart_count{name=~".+"}[1h]) > 0
labels:
severity: warning
annotations:
summary: "Container {{ $labels.name }} restarted"
description: "Container {{ $labels.name }} has restarted {{ $value }} times in the last hour."
# No health check
- alert: NoHealthCheck
expr: container_health_status{name=~".+"} == 0
for: 5m
labels:
severity: critical
annotations:
summary: "Health check failing for {{ $labels.name }}"
description: "Container {{ $labels.name }} health check has been failing for 5 minutes."
```
## Observability Best Practices
### 1. Three Pillars
| Pillar | Tool | Purpose |
|--------|------|---------|
| Metrics | Prometheus | Quantitative measurements |
| Logs | Loki/EFK | Event records |
| Traces | Jaeger/Zipkin | Request flow |
### 2. Metrics Categories
```yaml
# Four Golden Signals (Google SRE)
# 1. Latency
- http_request_duration_seconds
- db_query_duration_seconds
# 2. Traffic
- http_requests_per_second
- active_connections
# 3. Errors
- http_requests_failed_total
- error_rate
# 4. Saturation
- container_memory_usage_bytes
- container_cpu_usage_seconds_total
```
### 3. Service Level Objectives (SLOs)
```yaml
# Prometheus recording rules for SLO
groups:
- name: slo_rules
rules:
- record: slo:availability:ratio_5m
expr: |
sum(rate(http_requests_total{status!~"5.."}[5m])) /
sum(rate(http_requests_total[5m]))
- record: slo:latency:p99_5m
expr: |
histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m]))
- record: slo:error_rate:ratio_5m
expr: |
sum(rate(http_requests_total{status=~"5.."}[5m])) /
sum(rate(http_requests_total[5m]))
```
## Troubleshooting Commands
```bash
# View container logs
docker logs <container_id>
docker logs -f --tail 100 <container_id>
# View resource usage
docker stats
docker stats --no-stream
# Inspect container
docker inspect <container_id>
# Check health status
docker inspect --format='{{.State.Health.Status}}' <container_id>
# View processes
docker top <container_id>
# Execute commands
docker exec -it <container_id> sh
docker exec <container_id> df -h
# View network
docker network inspect <network_name>
# View disk usage
docker system df
docker system df -v
# Prune unused resources
docker system prune -a --volumes
# Swarm service logs
docker service logs <service_name>
docker service ps <service_name>
# Swarm node status
docker node ls
docker node inspect <node_id>
```
## Performance Tuning
### 1. Container Resource Limits
```yaml
services:
api:
deploy:
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
```
### 2. Logging Performance
```yaml
services:
api:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
# Reduce logging overhead
labels: "level,requestId"
```
### 3. Prometheus Optimization
```yaml
# prometheus.yml
global:
scrape_interval: 15s # Balance between granularity and load
evaluation_interval: 15s
# Retention
command:
- '--storage.tsdb.retention.time=30d'
- '--storage.tsdb.retention.size=10GB'
```
## Related Skills
| Skill | Purpose |
|-------|---------|
| `docker-compose` | Local development setup |
| `docker-swarm` | Production orchestration |
| `docker-security` | Container security |
| `kubernetes` | Advanced orchestration |

685
.kilo/skills/docker-security/SKILL.md Normal file
View File

@@ -0,0 +1,685 @@
# Skill: Docker Security
## Purpose
Comprehensive skill for Docker container security, vulnerability scanning, secrets management, and hardening best practices.
## Overview
Container security is essential for production deployments. Use this skill when scanning for vulnerabilities, configuring security settings, managing secrets, and implementing security best practices.
## When to Use
- Security hardening containers
- Scanning images for vulnerabilities
- Managing secrets and credentials
- Configuring container isolation
- Implementing least privilege
- Security audits
## Security Layers
```
┌─────────────────────────────────────────────────────────────┐
│ Container Security Layers │
├─────────────────────────────────────────────────────────────┤
│ 1. Host Security │
│ - Kernel hardening │
│ - SELinux/AppArmor │
│ - cgroups namespace │
├─────────────────────────────────────────────────────────────┤
│ 2. Container Runtime Security │
│ - User namespace │
│ - Seccomp profiles │
│ - Capability dropping │
├─────────────────────────────────────────────────────────────┤
│ 3. Image Security │
│ - Minimal base images │
│ - Vulnerability scanning │
│ - No secrets in images │
├─────────────────────────────────────────────────────────────┤
│ 4. Network Security │
│ - Network policies │
│ - TLS encryption │
│ - Ingress controls │
├─────────────────────────────────────────────────────────────┤
│ 5. Application Security │
│ - Input validation │
│ - Authentication │
│ - Authorization │
└─────────────────────────────────────────────────────────────┘
```
## Image Security
### 1. Base Image Selection
```dockerfile
# ✅ Good: Minimal, specific version
FROM node:20-alpine
# ✅ Better: Distroless (minimal attack surface)
FROM gcr.io/distroless/nodejs20-debian12
# ❌ Bad: Large base, latest tag
FROM node:latest
```
### 2. Multi-stage Builds
```dockerfile
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# Runtime stage
FROM node:20-alpine
RUN addgroup -g 1001 appgroup && \
adduser -u 1001 -G appgroup -D appuser
WORKDIR /app
COPY --from=builder --chown=appuser:appgroup /app/dist ./dist
COPY --from=builder --chown=appuser:appgroup /app/node_modules ./node_modules
USER appuser
CMD ["node", "dist/index.js"]
```
### 3. Vulnerability Scanning
```bash
# Scan with Trivy
trivy image myapp:latest
# Scan with Docker Scout
docker scout vulnerabilities myapp:latest
# Scan with Grype
grype myapp:latest
# CI/CD integration
trivy image --exit-code 1 --severity HIGH,CRITICAL myapp:latest
```
### 4. No Secrets in Images
```dockerfile
# ❌ Never do this
ENV DATABASE_PASSWORD=password123
COPY .env ./
# ✅ Use runtime secrets
# Secrets are mounted at runtime
RUN --mount=type=secret,id=db_password \
export DB_PASSWORD=$(cat /run/secrets/db_password)
```
## Container Runtime Security
### 1. Non-root User
```dockerfile
# Create non-root user
FROM alpine:3.18
RUN addgroup -g 1001 appgroup && \
adduser -u 1001 -G appgroup -D appuser
WORKDIR /app
COPY --chown=appuser:appgroup . .
USER appuser
CMD ["./app"]
```
### 2. Read-only Filesystem
```yaml
# docker-compose.yml
services:
app:
image: myapp:latest
read_only: true
tmpfs:
- /tmp
- /var/cache
```
### 3. Capability Dropping
```yaml
# Drop all capabilities
services:
app:
image: myapp:latest
cap_drop:
- ALL
cap_add:
- CHOWN # Only needed capabilities
- SETGID
- SETUID
```
### 4. Security Options
```yaml
services:
app:
image: myapp:latest
security_opt:
- no-new-privileges:true # Prevent privilege escalation
- seccomp:default.json # Seccomp profile
- apparmor:docker-default # AppArmor profile
```
### 5. Resource Limits
```yaml
services:
app:
image: myapp:latest
deploy:
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
pids_limit: 100 # Limit process count
```
## Secrets Management
### 1. Docker Secrets (Swarm)
```bash
# Create secret
echo "my_password" | docker secret create db_password -
# Create from file
docker secret create jwt_secret ./secrets/jwt.txt
```
```yaml
# docker-compose.yml (Swarm)
services:
api:
image: myapp:latest
secrets:
- db_password
- jwt_secret
environment:
- DB_PASSWORD_FILE=/run/secrets/db_password
secrets:
db_password:
external: true
jwt_secret:
external: true
```
### 2. Docker Compose Secrets (Non-Swarm)
```yaml
# docker-compose.yml
services:
api:
image: myapp:latest
secrets:
- db_password
environment:
- DB_PASSWORD_FILE=/run/secrets/db_password
secrets:
db_password:
file: ./secrets/db_password.txt
```
### 3. Environment Variables (Development)
```yaml
# docker-compose.yml (development only)
services:
api:
image: myapp:latest
env_file:
- .env # Add .env to .gitignore!
```
```bash
# .env (NEVER COMMIT)
DATABASE_URL=postgres://...
JWT_SECRET=secret123
API_KEY=key123
```
### 4. Reading Secrets in Application
```javascript
// Node.js
const fs = require('fs');
function getSecret(secretName, envName) {
// Try file-based secret first (Docker secrets)
const secretPath = `/run/secrets/${secretName}`;
if (fs.existsSync(secretPath)) {
return fs.readFileSync(secretPath, 'utf8').trim();
}
// Fallback to environment variable (development)
return process.env[envName];
}
const dbPassword = getSecret('db_password', 'DB_PASSWORD');
```
## Network Security
### 1. Network Segmentation
```yaml
# Separate networks for different access levels
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true # No external access
database:
driver: bridge
internal: true
services:
web:
networks:
- frontend
api:
networks:
- frontend
- backend
db:
networks:
- database
cache:
networks:
- database
```
### 2. Port Exposure
```yaml
# ✅ Good: Only expose necessary ports
services:
api:
ports:
- "3000:3000" # API port only
db:
# No ports exposed - only accessible inside network
networks:
- database
# ❌ Bad: Exposing database to host
services:
db:
ports:
- "5432:5432" # Security risk!
```
### 3. TLS Configuration
```yaml
services:
nginx:
image: nginx:alpine
ports:
- "443:443"
volumes:
- ./ssl/cert.pem:/etc/nginx/ssl/cert.pem:ro
- ./ssl/key.pem:/etc/nginx/ssl/key.pem:ro
configs:
- source: nginx_config
target: /etc/nginx/nginx.conf
configs:
nginx_config:
file: ./nginx.conf
```
### 4. Ingress Controls
```yaml
# Limit connections
services:
api:
image: myapp:latest
ports:
- target: 3000
published: 3000
mode: host # Bypass ingress mesh for performance
deploy:
endpoint_mode: dnsrr
resources:
limits:
memory: 1G
```
## Security Profiles
### 1. Seccomp Profile
```json
// default-seccomp.json
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": ["SCMP_ARCH_X86_64"],
"syscalls": [
{
"names": ["read", "write", "exit", "exit_group"],
"action": "SCMP_ACT_ALLOW"
},
{
"names": ["open", "openat", "close"],
"action": "SCMP_ACT_ALLOW"
}
]
}
```
```yaml
# Use custom seccomp profile
services:
api:
security_opt:
- seccomp:./seccomp.json
```
### 2. AppArmor Profile
```bash
# Create AppArmor profile
cat > /etc/apparmor.d/docker-myapp <<EOF
#include <tunables/global>
profile docker-myapp flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network inet tcp,
network inet udp,
/app/** r,
/app/** w,
deny /** rw,
}
EOF
# Load profile
apparmor_parser -r /etc/apparmor.d/docker-myapp
```
```yaml
# Use AppArmor profile
services:
api:
security_opt:
- apparmor:docker-myapp
```
## Security Scanning
### 1. Image Vulnerability Scan
```bash
# Trivy scan
trivy image --severity HIGH,CRITICAL myapp:latest
# Docker Scout
docker scout vulnerabilities myapp:latest
# Grype
grype myapp:latest
# Output JSON for CI
trivy image --format json --output results.json myapp:latest
```
### 2. Base Image Updates
```bash
# Check base image for updates
docker pull node:20-alpine
# Rebuild with updated base
docker build --no-cache -t myapp:latest .
# Scan new image
trivy image myapp:latest
```
### 3. Dependency Audit
```bash
# Node.js
npm audit
npm audit fix
# Python
pip-audit
# Go
go list -m all | nancy
# General
snyk test
```
### 4. Secret Detection
```bash
# Scan for secrets
gitleaks --path . --verbose
# Pre-commit hook
gitleaks protect --staged
# Docker image
gitleaks --image myapp:latest
```
## CI/CD Security Integration
### GitHub Actions
```yaml
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'myapp:${{ github.sha }}'
format: 'table'
exit-code: '1'
severity: 'CRITICAL,HIGH'
- name: Run Gitleaks secret scan
uses: gitleaks/gitleaks-action@v2
with:
args: --path=.
```
### GitLab CI
```yaml
# .gitlab-ci.yml
security_scan:
stage: test
image: docker:24
services:
- docker:dind
script:
- docker build -t myapp:$CI_COMMIT_SHA .
- trivy image --exit-code 1 --severity HIGH,CRITICAL myapp:$CI_COMMIT_SHA
- gitleaks --path . --verbose
```
## Security Checklist
### Dockerfile Security
- [ ] Using minimal base image (alpine/distroless)
- [ ] Specific version tags, not `latest`
- [ ] Running as non-root user
- [ ] No secrets in image
- [ ] `.dockerignore` includes `.env`, `.git`, `.credentials`
- [ ] COPY instead of ADD (unless needed)
- [ ] Multi-stage build for smaller image
- [ ] HEALTHCHECK defined
### Runtime Security
- [ ] Read-only filesystem
- [ ] Capabilities dropped
- [ ] No new privileges
- [ ] Resource limits set
- [ ] User namespace enabled (if available)
- [ ] Seccomp/AppArmor profiles applied
### Network Security
- [ ] Only necessary ports exposed
- [ ] Internal networks for sensitive services
- [ ] TLS for external communication
- [ ] Network segmentation
### Secrets Management
- [ ] No secrets in images
- [ ] Using Docker secrets or external vault
- [ ] `.env` files gitignored
- [ ] Secret rotation implemented
### CI/CD Security
- [ ] Vulnerability scanning in pipeline
- [ ] Secret detection pre-commit
- [ ] Dependency audit automated
- [ ] Base images updated regularly
## Remediation Priority
| Severity | Priority | Timeline |
|----------|----------|----------|
| Critical | P0 | Immediately (24h) |
| High | P1 | Within 7 days |
| Medium | P2 | Within 30 days |
| Low | P3 | Next release |
## Security Tools
| Tool | Purpose |
|------|---------|
| Trivy | Image vulnerability scanning |
| Docker Scout | Docker's built-in scanner |
| Grype | Vulnerability scanner |
| Gitleaks | Secret detection |
| Snyk | Dependency scanning |
| Falco | Runtime security monitoring |
| Anchore | Container security analysis |
| Clair | Open-source vulnerability scanner |
## Common Vulnerabilities
### CVE Examples
```yaml
# Check for specific CVE
trivy image --vulnerabilities CVE-2021-44228 myapp:latest
# Ignore specific CVE (use carefully)
trivy image --ignorefile .trivyignore myapp:latest
# .trivyignore
CVE-2021-12345 # Known and accepted
```
### Log4j Example (CVE-2021-44228)
```bash
# Check for vulnerable versions
docker images --format '{{.Repository}}:{{.Tag}}' | xargs -I {} \
trivy image --vulnerabilities CVE-2021-44228 {}
# Update and rebuild
FROM node:20-alpine
# Ensure no vulnerable log4j dependency
RUN npm audit fix
```
## Incident Response
### Security Breach Steps
1. **Isolate**
```bash
# Stop container
docker stop <container_id>
# Remove from network
docker network disconnect app-network <container_id>
```
2. **Preserve Evidence**
```bash
# Save container state
docker commit <container_id> incident-container
# Export logs
docker logs <container_id> > incident-logs.txt
docker export <container_id> > incident-container.tar
```
3. **Analyze**
```bash
# Inspect container
docker inspect <container_id>
# Check image
trivy image <image_name>
# Review process history
docker history <image_name>
```
4. **Remediate**
```bash
# Update base image
docker pull node:20-alpine
# Rebuild
docker build --no-cache -t myapp:fixed .
# Scan
trivy image myapp:fixed
```
## Related Skills
| Skill | Purpose |
|-------|---------|
| `docker-compose` | Local development setup |
| `docker-swarm` | Production orchestration |
| `docker-monitoring` | Security monitoring |
| `docker-networking` | Network security |

757
.kilo/skills/docker-swarm/SKILL.md Normal file
View File

@@ -0,0 +1,757 @@
# Skill: Docker Swarm
## Purpose
Comprehensive skill for Docker Swarm orchestration, cluster management, and production-ready container deployment.
## Overview
Docker Swarm is Docker's native clustering and orchestration solution. Use this skill for production deployments, high availability setups, and managing containerized applications at scale.
## When to Use
- Deploying applications in production clusters
- Setting up high availability services
- Scaling services dynamically
- Managing rolling updates
- Handling secrets and configs securely
- Multi-node orchestration
## Core Concepts
### Swarm Architecture
```
┌─────────────────────────────────────────────────────────────┐
│ Docker Swarm Cluster │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Manager │ │ Manager │ │ Manager │ (HA) │
│ │ Node 1 │ │ Node 2 │ │ Node 3 │ │
│ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │
│ │ │ │ │
│ ┌──────┴────────────────┴────────────────┴──────┐ │
│ │ Internal Network │ │
│ └──────┬────────────────┬──────────────────────┘ │
│ │ │ │
│ ┌──────┴──────┐ ┌──────┴──────┐ ┌─────────────┐ │
│ │ Worker │ │ Worker │ │ Worker │ │
│ │ Node 4 │ │ Node 5 │ │ Node 6 │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
│ Services: api, web, db, redis, queue │
│ Tasks: Running containers distributed across nodes │
└─────────────────────────────────────────────────────────────┘
```
### Key Components
| Component | Description |
|-----------|-------------|
| **Service** | Definition of a container (image, ports, replicas) |
| **Task** | Single running instance of a service |
| **Stack** | Group of related services (like docker-compose) |
| **Node** | Docker daemon participating in swarm |
| **Overlay Network** | Network spanning multiple nodes |
## Skill Files Structure
```
docker-swarm/
├── SKILL.md # This file
├── patterns/
│ ├── services.md # Service deployment patterns
│ ├── networking.md # Overlay network patterns
│ ├── secrets.md # Secrets management
│ └── configs.md # Config management
└── examples/
├── ha-web-app.md # High availability web app
├── microservices.md # Microservices deployment
└── database.md # Database cluster setup
```
## Core Patterns
### 1. Initialize Swarm
```bash
# Initialize swarm on manager node
docker swarm init --advertise-addr <MANAGER_IP>
# Get join token for workers
docker swarm join-token -q worker
# Get join token for managers
docker swarm join-token -q manager
# Join swarm (on worker nodes)
docker swarm join --token <TOKEN> <MANAGER_IP>:2377
# Check swarm status
docker node ls
```
### 2. Service Deployment
```yaml
# docker-compose.yml (Swarm stack)
version: '3.8'
services:
api:
image: myapp/api:latest
deploy:
mode: replicated
replicas: 3
update_config:
parallelism: 1
delay: 10s
failure_action: rollback
order: start-first
rollback_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == worker
preferences:
- spread: node.id
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
networks:
- app-network
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
secrets:
- db_password
- jwt_secret
configs:
- app_config
networks:
app-network:
driver: overlay
attachable: true
secrets:
db_password:
external: true
jwt_secret:
external: true
configs:
app_config:
external: true
```
### 3. Deploy Stack
```bash
# Create secrets (before deploying)
echo "my_db_password" | docker secret create db_password -
docker secret create jwt_secret ./jwt_secret.txt
# Create configs
docker config create app_config ./config.json
# Deploy stack
docker stack deploy -c docker-compose.yml mystack
# List services
docker stack services mystack
# List tasks
docker stack ps mystack
# Remove stack
docker stack rm mystack
```
### 4. Service Management
```bash
# Scale service
docker service scale mystack_api=5
# Update service image
docker service update --image myapp/api:v2 mystack_api
# Update environment variable
docker service update --env-add NODE_ENV=staging mystack_api
# Add constraint
docker service update --constraint-add 'node.labels.region==us-east' mystack_api
# Rollback service
docker service rollback mystack_api
# View service details
docker service inspect mystack_api
# View service logs
docker service logs -f mystack_api
```
### 5. Secrets Management
```bash
# Create secret from stdin
echo "my_secret" | docker secret create db_password -
# Create secret from file
docker secret create jwt_secret ./secrets/jwt.txt
# List secrets
docker secret ls
# Inspect secret metadata
docker secret inspect db_password
# Use secret in service
docker service create \
--name api \
--secret db_password \
--secret jwt_secret \
myapp/api:latest
# Remove secret
docker secret rm db_password
```
### 6. Config Management
```bash
# Create config
docker config create app_config ./config.json
# List configs
docker config ls
# Use config in service
docker service create \
--name api \
--config source=app_config,target=/app/config.json \
myapp/api:latest
# Update config (create new version)
docker config create app_config_v2 ./config-v2.json
# Update service with new config
docker service update \
--config-rm app_config \
--config-add source=app_config_v2,target=/app/config.json \
mystack_api
```
### 7. Overlay Networks
```yaml
# Create overlay network
networks:
frontend:
driver: overlay
attachable: true
backend:
driver: overlay
attachable: true
internal: true # No external access
services:
web:
networks:
- frontend
- backend
api:
networks:
- backend
db:
networks:
- backend
```
```bash
# Create network manually
docker network create --driver overlay --attachable my-network
# List networks
docker network ls
# Inspect network
docker network inspect my-network
```
## Deployment Strategies
### Rolling Update
```yaml
services:
api:
deploy:
update_config:
parallelism: 2 # Update 2 tasks at a time
delay: 10s # Wait 10s between updates
failure_action: rollback
monitor: 30s # Monitor for 30s after update
max_failure_ratio: 0.3 # Allow 30% failures
```
### Blue-Green Deployment
```bash
# Deploy new version alongside existing
docker service create \
--name api-v2 \
--mode replicated \
--replicas 3 \
--network app-network \
myapp/api:v2
# Update router to point to new version
# (Using nginx/traefik config update)
# Remove old version
docker service rm api-v1
```
### Canary Deployment
```yaml
# Deploy canary version
version: '3.8'
services:
api:
image: myapp/api:v1
deploy:
replicas: 9
# ... 90% of traffic
api-canary:
image: myapp/api:v2
deploy:
replicas: 1
# ... 10% of traffic
```
### Global Services
```yaml
# Run one instance on every node
services:
monitoring:
image: myapp/monitoring:latest
deploy:
mode: global
volumes:
- /var/run/docker.sock:/var/run/docker.sock
```
## High Availability Patterns
### 1. Multi-Manager Setup
```bash
# Create 3 manager nodes for HA
docker swarm init --advertise-addr <MANAGER1_IP>
# On manager2
docker swarm join --token <MANAGER_TOKEN> <MANAGER1_IP>:2377
# On manager3
docker swarm join --token <MANAGER_TOKEN> <MANAGER1_IP>:2377
# Promote worker to manager
docker node promote <NODE_ID>
# Demote manager to worker
docker node demote <NODE_ID>
```
### 2. Placement Constraints
```yaml
services:
db:
image: postgres:15
deploy:
placement:
constraints:
- node.role == worker
- node.labels.database == true
preferences:
- spread: node.labels.zone # Spread across zones
cache:
image: redis:7
deploy:
placement:
constraints:
- node.labels.cache == true
```
### 3. Resource Management
```yaml
services:
api:
deploy:
resources:
limits:
cpus: '2'
memory: 2G
reservations:
cpus: '1'
memory: 1G
restart_policy:
condition: on-failure
max_attempts: 3
```
### 4. Health Checks
```yaml
services:
api:
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
deploy:
update_config:
failure_action: rollback
monitor: 30s
```
## Service Discovery & Load Balancing
### Built-in Load Balancing
```yaml
# Swarm provides automatic load balancing
services:
api:
deploy:
replicas: 3
ports:
- "3000:3000" # Requests are load balanced across replicas
# Virtual IP (VIP) - default mode
# DNS round-robin
services:
api:
deploy:
endpoint_mode: dnsrr
```
### Ingress Network
```yaml
# Publishing ports
services:
web:
ports:
- "80:80" # Published on all nodes
- "443:443"
deploy:
mode: ingress # Default, routed through mesh
```
### Host Mode
```yaml
# Bypass load balancer (for performance)
services:
web:
ports:
- target: 80
published: 80
mode: host # Direct port mapping
deploy:
mode: global # One per node
```
## Monitoring & Logging
### Logging Drivers
```yaml
services:
api:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "app,environment"
# Or use syslog
api:
logging:
driver: "syslog"
options:
syslog-address: "tcp://logserver:514"
syslog-facility: "daemon"
```
### Viewing Logs
```bash
# Service logs
docker service logs mystack_api
# Filter by time
docker service logs --since 1h mystack_api
# Follow logs
docker service logs -f mystack_api
# All tasks
docker service logs --tail 100 mystack_api
```
### Monitoring Commands
```bash
# Node status
docker node ls
# Service status
docker service ls
# Task status
docker service ps mystack_api
# Resource usage
docker stats
# Service inspect
docker service inspect mystack_api --pretty
```
## Backup & Recovery
### Backup Swarm State
```bash
# On manager node
docker pull swaggercodebreaker/swarmctl
docker run --rm -v /var/lib/docker/swarm:/ swarmctl export > swarm-backup.json
# Or manual backup
cp -r /var/lib/docker/swarm/raft ~/swarm-backup/
```
### Recovery
```bash
# Unlock swarm after restart (if encrypted)
docker swarm unlock
# Force new cluster (disaster recovery)
docker swarm init --force-new-cluster
# Restore from backup
docker swarm init --force-new-cluster
docker service create --name restore-app ...
```
## Common Operations
### Node Management
```bash
# List nodes
docker node ls
# Inspect node
docker node inspect <NODE_ID>
# Drain node (for maintenance)
docker node update --availability drain <NODE_ID>
# Activate node
docker node update --availability active <NODE_ID>
# Add labels
docker node update --label-add region=us-east <NODE_ID>
# Remove node
docker node rm <NODE_ID>
```
### Service Debugging
```bash
# View service tasks
docker service ps mystack_api
# View task details
docker inspect <TASK_ID>
# Run temporary container for debugging
docker run --rm -it --network mystack_app-network \
myapp/api:latest sh
# Check service logs
docker service logs mystack_api
# Execute command in running container
docker exec -it <CONTAINER_ID> sh
```
### Network Debugging
```bash
# List networks
docker network ls
# Inspect overlay network
docker network inspect mystack_app-network
# Test connectivity
docker run --rm --network mystack_app-network alpine ping api
# DNS resolution
docker run --rm --network mystack_app-network alpine nslookup api
```
## Production Checklist
- [ ] At least 3 manager nodes for HA
- [ ] Quorum maintained (odd number of managers)
- [ ] Resources limited for all services
- [ ] Health checks configured
- [ ] Rolling update strategy defined
- [ ] Rollback strategy configured
- [ ] Secrets used for sensitive data
- [ ] Configs for environment settings
- [ ] Overlay networks properly segmented
- [ ] Logging driver configured
- [ ] Monitoring solution deployed
- [ ] Backup strategy implemented
- [ ] Node labels for placement constraints
- [ ] Resource reservations set
## Best Practices
1. **Resource Planning**
```yaml
deploy:
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
```
2. **Rolling Updates**
```yaml
deploy:
update_config:
parallelism: 1
delay: 10s
failure_action: rollback
monitor: 30s
```
3. **Placement Constraints**
```yaml
deploy:
placement:
constraints:
- node.role == worker
preferences:
- spread: node.labels.zone
```
4. **Network Segmentation**
```yaml
networks:
frontend:
driver: overlay
backend:
driver: overlay
internal: true
```
5. **Secrets Management**
```yaml
secrets:
- db_password
- jwt_secret
```
## Troubleshooting
### Service Won't Start
```bash
# Check task status
docker service ps mystack_api --no-trunc
# Check logs
docker service logs mystack_api
# Check node resources
docker node ls
docker stats
# Check network
docker network inspect mystack_app-network
```
### Task Keeps Restarting
```bash
# Check restart policy
docker service inspect mystack_api --pretty
# Check container logs
docker service logs --tail 50 mystack_api
# Check health check
docker inspect <CONTAINER_ID> --format='{{.State.Health}}'
```
### Network Issues
```bash
# Verify overlay network
docker network inspect mystack_app-network
# Check DNS resolution
docker run --rm --network mystack_app-network alpine nslookup api
# Check connectivity
docker run --rm --network mystack_app-network alpine ping api
```
## Related Skills
| Skill | Purpose |
|-------|---------|
| `docker-compose` | Local development with Compose |
| `docker-security` | Container security patterns |
| `kubernetes` | Kubernetes orchestration |
| `docker-monitoring` | Container monitoring setup |

519
.kilo/skills/docker-swarm/examples/ha-web-app.md Normal file
View File

@@ -0,0 +1,519 @@
# Docker Swarm Deployment Examples
## Example: High Availability Web Application
Complete example of deploying a production-ready web application with Docker Swarm.
### docker-compose.yml (Swarm Stack)
```yaml
version: '3.8'
services:
# Reverse Proxy with SSL
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
configs:
- source: nginx_config
target: /etc/nginx/nginx.conf
secrets:
- ssl_cert
- ssl_key
networks:
- frontend
deploy:
replicas: 2
placement:
constraints:
- node.role == worker
resources:
limits:
cpus: '0.5'
memory: 256M
healthcheck:
test: ["CMD", "nginx", "-t"]
interval: 30s
timeout: 10s
retries: 3
# API Service
api:
image: myapp/api:latest
environment:
- NODE_ENV=production
- DATABASE_URL=postgres://app:${DB_PASSWORD}@db:5432/app
- REDIS_URL=redis://cache:6379
configs:
- source: app_config
target: /app/config.json
secrets:
- jwt_secret
networks:
- frontend
- backend
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 10s
failure_action: rollback
order: start-first
rollback_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == worker
preferences:
- spread: node.id
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
# Background Worker
worker:
image: myapp/worker:latest
environment:
- NODE_ENV=production
- DATABASE_URL=postgres://app:${DB_PASSWORD}@db:5432/app
secrets:
- jwt_secret
networks:
- backend
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 5
placement:
constraints:
- node.role == worker
resources:
limits:
cpus: '0.5'
memory: 512M
# Database (PostgreSQL with Replication)
db:
image: postgres:15-alpine
environment:
POSTGRES_DB: app
POSTGRES_USER: app
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_password
volumes:
- postgres-data:/var/lib/postgresql/data
networks:
- backend
deploy:
replicas: 1
placement:
constraints:
- node.labels.database == true
resources:
limits:
cpus: '2'
memory: 2G
healthcheck:
test: ["CMD-SHELL", "pg_isready -U app -d app"]
interval: 10s
timeout: 5s
retries: 5
# Redis Cache
cache:
image: redis:7-alpine
command: redis-server --appendonly yes --maxmemory 512mb --maxmemory-policy allkeys-lru
volumes:
- redis-data:/data
networks:
- backend
deploy:
replicas: 1
placement:
constraints:
- node.labels.cache == true
resources:
limits:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
# Monitoring (Prometheus)
prometheus:
image: prom/prometheus:latest
configs:
- source: prometheus_config
target: /etc/prometheus/prometheus.yml
volumes:
- prometheus-data:/prometheus
networks:
- monitoring
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.retention.time=30d'
# Monitoring (Grafana)
grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
environment:
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
volumes:
- grafana-data:/var/lib/grafana
networks:
- monitoring
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
networks:
frontend:
driver: overlay
attachable: true
backend:
driver: overlay
internal: true
monitoring:
driver: overlay
attachable: true
volumes:
postgres-data:
redis-data:
prometheus-data:
grafana-data:
configs:
nginx_config:
file: ./configs/nginx.conf
app_config:
file: ./configs/app.json
prometheus_config:
file: ./configs/prometheus.yml
secrets:
db_password:
file: ./secrets/db_password.txt
jwt_secret:
file: ./secrets/jwt_secret.txt
ssl_cert:
file: ./secrets/ssl_cert.pem
ssl_key:
file: ./secrets/ssl_key.pem
```
### Deployment Script
```bash
#!/bin/bash
# deploy.sh
set -e
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
# Configuration
STACK_NAME="myapp"
COMPOSE_FILE="docker-compose.yml"
echo "Starting deployment for ${STACK_NAME}..."
# Check if running on Swarm
if ! docker info | grep -q "Swarm: active"; then
echo -e "${RED}Error: Not running in Swarm mode${NC}"
echo "Initialize Swarm with: docker swarm init"
exit 1
fi
# Create secrets (if not exists)
echo "Checking secrets..."
for secret in db_password jwt_secret ssl_cert ssl_key; do
if ! docker secret inspect ${secret} > /dev/null 2>&1; then
if [ -f "./secrets/${secret}.txt" ]; then
docker secret create ${secret} ./secrets/${secret}.txt
echo -e "${GREEN}Created secret: ${secret}${NC}"
else
echo -e "${RED}Missing secret file: ./secrets/${secret}.txt${NC}"
exit 1
fi
else
echo "Secret ${secret} already exists"
fi
done
# Create configs
echo "Creating configs..."
docker config rm nginx_config 2>/dev/null || true
docker config create nginx_config ./configs/nginx.conf
docker config rm app_config 2>/dev/null || true
docker config create app_config ./configs/app.json
docker config rm prometheus_config 2>/dev/null || true
docker config create prometheus_config ./configs/prometheus.yml
# Deploy stack
echo "Deploying stack..."
docker stack deploy -c ${COMPOSE_FILE} ${STACK_NAME}
# Wait for services to start
echo "Waiting for services to start..."
sleep 30
# Show status
docker stack services ${STACK_NAME}
# Check health
echo "Checking service health..."
for service in nginx api worker db cache prometheus grafana; do
REPLICAS=$(docker service ls --filter name=${STACK_NAME}_${service} --format "{{.Replicas}}")
echo "${service}: ${REPLICAS}"
done
echo -e "${GREEN}Deployment complete!${NC}"
echo "Check status: docker stack services ${STACK_NAME}"
echo "View logs: docker service logs -f ${STACK_NAME}_api"
```
### Service Update Script
```bash
#!/bin/bash
# update-service.sh
set -e
SERVICE_NAME=$1
NEW_IMAGE=$2
if [ -z "$SERVICE_NAME" ] || [ -z "$NEW_IMAGE" ]; then
echo "Usage: ./update-service.sh <service-name> <new-image>"
echo "Example: ./update-service.sh myapp_api myapp/api:v2"
exit 1
fi
FULL_SERVICE_NAME="${STACK_NAME}_${SERVICE_NAME}"
echo "Updating ${FULL_SERVICE_NAME} to ${NEW_IMAGE}..."
# Update service with rollback on failure
docker service update \
--image ${NEW_IMAGE} \
--update-parallelism 1 \
--update-delay 10s \
--update-failure-action rollback \
--update-monitor 30s \
${FULL_SERVICE_NAME}
# Wait for update
echo "Waiting for update to complete..."
sleep 30
# Check status
docker service ps ${FULL_SERVICE_NAME}
echo "Update complete!"
```
### Rollback Script
```bash
#!/bin/bash
# rollback-service.sh
set -e
SERVICE_NAME=$1
STACK_NAME="myapp"
if [ -z "$SERVICE_NAME" ]; then
echo "Usage: ./rollback-service.sh <service-name>"
exit 1
fi
FULL_SERVICE_NAME="${STACK_NAME}_${SERVICE_NAME}"
echo "Rolling back ${FULL_SERVICE_NAME}..."
docker service rollback ${FULL_SERVICE_NAME}
sleep 30
docker service ps ${FULL_SERVICE_NAME}
echo "Rollback complete!"
```
### Monitoring Dashboard (Grafana)
```json
{
"dashboard": {
"title": "Docker Swarm Overview",
"panels": [
{
"title": "Running Tasks",
"targets": [
{
"expr": "count(container_tasks_state{state=\"running\"})"
}
]
},
{
"title": "CPU Usage per Service",
"targets": [
{
"expr": "rate(container_cpu_usage_seconds_total{name=~\".+\"}[5m]) * 100",
"legendFormat": "{{name}}"
}
]
},
{
"title": "Memory Usage per Service",
"targets": [
{
"expr": "container_memory_usage_bytes{name=~\".+\"} / 1024 / 1024",
"legendFormat": "{{name}} MB"
}
]
},
{
"title": "Network I/O",
"targets": [
{
"expr": "rate(container_network_receive_bytes_total{name=~\".+\"}[5m])",
"legendFormat": "{{name}} RX"
},
{
"expr": "rate(container_network_transmit_bytes_total{name=~\".+\"}[5m])",
"legendFormat": "{{name}} TX"
}
]
},
{
"title": "Service Health",
"targets": [
{
"expr": "container_health_status{name=~\".+\"}"
}
]
}
]
}
}
```
### Prometheus Configuration
```yaml
# prometheus.yml
global:
scrape_interval: 15s
evaluation_interval: 15m
alerting:
alertmanagers:
- static_configs:
- targets:
- alertmanager:9093
rule_files:
- /etc/prometheus/alerts.yml
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['prometheus:9090']
- job_name: 'cadvisor'
static_configs:
- targets: ['cadvisor:8080']
- job_name: 'node'
static_configs:
- targets: ['node-exporter:9100']
- job_name: 'api'
static_configs:
- targets: ['api:3000']
metrics_path: '/metrics'
```
### Alert Rules
```yaml
# alerts.yml
groups:
- name: swarm_alerts
rules:
- alert: ServiceDown
expr: count(container_tasks_state{state="running"}) == 0
for: 5m
labels:
severity: critical
annotations:
summary: "Service {{ $labels.service }} is down"
description: "No running tasks for service {{ $labels.service }}"
- alert: HighCpuUsage
expr: rate(container_cpu_usage_seconds_total[5m]) * 100 > 80
for: 5m
labels:
severity: warning
annotations:
summary: "High CPU usage on {{ $labels.name }}"
description: "Container {{ $labels.name }} CPU usage is {{ $value }}%"
- alert: HighMemoryUsage
expr: (container_memory_usage_bytes / container_spec_memory_limit_bytes) * 100 > 80
for: 5m
labels:
severity: warning
annotations:
summary: "High memory usage on {{ $labels.name }}"
description: "Container {{ $labels.name }} memory usage is {{ $value }}%"
- alert: ContainerRestart
expr: increase(container_restart_count[1h]) > 0
labels:
severity: warning
annotations:
summary: "Container {{ $labels.name }} restarted"
description: "Container {{ $labels.name }} restarted {{ $value }} times in the last hour"
```

275
.kilo/skills/evolution-sync/SKILL.md Normal file
View File

@@ -0,0 +1,275 @@
# Evolution Sync Skill
Synchronizes agent evolution data from multiple sources.
## Purpose
Keeps the agent evolution dashboard up-to-date by:
1. Parsing git history for agent changes
2. Extracting current models from kilo.jsonc and capability-index.yaml
3. Recording performance metrics from Gitea issue comments
4. Tracking model and prompt changes over time
## Usage
```bash
# Sync from all sources
bun run agent-evolution/scripts/sync-agent-history.ts
# Sync specific source
bun run agent-evolution/scripts/sync-agent-history.ts --source git
bun run agent-evolution/scripts/sync-agent-history.ts --source gitea
```
## Integration Points
### 1. Git History
Parses commit messages for agent-related changes:
```bash
git log --all --oneline -- ".kilo/agents/"
```
Detects patterns like:
- `feat: add flutter-developer agent`
- `fix: update security-auditor model`
- `docs: update lead-developer prompt`
### 2. Configuration Files
**kilo.jsonc** - Primary model assignments:
```json
{
"agent": {
"lead-developer": {
"model": "ollama-cloud/qwen3-coder:480b"
}
}
}
```
**capability-index.yaml** - Capability mappings:
```yaml
agents:
lead-developer:
model: ollama-cloud/qwen3-coder:480b
capabilities: [code_writing, refactoring]
```
### 3. Gitea Integration
Extracts performance data from issue comments:
```typescript
// Comment format
// ## ✅ lead-developer completed
// **Score**: 8/10
// **Duration**: 1.2h
// **Files**: src/auth.ts, src/user.ts
```
## Function Reference
### syncEvolutionData()
Main sync function:
```typescript
async function syncEvolutionData(): Promise<void> {
// 1. Load agent files
const agentFiles = loadAgentFiles();
// 2. Load capability index
const capabilityIndex = loadCapabilityIndex();
// 3. Load kilo config
const kiloConfig = loadKiloConfig();
// 4. Get git history
const gitHistory = await getGitHistory();
// 5. Merge all sources
const merged = mergeConfigs(agentFiles, capabilityIndex, kiloConfig);
// 6. Update evolution data
updateEvolutionData(merged, gitHistory);
}
```
### recordAgentChange()
Records a model or prompt change:
```typescript
interface AgentChange {
agent: string;
type: 'model_change' | 'prompt_change' | 'capability_change';
from: string | null;
to: string;
reason: string;
issue_number?: number;
}
function recordAgentChange(change: AgentChange): void {
const evolution = loadEvolutionData();
if (!evolution.agents[change.agent]) {
evolution.agents[change.agent] = {
current: { model: change.to, ... },
history: [],
performance_log: []
};
}
// Add to history
evolution.agents[change.agent].history.push({
date: new Date().toISOString(),
commit: 'manual',
type: change.type,
from: change.from,
to: change.to,
reason: change.reason,
source: 'gitea'
});
saveEvolutionData(evolution);
}
```
### recordPerformance()
Records agent performance from issue:
```typescript
interface AgentPerformance {
agent: string;
issue: number;
score: number;
duration_ms: number;
success: boolean;
}
function recordPerformance(perf: AgentPerformance): void {
const evolution = loadEvolutionData();
if (!evolution.agents[perf.agent]) return;
evolution.agents[perf.agent].performance_log.push({
date: new Date().toISOString(),
issue: perf.issue,
score: perf.score,
duration_ms: perf.duration_ms,
success: perf.success
});
saveEvolutionData(evolution);
}
```
## Pipeline Integration
Add to `.kilo/commands/pipeline.md`:
```yaml
post_pipeline:
- name: sync_evolution
description: Sync agent evolution data after pipeline run
command: bun run agent-evolution/scripts/sync-agent-history.ts
```
## Gitea Webhook Handler
```typescript
// Parse agent completion comment
app.post('/api/evolution/webhook', async (req, res) => {
const { issue, comment } = req.body;
// Check for agent completion marker
const agentMatch = comment.match(/## ✅ (\w+-?\w*) completed/);
const scoreMatch = comment.match(/\*\*Score\*\*: (\d+)\/10/);
if (agentMatch && scoreMatch) {
await recordPerformance({
agent: agentMatch[1],
issue: issue.number,
score: parseInt(scoreMatch[1]),
duration_ms: 0, // Parse from duration
success: true
});
}
// Check for model change
const modelMatch = comment.match(/Model changed: (\S+) → (\S+)/);
if (modelMatch) {
await recordAgentChange({
agent: agentMatch[1],
type: 'model_change',
from: modelMatch[1],
to: modelMatch[2],
reason: 'Manual update',
issue_number: issue.number
});
}
});
```
## Files Structure
```
agent-evolution/
├── data/
│ ├── agent-versions.json # Current state + history
│ └── agent-versions.schema.json # JSON schema
├── scripts/
│ ├── sync-agent-history.ts # Main sync script
│ ├── parse-git-history.ts # Git parser
│ └── gitea-webhook.ts # Webhook handler
└── index.html # Dashboard UI
```
## Dashboard Features
1. **Overview Tab**
- Total agents, with history, pending recommendations
- Recent changes timeline
- Critical recommendations
2. **All Agents Tab**
- Filterable by category
- Searchable
- Shows model, fit score, capabilities
3. **Timeline Tab**
- Full evolution history
- Model changes
- Prompt changes
4. **Recommendations Tab**
- Export to JSON
- Priority-based sorting
- One-click apply
5. **Model Matrix Tab**
- Agent × Model mapping
- Fit scores
- Provider distribution
## Best Practices
1. **Run sync after each pipeline**
- Ensures history is up-to-date
- Captures model changes
2. **Record performance from every issue**
- Track agent effectiveness
- Identify improvement patterns
3. **Apply recommendations systematically**
- Use priority: critical → high → medium
- Track before/after performance
4. **Monitor evolution trends**
- Which agents change most frequently
- Which models perform best
- Category-specific optimizations

751
.kilo/skills/flutter-navigation/SKILL.md Normal file
View File

@@ -0,0 +1,751 @@
# Flutter Navigation Patterns
Production-ready navigation patterns for Flutter apps using go_router and declarative routing.
## Overview
This skill provides canonical patterns for Flutter navigation including go_router setup, nested navigation, guards, and deep links.
## go_router Setup
### 1. Basic Router Configuration
```dart
// lib/core/navigation/app_router.dart
import 'package:go_router/go_router.dart';
final router = GoRouter(
debugLogDiagnostics: true,
initialLocation: '/home',
routes: [
GoRoute(
path: '/',
redirect: (_, __) => '/home',
),
GoRoute(
path: '/home',
name: 'home',
builder: (context, state) => const HomePage(),
),
GoRoute(
path: '/login',
name: 'login',
builder: (context, state) => const LoginPage(),
),
GoRoute(
path: '/products',
name: 'products',
builder: (context, state) => const ProductListPage(),
routes: [
GoRoute(
path: ':id',
name: 'product-detail',
builder: (context, state) {
final id = state.pathParameters['id']!;
return ProductDetailPage(productId: id);
},
),
],
),
GoRoute(
path: '/profile',
name: 'profile',
builder: (context, state) => const ProfilePage(),
),
],
errorBuilder: (context, state) => ErrorPage(error: state.error),
redirect: (context, state) async {
final isAuthenticated = await authRepository.isAuthenticated();
final isAuthRoute = state.matchedLocation == '/login';
if (!isAuthenticated && !isAuthRoute) {
return '/login';
}
if (isAuthenticated && isAuthRoute) {
return '/home';
}
return null;
},
);
// lib/main.dart
class MyApp extends StatelessWidget {
const MyApp({super.key});
@override
Widget build(BuildContext context) {
return MaterialApp.router(
routerConfig: router,
title: 'My App',
theme: ThemeData.light(),
darkTheme: ThemeData.dark(),
);
}
}
```
### 2. Shell Route (Bottom Navigation)
```dart
// lib/core/navigation/app_router.dart
final router = GoRouter(
routes: [
ShellRoute(
builder: (context, state, child) => MainShell(child: child),
routes: [
GoRoute(
path: '/home',
name: 'home',
builder: (context, state) => const HomeTab(),
),
GoRoute(
path: '/products',
name: 'products',
builder: (context, state) => const ProductsTab(),
),
GoRoute(
path: '/cart',
name: 'cart',
builder: (context, state) => const CartTab(),
),
GoRoute(
path: '/profile',
name: 'profile',
builder: (context, state) => const ProfileTab(),
),
],
),
GoRoute(
path: '/login',
name: 'login',
builder: (context, state) => const LoginPage(),
),
GoRoute(
path: '/product/:id',
name: 'product-detail',
builder: (context, state) {
final id = state.pathParameters['id']!;
return ProductDetailPage(productId: id);
},
),
],
);
// lib/shared/widgets/shell/main_shell.dart
class MainShell extends StatelessWidget {
const MainShell({
super.key,
required this.child,
});
final Widget child;
@override
Widget build(BuildContext context) {
return Scaffold(
body: child,
bottomNavigationBar: BottomNavigationBar(
currentIndex: _calculateIndex(context),
onTap: (index) => _onTap(context, index),
items: const [
BottomNavigationBarItem(icon: Icon(Icons.home), label: 'Home'),
BottomNavigationBarItem(icon: Icon(Icons.shopping_bag), label: 'Products'),
BottomNavigationBarItem(icon: Icon(Icons.shopping_cart), label: 'Cart'),
BottomNavigationBarItem(icon: Icon(Icons.person), label: 'Profile'),
],
),
);
}
int _calculateIndex(BuildContext context) {
final location = GoRouterState.of(context).matchedLocation;
if (location.startsWith('/home')) return 0;
if (location.startsWith('/products')) return 1;
if (location.startsWith('/cart')) return 2;
if (location.startsWith('/profile')) return 3;
return 0;
}
void _onTap(BuildContext context, int index) {
switch (index) {
case 0:
context.go('/home');
break;
case 1:
context.go('/products');
break;
case 2:
context.go('/cart');
break;
case 3:
context.go('/profile');
break;
}
}
}
```
### 3. Nested Navigation (Tabs with Own Stack)
```dart
// lib/core/navigation/app_router.dart
final router = GoRouter(
routes: [
ShellRoute(
builder: (context, state, child) => MainShell(child: child),
routes: [
// Home tab with nested navigation
ShellRoute(
builder: (context, state, child) => TabShell(
tabKey: 'home',
child: child,
),
routes: [
GoRoute(
path: '/home',
builder: (context, state) => const HomePage(),
),
GoRoute(
path: '/home/notifications',
builder: (context, state) => const NotificationsPage(),
),
GoRoute(
path: '/home/settings',
builder: (context, state) => const SettingsPage(),
),
],
),
// Products tab with nested navigation
ShellRoute(
builder: (context, state, child) => TabShell(
tabKey: 'products',
child: child,
),
routes: [
GoRoute(
path: '/products',
builder: (context, state) => const ProductListPage(),
),
GoRoute(
path: '/products/:id',
builder: (context, state) {
final id = state.pathParameters['id']!;
return ProductDetailPage(productId: id);
},
),
],
),
],
),
],
);
// lib/shared/widgets/shell/tab_shell.dart
class TabShell extends StatefulWidget {
const TabShell({
super.key,
required this.tabKey,
required this.child,
});
final String tabKey;
final Widget child;
@override
State<TabShell> createState() => TabShellState();
}
class TabShellState extends State<TabShell> with AutomaticKeepAliveClientMixin {
@override
bool get wantKeepAlive => true;
@override
Widget build(BuildContext context) {
super.build(context);
return widget.child;
}
}
```
## Navigation Guards
### 1. Authentication Guard
```dart
// lib/core/navigation/guards/auth_guard.dart
class AuthGuard {
static String? check({
required GoRouterState state,
required bool isAuthenticated,
required String redirectPath,
}) {
if (!isAuthenticated) {
return redirectPath;
}
return null;
}
}
// Usage in router
final router = GoRouter(
routes: [
// Public routes
GoRoute(
path: '/login',
builder: (context, state) => const LoginPage(),
),
GoRoute(
path: '/register',
builder: (context, state) => const RegisterPage(),
),
// Protected routes
GoRoute(
path: '/profile',
builder: (context, state) => const ProfilePage(),
redirect: (context, state) {
final isAuthenticated = authRepository.isAuthenticated();
if (!isAuthenticated) {
final currentPath = state.matchedLocation;
return '/login?redirect=$currentPath';
}
return null;
},
),
],
);
```
### 2. Feature Flag Guard
```dart
// lib/core/navigation/guards/feature_guard.dart
class FeatureGuard {
static String? check({
required GoRouterState state,
required bool isEnabled,
required String redirectPath,
}) {
if (!isEnabled) {
return redirectPath;
}
return null;
}
}
// Usage
GoRoute(
path: '/beta-feature',
builder: (context, state) => const BetaFeaturePage(),
redirect: (context, state) => FeatureGuard.check(
state: state,
isEnabled: configService.isFeatureEnabled('beta_feature'),
redirectPath: '/home',
),
),
```
## Navigation Helpers
### 1. Extension Methods
```dart
// lib/core/extensions/context_extension.dart
extension NavigationExtension on BuildContext {
void goNamed(
String name, {
Map<String, String> pathParameters = const {},
Map<String, dynamic> queryParameters = const {},
Object? extra,
}) {
goNamed(
name,
pathParameters: pathParameters,
queryParameters: queryParameters,
extra: extra,
);
}
void pushNamed(
String name, {
Map<String, String> pathParameters = const {},
Map<String, dynamic> queryParameters = const {},
Object? extra,
}) {
pushNamed(
name,
pathParameters: pathParameters,
queryParameters: queryParameters,
extra: extra,
);
}
void popWithResult<T>([T? result]) {
if (canPop()) {
pop<T>(result);
}
}
}
```
### 2. Route Names Constants
```dart
// lib/core/navigation/routes.dart
class Routes {
static const home = '/home';
static const login = '/login';
static const register = '/register';
static const products = '/products';
static const productDetail = '/products/:id';
static const cart = '/cart';
static const checkout = '/checkout';
static const profile = '/profile';
static const settings = '/settings';
// Route names
static const homeName = 'home';
static const loginName = 'login';
static const productsName = 'products';
static const productDetailName = 'product-detail';
// Helper methods
static String productPath(String id) => '/products/$id';
static String settingsPath({String? section}) =>
section != null ? '$settings?section=$section' : settings;
}
// Usage
context.go(Routes.home);
context.push(Routes.productPath('123'));
context.pushNamed(Routes.productDetailName, pathParameters: {'id': '123'});
```
## Deep Links
### 1. Deep Link Configuration
```dart
// lib/core/navigation/deep_links.dart
class DeepLinks {
static final Map<String, String> routeMapping = {
'product': '/products',
'category': '/products?category=',
'user': '/profile',
'order': '/orders',
};
static String? parseDeepLink(Uri uri) {
// myapp://product/123 -> /products/123
// myapp://category/electronics -> /products?category=electronics
// https://myapp.com/product/123 -> /products/123
final host = uri.host;
final path = uri.path;
if (routeMapping.containsKey(host)) {
final basePath = routeMapping[host]!;
return '$basePath$path';
}
return null;
}
}
// Android: android/app/src/main/AndroidManifest.xml
// <intent-filter>
// <action android:name="android.intent.action.VIEW" />
// <category android:name="android.intent.category.DEFAULT" />
// <category android:name="android.intent.category.BROWSABLE" />
// <data android:scheme="myapp" />
// <data android:host="product" />
// </intent-filter>
// iOS: ios/Runner/Info.plist
// <key>CFBundleURLTypes</key>
// <array>
// <dict>
// <key>CFBundleURLSchemes</key>
// <array>
// <string>myapp</string>
// </array>
// </dict>
// </array>
```
### 2. Universal Links (iOS) / App Links (Android)
```dart
// lib/core/navigation/universal_links.dart
class UniversalLinks {
static Future<void> init() async {
// Listen for incoming links
final initialLink = await getInitialLink();
if (initialLink != null) {
_handleLink(initialLink);
}
// Listen for links while app is running
linkStream.listen(_handleLink);
}
static void _handleLink(String link) {
final uri = Uri.parse(link);
final path = DeepLinks.parseDeepLink(uri);
if (path != null) {
router.go(path);
}
}
}
```
## Passing Data Between Screens
### 1. Path Parameters
```dart
// Define route with parameter
GoRoute(
path: '/product/:id',
builder: (context, state) {
final id = state.pathParameters['id']!;
return ProductDetailPage(productId: id);
},
),
// Navigate
context.go('/product/123');
// Or with name
context.goNamed(
'product-detail',
pathParameters: {'id': '123'},
);
```
### 2. Query Parameters
```dart
// Define route
GoRoute(
path: '/search',
builder: (context, state) {
final query = state.queryParameters['q'] ?? '';
final category = state.queryParameters['category'];
return SearchPage(query: query, category: category);
},
),
// Navigate
context.go('/search?q=flutter&category=mobile');
// Or with name
context.goNamed(
'search',
queryParameters: {
'q': 'flutter',
'category': 'mobile',
},
);
```
### 3. Extra Object
```dart
// Define route
GoRoute(
path: '/checkout',
builder: (context, state) {
final order = state.extra as Order?;
return CheckoutPage(order: order);
},
),
// Navigate with object
final order = Order(items: [...]);
context.push('/checkout', extra: order);
// Navigate with typed extra
context.pushNamed<Order>('checkout', extra: order);
```
## State Preservation
### 1. Preserve State on Navigation
```dart
// Use KeepAlive for tabs
class ProductsTab extends StatefulWidget {
const ProductsTab({super.key});
@override
State<ProductsTab> createState() => _ProductsTabState();
}
class _ProductsTabState extends State<ProductsTab>
with AutomaticKeepAliveClientMixin {
@override
bool get wantKeepAlive => true;
@override
Widget build(BuildContext context) {
super.build(context);
// This tab's state is preserved when switching tabs
return ProductList();
}
}
```
### 2. Restoration
```dart
// lib/main.dart
class MyApp extends StatelessWidget {
const MyApp({super.key});
@override
Widget build(BuildContext context) {
return MaterialApp.router(
routerConfig: router,
restorationScopeId: 'app',
);
}
}
// In widgets
class CounterPage extends StatefulWidget {
const CounterPage({super.key});
@override
State<CounterPage> createState() => _CounterPageState();
}
class _CounterPageState extends State<CounterPage> with RestorationMixin {
final RestorableInt _counter = RestorableInt(0);
@override
String get restorationId => 'counter_page';
@override
void restoreState(RestorationBucket? oldBucket, bool initialRestore) {
registerForRestoration(_counter, 'counter');
}
@override
void dispose() {
_counter.dispose();
super.dispose();
}
@override
Widget build(BuildContext context) {
return Scaffold(
body: Center(child: Text('${_counter.value}')),
floatingActionButton: FloatingActionButton(
onPressed: () => setState(() => _counter.value++),
child: const Icon(Icons.add),
),
);
}
}
```
## Nested Navigator
### Custom Back Button Handler
```dart
// lib/shared/widgets/back_button_handler.dart
class BackButtonHandler extends StatelessWidget {
const BackButtonHandler({
super.key,
required this.child,
this.onWillPop,
});
final Widget child;
final Future<bool> Function()? onWillPop;
@override
Widget build(BuildContext context) {
return PopScope(
canPop: onWillPop == null,
onPopInvoked: (didPop) async {
if (didPop) return;
if (onWillPop != null) {
final shouldPop = await onWillPop!();
if (shouldPop && context.mounted) {
context.pop();
}
}
},
child: child,
);
}
}
// Usage
BackButtonHandler(
onWillPop: () async {
final shouldPop = await showDialog<bool>(
context: context,
builder: (context) => AlertDialog(
title: const Text('Discard changes?'),
actions: [
TextButton(
onPressed: () => context.pop(false),
child: const Text('Cancel'),
),
TextButton(
onPressed: () => context.pop(true),
child: const Text('Discard'),
),
],
),
);
return shouldPop ?? false;
},
child: EditFormPage(),
)
```
## Best Practices
### ✅ Do
```dart
// Use typed navigation
context.goNamed('product-detail', pathParameters: {'id': productId});
// Define route names as constants
static const productDetailRoute = 'product-detail';
// Use extra for complex objects
context.push('/checkout', extra: order);
// Handle errors gracefully
errorBuilder: (context, state) => ErrorPage(error: state.error),
```
### ❌ Don't
```dart
// Don't use hardcoded strings
context.goNamed('product-detail'); // Bad if 'product-detail' is mistyped
// Don't pass large objects in query params
context.push('/page?data=${jsonEncode(largeObject)}'); // Bad
// Don't nest navigators without StatefulShellRoute
Navigator(children: [...]); // Bad within go_router
// Don't forget to handle null parameters
final id = state.pathParameters['id']!; // Crash if missing
```
## See Also
- `flutter-state` - State management for navigation state
- `flutter-widgets` - Widget patterns
- `flutter-testing` - Testing navigation flows

508
.kilo/skills/flutter-state/SKILL.md Normal file
View File

@@ -0,0 +1,508 @@
# Flutter State Management Patterns
Production-ready state management patterns for Flutter apps using Riverpod, Bloc, and Provider.
## Overview
This skill provides canonical patterns for Flutter state management including provider setup, state classes, and reactive UI updates.
## Riverpod Patterns (Recommended)
### 1. StateNotifier Pattern
```dart
// lib/features/auth/presentation/providers/auth_provider.dart
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:freezed_annotation/freezed_annotation.dart';
part 'auth_provider.freezed.dart';
@freezed
class AuthState with _$AuthState {
const factory AuthState.initial() = _Initial;
const factory AuthState.loading() = _Loading;
const factory AuthState.loaded(User user) = _Loaded;
const factory AuthState.error(String message) = _Error;
}
class AuthNotifier extends StateNotifier<AuthState> {
final AuthRepository _repository;
AuthNotifier(this._repository) : super(const AuthState.initial());
Future<void> login(String email, String password) async {
state = const AuthState.loading();
final result = await _repository.login(email, password);
result.fold(
(failure) => state = AuthState.error(failure.message),
(user) => state = AuthState.loaded(user),
);
}
Future<void> logout() async {
state = const AuthState.loading();
await _repository.logout();
state = const AuthState.initial();
}
}
// Provider definition
final authProvider = StateNotifierProvider<AuthNotifier, AuthState>((ref) {
return AuthNotifier(ref.read(authRepositoryProvider));
});
```
### 2. Provider with Repository
```dart
// lib/features/auth/data/repositories/auth_repository_provider.dart
final authRepositoryProvider = Provider<AuthRepository>((ref) {
return AuthRepositoryImpl(
remoteDataSource: ref.read(authRemoteDataSourceProvider),
localDataSource: ref.read(authLocalDataSourceProvider),
networkInfo: ref.read(networkInfoProvider),
);
});
// lib/features/auth/presentation/providers/auth_repository_provider.dart
final authRemoteDataSourceProvider = Provider<AuthRemoteDataSource>((ref) {
return AuthRemoteDataSourceImpl(ref.read(dioProvider));
});
final authLocalDataSourceProvider = Provider<AuthLocalDataSource>((ref) {
return AuthLocalDataSourceImpl(ref.read(storageProvider));
});
```
### 3. AsyncValue Pattern
```dart
// lib/features/user/presentation/providers/user_provider.dart
final userProvider = FutureProvider.autoDispose<User?>((ref) async {
final repository = ref.read(userRepositoryProvider);
return repository.getCurrentUser();
});
// Usage in widget
class UserProfileWidget extends ConsumerWidget {
@override
Widget build(BuildContext context, WidgetRef ref) {
final userAsync = ref.watch(userProvider);
return userAsync.when(
data: (user) => UserCard(user: user!),
loading: () => const CircularProgressIndicator(),
error: (error, stack) => ErrorText(error.toString()),
);
}
}
```
### 4. Computed Providers
```dart
// lib/features/cart/presentation/providers/cart_provider.dart
final cartProvider = StateNotifierProvider<CartNotifier, Cart>((ref) {
return CartNotifier();
});
final cartTotalProvider = Provider<double>((ref) {
final cart = ref.watch(cartProvider);
return cart.items.fold(0.0, (sum, item) => sum + item.price);
});
final cartItemCountProvider = Provider<int>((ref) {
final cart = ref.watch(cartProvider);
return cart.items.length;
});
final isCartEmptyProvider = Provider<bool>((ref) {
final cart = ref.watch(cartProvider);
return cart.items.isEmpty;
});
```
### 5. Provider with Listener
```dart
// lib/features/auth/presentation/pages/login_page.dart
class LoginPage extends ConsumerStatefulWidget {
const LoginPage({super.key});
@override
ConsumerState<LoginPage> createState() => _LoginPageState();
}
class _LoginPageState extends ConsumerState<LoginPage> {
final _emailController = TextEditingController();
final _passwordController = TextEditingController();
@override
void dispose() {
_emailController.dispose();
_passwordController.dispose();
super.dispose();
}
@override
Widget build(BuildContext context) {
ref.listen<AuthState>(authProvider, (previous, next) {
next.when(
initial: () {},
loading: () {},
loaded: (user) {
ScaffoldMessenger.of(context).showSnackBar(
SnackBar(content: Text('Welcome, ${user.name}!')),
);
context.go('/home');
},
error: (message) {
ScaffoldMessenger.of(context).showSnackBar(
SnackBar(content: Text(message)),
);
},
);
});
return Scaffold(
body: Consumer(
builder: (context, ref, child) {
final state = ref.watch(authProvider);
return state.when(
initial: () => _buildLoginForm(),
loading: () => const Center(child: CircularProgressIndicator()),
loaded: (_) => const SizedBox.shrink(),
error: (message) => _buildLoginForm(error: message),
);
},
),
);
}
Widget _buildLoginForm({String? error}) {
return Column(
children: [
TextField(controller: _emailController),
TextField(controller: _passwordController, obscureText: true),
if (error != null) Text(error, style: TextStyle(color: Colors.red)),
ElevatedButton(
onPressed: () {
ref.read(authProvider.notifier).login(
_emailController.text,
_passwordController.text,
);
},
child: const Text('Login'),
),
],
);
}
}
```
## Bloc/Cubit Patterns
### 1. Cubit Pattern
```dart
// lib/features/auth/presentation/bloc/auth_cubit.dart
class AuthCubit extends Cubit<AuthState> {
final AuthRepository _repository;
AuthCubit(this._repository) : super(const AuthState.initial());
Future<void> login(String email, String password) async {
emit(const AuthState.loading());
final result = await _repository.login(email, password);
result.fold(
(failure) => emit(AuthState.error(failure.message)),
(user) => emit(AuthState.loaded(user)),
);
}
void logout() {
emit(const AuthState.initial());
_repository.logout();
}
}
// BlocProvider
class LoginPage extends StatelessWidget {
@override
Widget build(BuildContext context) {
return BlocProvider(
create: (context) => AuthCubit(context.read<AuthRepository>()),
child: LoginForm(),
);
}
}
// BlocBuilder
BlocBuilder<AuthCubit, AuthState>(
builder: (context, state) {
return state.when(
initial: () => const LoginForm(),
loading: () => const CircularProgressIndicator(),
loaded: (user) => HomeScreen(user: user),
error: (message) => ErrorWidget(message: message),
);
},
)
```
### 2. Bloc Pattern with Events
```dart
// lib/features/auth/presentation/bloc/auth_bloc.dart
abstract class AuthEvent extends Equatable {
const AuthEvent();
}
class LoginEvent extends AuthEvent {
final String email;
final String password;
const LoginEvent(this.email, this.password);
@override
List<Object> get props => [email, password];
}
class LogoutEvent extends AuthEvent {
@override
List<Object> get props => [];
}
class AuthBloc extends Bloc<AuthEvent, AuthState> {
final AuthRepository _repository;
AuthBloc(this._repository) : super(const AuthState.initial()) {
on<LoginEvent>(_onLogin);
on<LogoutEvent>(_onLogout);
}
Future<void> _onLogin(LoginEvent event, Emitter<AuthState> emit) async {
emit(const AuthState.loading());
final result = await _repository.login(event.email, event.password);
result.fold(
(failure) => emit(AuthState.error(failure.message)),
(user) => emit(AuthState.loaded(user)),
);
}
Future<void> _onLogout(LogoutEvent event, Emitter<AuthState> emit) async {
emit(const AuthState.loading());
await _repository.logout();
emit(const AuthState.initial());
}
}
```
## Provider Pattern (Legacy)
### 1. ChangeNotifier Pattern
```dart
// lib/models/user_model.dart
class UserModel extends ChangeNotifier {
User? _user;
bool _isLoading = false;
String? _error;
User? get user => _user;
bool get isLoading => _isLoading;
String? get error => _error;
bool get isAuthenticated => _user != null;
Future<void> login(String email, String password) async {
_isLoading = true;
_error = null;
notifyListeners();
try {
_user = await _authService.login(email, password);
} catch (e) {
_error = e.toString();
}
_isLoading = false;
notifyListeners();
}
void logout() {
_user = null;
notifyListeners();
}
}
// Usage
ChangeNotifierProvider(
create: (_) => UserModel(),
child: MyApp(),
)
// Consumer
Consumer<UserModel>(
builder: (context, userModel, child) {
if (userModel.isLoading) {
return CircularProgressIndicator();
}
if (userModel.error != null) {
return Text(userModel.error!);
}
return UserWidget(user: userModel.user);
},
)
```
## Best Practices
### 1. Immutable State with Freezed
```dart
// lib/features/product/domain/entities/product_state.dart
import 'package:freezed_annotation/freezed_annotation.dart';
part 'product_state.freezed.dart';
@freezed
class ProductState with _$ProductState {
const factory ProductState({
@Default([]) List<Product> products,
@Default(false) bool isLoading,
@Default('') String searchQuery,
@Default(1) int page,
@Default(false) bool hasReachedMax,
String? error,
}) = _ProductState;
}
```
### 2. State Notifier with Pagination
```dart
class ProductNotifier extends StateNotifier<ProductState> {
final ProductRepository _repository;
ProductNotifier(this._repository) : super(const ProductState());
Future<void> fetchProducts({bool refresh = false}) async {
if (state.isLoading || (!refresh && state.hasReachedMax)) return;
state = state.copyWith(isLoading: true, error: null);
final page = refresh ? 1 : state.page;
final result = await _repository.getProducts(page: page, search: state.searchQuery);
result.fold(
(failure) => state = state.copyWith(
isLoading: false,
error: failure.message,
),
(newProducts) => state = state.copyWith(
products: refresh ? newProducts : [...state.products, ...newProducts],
isLoading: false,
page: page + 1,
hasReachedMax: newProducts.isEmpty,
),
);
}
void search(String query) {
state = state.copyWith(searchQuery: query, page: 1, hasReachedMax: false);
fetchProducts(refresh: true);
}
}
```
### 3. Family for Parameterized Providers
```dart
// Parameterized provider with family
final productProvider = FutureProvider.family.autoDispose<Product?, String>((ref, id) async {
final repository = ref.read(productRepositoryProvider);
return repository.getProduct(id);
});
// Usage
Consumer(
builder: (context, ref, child) {
final productAsync = ref.watch(productProvider(productId));
return productAsync.when(
data: (product) => ProductCard(product: product!),
loading: () => const SkeletonLoader(),
error: (e, s) => ErrorWidget(e.toString()),
);
},
)
```
## State Management Comparison
| Feature | Riverpod | Bloc | Provider |
|---------|----------|------|----------|
| Learning Curve | Low | Medium | Low |
| Boilerplate | Low | High | Low |
| Testing | Easy | Easy | Medium |
| DevTools | Good | Excellent | Basic |
| Immutable | Yes | Yes | Manual |
| Async | AsyncValue | States | Manual |
## Do's and Don'ts
### ✅ Do
```dart
// Use const constructors
const ProductCard({
super.key,
required this.product,
});
// Use immutable state
@freezed
class State with _$State {
const factory State({...}) = _State;
}
// Use providers for dependency injection
final repositoryProvider = Provider((ref) => Repository());
// Use family for parameterized state
final itemProvider = Provider.family<Item, String>((ref, id) => ...);
```
### ❌ Don't
```dart
// Don't use setState for complex state
setState(() {
_isLoading = true;
_loadData();
});
// Don't mutate state directly
state.items.add(newItem); // Wrong
state = state.copyWith(items: [...state.items, newItem]); // Right
// Don't put business logic in widgets
void _handleLogin() {
// API call here
}
// Don't use ChangeNotifier for new projects
class MyState extends ChangeNotifier { ... }
```
## See Also
- `flutter-widgets` - Widget patterns and best practices
- `flutter-navigation` - go_router and navigation
- `flutter-testing` - Testing state management

759
.kilo/skills/flutter-widgets/SKILL.md Normal file
View File

@@ -0,0 +1,759 @@
# Flutter Widget Patterns
Production-ready widget patterns for Flutter apps including architecture, composition, and best practices.
## Overview
This skill provides canonical patterns for building Flutter widgets including stateless widgets, state management, custom widgets, and responsive design.
## Core Widget Patterns
### 1. StatelessWidget Pattern
```dart
// lib/features/user/presentation/widgets/user_card.dart
class UserCard extends StatelessWidget {
const UserCard({
super.key,
required this.user,
this.onTap,
this.trailing,
});
final User user;
final VoidCallback? onTap;
final Widget? trailing;
@override
Widget build(BuildContext context) {
return Card(
child: InkWell(
onTap: onTap,
child: Padding(
padding: const EdgeInsets.all(16),
child: Row(
children: [
UserAvatar(user: user),
const SizedBox(width: 16),
Expanded(
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text(
user.name,
style: Theme.of(context).textTheme.titleMedium,
),
Text(
user.email,
style: Theme.of(context).textTheme.bodySmall,
),
],
),
),
if (trailing != null) trailing!,
],
),
),
),
);
}
}
```
### 2. StatefulWidget Pattern
```dart
// lib/features/form/presentation/pages/form_page.dart
class FormPage extends StatefulWidget {
const FormPage({super.key});
@override
State<FormPage> createState() => _FormPageState();
}
class _FormPageState extends State<FormPage> {
final _formKey = GlobalKey<FormState>();
final _emailController = TextEditingController();
final _passwordController = TextEditingController();
bool _isLoading = false;
@override
void dispose() {
_emailController.dispose();
_passwordController.dispose();
super.dispose();
}
Future<void> _submit() async {
if (!_formKey.currentState!.validate()) return;
setState(() => _isLoading = true);
try {
await _submitForm(_emailController.text, _passwordController.text);
if (mounted) {
ScaffoldMessenger.of(context).showSnackBar(
const SnackBar(content: Text('Form submitted successfully')),
);
}
} finally {
if (mounted) {
setState(() => _isLoading = false);
}
}
}
@override
Widget build(BuildContext context) {
return Scaffold(
body: Form(
key: _formKey,
child: Column(
children: [
TextFormField(
controller: _emailController,
validator: (value) {
if (value == null || value.isEmpty) {
return 'Email is required';
}
if (!value.contains('@')) {
return 'Invalid email';
}
return null;
},
),
TextFormField(
controller: _passwordController,
obscureText: true,
validator: (value) {
if (value == null || value.length < 8) {
return 'Password must be at least 8 characters';
}
return null;
},
),
_isLoading
? const CircularProgressIndicator()
: ElevatedButton(
onPressed: _submit,
child: const Text('Submit'),
),
],
),
),
);
}
}
```
### 3. ConsumerWidget Pattern (Riverpod)
```dart
// lib/features/product/presentation/pages/product_list_page.dart
class ProductListPage extends ConsumerWidget {
const ProductListPage({super.key});
@override
Widget build(BuildContext context, WidgetRef ref) {
final productsAsync = ref.watch(productsProvider);
return Scaffold(
appBar: AppBar(title: const Text('Products')),
body: productsAsync.when(
data: (products) => products.isEmpty
? const EmptyState(message: 'No products found')
: ListView.builder(
itemCount: products.length,
itemBuilder: (context, index) => ProductTile(product: products[index]),
),
loading: () => const Center(child: CircularProgressIndicator()),
error: (error, stack) => ErrorState(message: error.toString()),
),
floatingActionButton: FloatingActionButton(
onPressed: () => context.push('/products/new'),
child: const Icon(Icons.add),
),
);
}
}
```
### 4. Composition Pattern
```dart
// lib/shared/widgets/composite/card_container.dart
class CardContainer extends StatelessWidget {
const CardContainer({
super.key,
required this.child,
this.title,
this.subtitle,
this.leading,
this.trailing,
this.onTap,
this.padding = const EdgeInsets.all(16),
this.margin = const EdgeInsets.symmetric(horizontal: 16, vertical: 8),
});
final Widget child;
final String? title;
final String? subtitle;
final Widget? leading;
final Widget? trailing;
final VoidCallback? onTap;
final EdgeInsetsGeometry padding;
final EdgeInsetsGeometry margin;
@override
Widget build(BuildContext context) {
return Container(
margin: margin,
child: Card(
child: InkWell(
onTap: onTap,
child: Padding(
padding: padding,
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
if (title != null || leading != null)
Row(
children: [
if (leading != null) ...[
leading!,
const SizedBox(width: 12),
],
if (title != null)
Expanded(
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text(
title!,
style: Theme.of(context).textTheme.titleLarge,
),
if (subtitle != null)
Text(
subtitle!,
style: Theme.of(context).textTheme.bodySmall,
),
],
),
),
if (trailing != null) trailing!,
],
),
if (title != null || leading != null)
const SizedBox(height: 16),
child,
],
),
),
),
),
);
}
}
```
## Responsive Design
### 1. Responsive Layout
```dart
// lib/shared/widgets/responsive/responsive_layout.dart
class ResponsiveLayout extends StatelessWidget {
const ResponsiveLayout({
super.key,
required this.mobile,
this.tablet,
this.desktop,
this.watch,
});
final Widget mobile;
final Widget? tablet;
final Widget? desktop;
final Widget? watch;
static const int mobileWidth = 600;
static const int tabletWidth = 900;
static const int desktopWidth = 1200;
static bool isMobile(BuildContext context) =>
MediaQuery.of(context).size.width < mobileWidth;
static bool isTablet(BuildContext context) {
final width = MediaQuery.of(context).size.width;
return width >= mobileWidth && width < tabletWidth;
}
static bool isDesktop(BuildContext context) =>
MediaQuery.of(context).size.width >= tabletWidth;
@override
Widget build(BuildContext context) {
return LayoutBuilder(
builder: (context, constraints) {
if (constraints.maxWidth < mobileWidth && watch != null) {
return watch!;
}
if (constraints.maxWidth < tabletWidth) {
return mobile;
}
if (constraints.maxWidth < desktopWidth) {
return tablet ?? mobile;
}
return desktop ?? tablet ?? mobile;
},
);
}
}
// Usage
ResponsiveLayout(
mobile: MobileView(),
tablet: TabletView(),
desktop: DesktopView(),
)
```
### 2. Adaptive Widgets
```dart
// lib/shared/widgets/adaptive/adaptive_scaffold.dart
class AdaptiveScaffold extends StatelessWidget {
const AdaptiveScaffold({
super.key,
required this.title,
required this.body,
this.actions = const [],
this.floatingActionButton,
});
final String title;
final Widget body;
final List<Widget> actions;
final Widget? floatingActionButton;
@override
Widget build(BuildContext context) {
if (Platform.isIOS) {
return CupertinoPageScaffold(
navigationBar: CupertinoNavigationBar(
middle: Text(title),
trailing: Row(children: actions),
),
child: body,
);
}
return Scaffold(
appBar: AppBar(
title: Text(title),
actions: actions,
),
body: body,
floatingActionButton: floatingActionButton,
);
}
}
```
## List Patterns
### 1. ListView with Pagination
```dart
// lib/features/product/presentation/pages/product_list_page.dart
class ProductListView extends ConsumerStatefulWidget {
const ProductListView({super.key});
@override
ConsumerState<ProductListView> createState() => _ProductListViewState();
}
class _ProductListViewState extends ConsumerState<ProductListView> {
final _scrollController = ScrollController();
@override
void initState() {
super.initState();
_scrollController.addListener(_onScroll);
// Initial load
Future.microtask(() => ref.read(productsProvider.notifier).fetchProducts());
}
@override
void dispose() {
_scrollController.dispose();
super.dispose();
}
void _onScroll() {
if (_isBottom) {
ref.read(productsProvider.notifier).fetchMore();
}
}
bool get _isBottom {
if (!_scrollController.hasClients) return false;
final maxScroll = _scrollController.position.maxScrollExtent;
final currentScroll = _scrollController.offset;
return currentScroll >= (maxScroll * 0.9);
}
@override
Widget build(BuildContext context) {
final state = ref.watch(productsProvider);
return ListView.builder(
controller: _scrollController,
itemCount: state.products.length + (state.hasReachedMax ? 0 : 1),
itemBuilder: (context, index) {
if (index >= state.products.length) {
return const Center(child: CircularProgressIndicator());
}
return ProductTile(product: state.products[index]);
},
);
}
}
```
### 2. Animated List
```dart
// lib/shared/widgets/animated/animated_list_view.dart
class AnimatedListView<T> extends StatelessWidget {
const AnimatedListView({
super.key,
required this.items,
required this.itemBuilder,
this.onRemove,
});
final List<T> items;
final Widget Function(BuildContext, T, int) itemBuilder;
final void Function(T)? onRemove;
@override
Widget build(BuildContext context) {
return AnimatedList(
initialItemCount: items.length,
itemBuilder: (context, index, animation) {
return SlideTransition(
position: Tween<Offset>(
begin: const Offset(-1, 0),
end: Offset.zero,
).animate(CurvedAnimation(
parent: animation,
curve: Curves.easeOut,
)),
child: itemBuilder(context, items[index], index),
);
},
);
}
}
```
## Form Patterns
### 1. Form with Validation
```dart
// lib/features/auth/presentation/pages/register_page.dart
class RegisterPage extends StatelessWidget {
const RegisterPage({super.key});
@override
Widget build(BuildContext context) {
return Scaffold(
body: SingleChildScrollView(
padding: const EdgeInsets.all(16),
child: _RegisterForm(),
),
);
}
}
class _RegisterForm extends StatefulWidget {
@override
State<_RegisterForm> createState() => _RegisterFormState();
}
class _RegisterFormState extends State<_RegisterForm> {
final _formKey = GlobalKey<FormState>();
final _nameController = TextEditingController();
final _emailController = TextEditingController();
final _passwordController = TextEditingController();
@override
void dispose() {
_nameController.dispose();
_emailController.dispose();
_passwordController.dispose();
super.dispose();
}
Future<void> _submit() async {
if (!_formKey.currentState!.validate()) return;
// Submit form
}
@override
Widget build(BuildContext context) {
return Form(
key: _formKey,
child: Column(
children: [
TextFormField(
controller: _nameController,
decoration: const InputDecoration(
labelText: 'Name',
prefixIcon: Icon(Icons.person),
),
validator: (value) {
if (value == null || value.isEmpty) {
return 'Name is required';
}
if (value.length < 2) {
return 'Name must be at least 2 characters';
}
return null;
},
),
const SizedBox(height: 16),
TextFormField(
controller: _emailController,
decoration: const InputDecoration(
labelText: 'Email',
prefixIcon: Icon(Icons.email),
),
keyboardType: TextInputType.emailAddress,
validator: (value) {
if (value == null || value.isEmpty) {
return 'Email is required';
}
if (!value.contains('@')) {
return 'Invalid email format';
}
return null;
},
),
const SizedBox(height: 16),
TextFormField(
controller: _passwordController,
decoration: const InputDecoration(
labelText: 'Password',
prefixIcon: Icon(Icons.lock),
),
obscureText: true,
validator: (value) {
if (value == null || value.isEmpty) {
return 'Password is required';
}
if (value.length < 8) {
return 'Password must be at least 8 characters';
}
return null;
},
),
const SizedBox(height: 24),
SizedBox(
width: double.infinity,
child: ElevatedButton(
onPressed: _submit,
child: const Text('Register'),
),
),
],
),
);
}
}
```
## Custom Widgets
### Loading Shimmer
```dart
// lib/shared/widgets/loading/shimmer_loading.dart
class ShimmerLoading extends StatelessWidget {
const ShimmerLoading({
super.key,
required this.child,
this.baseColor,
this.highlightColor,
});
final Widget child;
final Color? baseColor;
final Color? highlightColor;
@override
Widget build(BuildContext context) {
return Shimmer.fromColors(
baseColor: baseColor ?? Colors.grey[300]!,
highlightColor: highlightColor ?? Colors.grey[100]!,
child: child,
);
}
}
class ProductSkeleton extends StatelessWidget {
@override
Widget build(BuildContext context) {
return Card(
child: Padding(
padding: const EdgeInsets.all(16),
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Container(
width: double.infinity,
height: 200,
color: Colors.white,
),
const SizedBox(height: 8),
Container(
width: 200,
height: 20,
color: Colors.white,
),
const SizedBox(height: 8),
Container(
width: 100,
height: 16,
color: Colors.white,
),
],
),
),
);
}
}
```
### Empty State
```dart
// lib/shared/widgets/empty_state.dart
class EmptyState extends StatelessWidget {
const EmptyState({
super.key,
required this.message,
this.icon,
this.action,
});
final String message;
final IconData? icon;
final Widget? action;
@override
Widget build(BuildContext context) {
return Center(
child: Padding(
padding: const EdgeInsets.all(32),
child: Column(
mainAxisAlignment: MainAxisAlignment.center,
children: [
Icon(
icon ?? Icons.inbox_outlined,
size: 64,
color: Theme.of(context).colorScheme.outline,
),
const SizedBox(height: 16),
Text(
message,
style: Theme.of(context).textTheme.bodyLarge,
textAlign: TextAlign.center,
),
if (action != null) ...[
const SizedBox(height: 24),
action!,
],
],
),
),
);
}
}
```
## Performance Tips
### 1. Use const Constructors
```dart
// ✅ Good
const UserCard({
super.key,
required this.user,
});
// ❌ Bad
UserCard({
super.key,
required this.user,
}) {
// No const
}
```
### 2. Use ListView.builder for Long Lists
```dart
// ✅ Good
ListView.builder(
itemCount: items.length,
itemBuilder: (context, index) => ItemTile(item: items[index]),
)
// ❌ Bad
ListView(
children: items.map((i) => ItemTile(item: i)).toList(),
)
```
### 3. Avoid Unnecessary Rebuilds
```dart
// ✅ Good - use Selector
class ProductPrice extends StatelessWidget {
const ProductPrice({super.key, required this.productId});
final String productId;
@override
Widget build(BuildContext context) {
return Consumer(
builder: (context, ref, child) {
// Only rebuilds when price changes
final price = ref.watch(
productProvider(productId).select((p) => p.price),
);
return Text('\$${price.toStringAsFixed(2)}');
},
);
}
}
// ❌ Bad - rebuilds on any state change
Consumer(
builder: (context, ref, child) {
final product = ref.watch(productProvider(productId));
return Text('\$${product.price}');
},
)
```
## See Also
- `flutter-state` - State management patterns
- `flutter-navigation` - go_router and navigation
- `flutter-testing` - Widget testing patterns

680
.kilo/skills/html-to-flutter/SKILL.md Normal file
View File

@@ -0,0 +1,680 @@
# HTML to Flutter Conversion Skill
Convert HTML templates and CSS styles to Flutter widgets for mobile app development.
## Overview
This skill provides patterns for converting HTML templates to Flutter widgets, including:
- HTML parsing and analysis
- CSS style mapping to Flutter
- Widget tree generation
- Template-based code output
- Responsive layout conversion
## Use Case
**Input**: HTML templates + CSS from web application
**Output**: Flutter widgets (StatelessWidget, StatefulWidget)
## Conversion Strategy
### 1. HTML Parsing
```dart
import 'package:html/parser.dart' show parse;
import 'package:html/dom.dart' as dom;
// Parse HTML string
HtmlParser.htmlToWidget('''
<div class="container">
<h1>Title</h1>
<p class="description">Description text</p>
</div>
''');
```
### 2. HTML to Widget Mapping
| HTML Element | Flutter Widget |
|--------------|----------------|
| `<div>` | Container, Column, Row |
| `<span>` | Text, RichText |
| `<p>` | Text with padding |
| `<h1>`-`<h6>` | Text with TextStyle headings |
| `<img>` | Image, CachedNetworkImage |
| `<a>` | GestureDetector + Text (or InkWell) |
| `<ul>`/`<ol>` | Column with ListView children |
| `<li>` | Row with bullet point |
| `<table>` | Table widget |
| `<input>` | TextFormField |
| `<button>` | ElevatedButton, TextButton |
| `<form>` | Form widget |
| `<nav>` | BottomNavigationBar, Drawer |
| `<header>` | Container in Stack |
| `<footer>` | Container in Stack |
| `<section>` | Container, Column |
### 3. CSS to Flutter Style Mapping
| CSS Property | Flutter Property |
|--------------|------------------|
| `color` | TextStyle.color |
| `font-size` | TextStyle.fontSize |
| `font-weight` | TextStyle.fontWeight |
| `font-family` | TextStyle.fontFamily |
| `background-color` | Container decoration |
| `margin` | Container margin |
| `padding` | Container padding |
| `border-radius` | Decoration.borderRadius |
| `border` | Decoration.border |
| `width` | Container.width, SizedBox.width |
| `height` | Container.height, SizedBox.height |
| `display: flex` | Row or Column |
| `flex-direction: column` | Column |
| `flex-direction: row` | Row |
| `justify-content: center` | MainAxisAlignment.center |
| `align-items: center` | CrossAxisAlignment.center |
| `position: absolute` | Stack + Positioned |
| `position: relative` | Stack or Container |
| `overflow: hidden` | ClipRRect |
## Implementation Patterns
### Pattern 1: Template Parsing
```dart
// lib/core/utils/html_parser.dart
class HtmlToFlutterConverter {
final Map<String, dynamic> _styleMap = {};
Widget convert(String html) {
final document = parse(html);
final body = document.body;
if (body == null) return const SizedBox.shrink();
return _convertNode(body);
}
Widget _convertNode(dom.Node node) {
if (node is dom.Text) {
return Text(node.text);
}
if (node is dom.Element) {
switch (node.localName) {
case 'div':
return _convertDiv(node);
case 'p':
return _convertParagraph(node);
case 'h1':
case 'h2':
case 'h3':
case 'h4':
case 'h5':
case 'h6':
return _convertHeading(node);
case 'img':
return _convertImage(node);
case 'a':
return _convertLink(node);
case 'ul':
return _convertUnorderedList(node);
case 'ol':
return _convertOrderedList(node);
case 'button':
return _convertButton(node);
case 'input':
return _convertInput(node);
default:
return _convertContainer(node);
}
}
return const SizedBox.shrink();
}
Widget _convertDiv(dom.Element element) {
final children = element.nodes
.map((n) => _convertNode(n))
.toList();
// Check for flex布局
final style = _parseStyle(element.attributes['style'] ?? '');
if (style['display'] == 'flex') {
final direction = style['flex-direction'] == 'column'
? Axis.vertical
: Axis.horizontal;
return Flex(
direction: direction,
mainAxisAlignment: _parseMainAxisAlignment(style),
crossAxisAlignment: _parseCrossAxisAlignment(style),
children: children,
);
}
return Container(
padding: _parsePadding(style),
margin: _parseMargin(style),
decoration: _parseDecoration(style),
child: Column(children: children),
);
}
Map<String, String> _parseStyle(String styleString) {
final map = <String, String>{};
for (final pair in styleString.split(';')) {
final parts = pair.split(':');
if (parts.length == 2) {
map[parts[0].trim()] = parts[1].trim();
}
}
return map;
}
}
```
### Pattern 2: Flutter HTML Package (Runtime)
```dart
import 'package:flutter_html/flutter_html.dart';
class HtmlContentView extends StatelessWidget {
final String htmlContent;
const HtmlContentView({super.key, required this.htmlContent});
@override
Widget build(BuildContext context) {
return Html(
data: htmlContent,
style: {
'h1': Style(
fontSize: FontSize(24),
fontWeight: FontWeight.bold,
margin: Margins.only(bottom: 16),
),
'h2': Style(
fontSize: FontSize(20),
fontWeight: FontWeight.w600,
margin: Margins.only(bottom: 12),
),
'p': Style(
fontSize: FontSize(16),
lineHeight: LineHeight(1.5),
margin: Margins.only(bottom: 8),
),
'a': Style(
color: Theme.of(context).primaryColor,
textDecoration: TextDecoration.underline,
),
},
extensions: [
TagExtension(
tagsToExtend: {'custom'},
builder: (extensionContext) {
return YourCustomWidget(
content: extensionContext.innerHtml,
);
},
),
],
onLinkTap: (url, attributes, element) {
// Handle link tap
launchUrl(Uri.parse(url!));
},
);
}
}
```
### Pattern 3: Design-Time Conversion
```dart
// Generate Flutter code from HTML template
class FlutterCodeGenerator {
String generateFromHtml(String html, {String className = 'GeneratedWidget'}) {
final buffer = StringBuffer();
buffer.writeln('class $className extends StatelessWidget {');
buffer.writeln(' const $className({super.key});');
buffer.writeln();
buffer.writeln(' @override');
buffer.writeln(' Widget build(BuildContext context) {');
buffer.writeln(' return ${_generateWidgetCode(html)};');
buffer.writeln(' }');
buffer.writeln('}');
return buffer.toString();
}
String _generateWidgetCode(String html) {
final document = parse(html);
// Flatten common structures
// Generate optimized widget tree
return _nodeToCode(document.body!);
}
String _nodeToCode(dom.Node node) {
if (node is dom.Text) {
return "const Text('${_escape(node.text)}')";
}
final element = node as dom.Element;
final children = element.nodes.map(_nodeToCode).toList();
switch (element.localName) {
case 'div':
return 'Column(children: [${children.join(',')}])';
case 'p':
return 'Container(padding: const EdgeInsets.all(8), child: Text("${element.text}"))';
case 'h1':
return 'Text("${element.text}", style: Theme.of(context).textTheme.headlineLarge)';
case 'img':
return "Image.network('${element.attributes['src']}')";
default:
return 'Container(child: Column(children: [${children.join(',')}]))';
}
}
}
```
### Pattern 4: CSS to Flutter TextStyle
```dart
class CssToTextStyle {
static TextStyle convert(String css) {
final properties = _parseCss(css);
return TextStyle(
color: _parseColor(properties['color']),
fontSize: _parseFontSize(properties['font-size']),
fontWeight: _parseFontWeight(properties['font-weight']),
fontFamily: properties['font-family'],
decoration: _parseTextDecoration(properties['text-decoration']),
letterSpacing: _parseLength(properties['letter-spacing']),
wordSpacing: _parseLength(properties['word-spacing']),
height: _parseLineHeight(properties['line-height']),
);
}
static Color? _parseColor(String? value) {
if (value == null) return null;
// Handle hex colors
if (value.startsWith('#')) {
final hex = value.substring(1);
return Color(int.parse(hex, radix: 16) + 0xFF000000);
}
// Handle rgb/rgba
if (value.startsWith('rgb')) {
final match = RegExp(r'rgba?\((\d+),\s*(\d+),\s*(\d+)')
.firstMatch(value);
if (match != null) {
return Color.fromARGB(
255,
int.parse(match.group(1)!),
int.parse(match.group(2)!),
int.parse(match.group(3)!),
);
}
}
// Handle named colors
return _namedColors[value];
}
static double? _parseFontSize(String? value) {
if (value == null) return null;
final match = RegExp(r'(\d+(?:\.\d+)?)(px|rem|em)').firstMatch(value);
if (match == null) return null;
final size = double.parse(match.group(1)!);
final unit = match.group(2);
switch (unit) {
case 'rem':
return size * 16; // Assuming 1rem = 16px
case 'em':
return size * 14; // Assuming base
default:
return size;
}
}
}
```
### Pattern 5: Responsive Layout Conversion
```dart
// Convert CSS flexbox/grid to Flutter
class LayoutConverter {
Widget convertFlexbox(Map<String, String> css) {
final direction = css['flex-direction'] == 'column'
? Axis.vertical
: Axis.horizontal;
final mainAxisAlignment = _parseJustifyContent(css['justify-content']);
final crossAxisAlignment = _parseAlignItems(css['align-items']);
final gap = _parseGap(css['gap']);
return Flex(
direction: direction,
mainAxisAlignment: mainAxisAlignment,
crossAxisAlignment: crossAxisAlignment,
children: [
// Add gap between children
if (gap != null) ...[
// Apply gap using SizedBox or Container
],
],
);
}
MainAxisAlignment _parseJustifyContent(String? value) {
switch (value) {
case 'center':
return MainAxisAlignment.center;
case 'flex-start':
return MainAxisAlignment.start;
case 'flex-end':
return MainAxisAlignment.end;
case 'space-between':
return MainAxisAlignment.spaceBetween;
case 'space-around':
return MainAxisAlignment.spaceAround;
case 'space-evenly':
return MainAxisAlignment.spaceEvenly;
default:
return MainAxisAlignment.start;
}
}
CrossAxisAlignment _parseAlignItems(String? value) {
switch (value) {
case 'center':
return CrossAxisAlignment.center;
case 'flex-start':
return CrossAxisAlignment.start;
case 'flex-end':
return CrossAxisAlignment.end;
case 'stretch':
return CrossAxisAlignment.stretch;
case 'baseline':
return CrossAxisAlignment.baseline;
default:
return CrossAxisAlignment.center;
}
}
}
```
## Common Conversions
### Form Element
```html
<!-- HTML -->
<form class="login-form">
<input type="email" placeholder="Email" required>
<input type="password" placeholder="Password" required>
<button type="submit">Login</button>
</form>
```
```dart
// Flutter
class LoginForm extends StatelessWidget {
const LoginForm({super.key});
@override
Widget build(BuildContext context) {
return Form(
child: Column(
children: [
TextFormField(
decoration: const InputDecoration(
hintText: 'Email',
),
keyboardType: TextInputType.emailAddress,
validator: (value) {
if (value == null || value.isEmpty) {
return 'Email is required';
}
return null;
},
),
const SizedBox(height: 16),
TextFormField(
decoration: const InputDecoration(
hintText: 'Password',
),
obscureText: true,
validator: (value) {
if (value == null || value.length < 8) {
return 'Password must be at least 8 characters';
}
return null;
},
),
const SizedBox(height: 24),
ElevatedButton(
onPressed: () {
// Handle login
},
child: const Text('Login'),
),
],
),
);
}
}
```
### Navigation Bar
```html
<!-- HTML -->
<nav class="navbar">
<a href="/" class="nav-link">Home</a>
<a href="/products" class="nav-link">Products</a>
<a href="/about" class="nav-link">About</a>
</nav>
```
```dart
// Flutter
class NavBar extends StatelessWidget {
const NavBar({super.key});
@override
Widget build(BuildContext context) {
return BottomNavigationBar(
items: const [
BottomNavigationBarItem(
icon: Icon(Icons.home),
label: 'Home',
),
BottomNavigationBarItem(
icon: Icon(Icons.shopping_bag),
label: 'Products',
),
BottomNavigationBarItem(
icon: Icon(Icons.info),
label: 'About',
),
],
onTap: (index) {
switch (index) {
case 0:
context.go('/');
case 1:
context.go('/products');
case 2:
context.go('/about');
}
},
);
}
}
```
### Card Layout
```html
<!-- HTML -->
<div class="card">
<img src="image.jpg" alt="Card image" class="card-image">
<div class="card-body">
<h3 class="card-title">Title</h3>
<p class="card-text">Description text</p>
</div>
</div>
```
```dart
// Flutter
class CardWidget extends StatelessWidget {
const CardWidget({
super.key,
required this.imageUrl,
required this.title,
required this.description,
});
final String imageUrl;
final String title;
final String description;
@override
Widget build(BuildContext context) {
return Card(
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Image.network(
imageUrl,
fit: BoxFit.cover,
width: double.infinity,
height: 200,
),
Padding(
padding: const EdgeInsets.all(16),
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text(
title,
style: Theme.of(context).textTheme.titleLarge,
),
const SizedBox(height: 8),
Text(
description,
style: Theme.of(context).textTheme.bodyMedium,
),
],
),
),
],
),
);
}
}
```
## Best Practices
### ✅ Do
```dart
// Use flutter_html for runtime HTML rendering
Html(data: htmlContent, style: {'p': Style(fontSize: FontSize(16))});
// Use const constructors for static widgets
const Text('Static content');
const SizedBox(height: 16);
// Generate code at design time for complex templates
class GeneratedFromHtml extends StatelessWidget {
// Optimized widget tree
}
// Use CachedNetworkImage for images from HTML
CachedNetworkImage(
imageUrl: imageUrl,
placeholder: (context, url) => const CircularProgressIndicator(),
errorWidget: (context, url, error) => const Icon(Icons.error),
);
```
### ❌ Don't
```dart
// Don't parse HTML on every build in StatelessWidget
Widget build(BuildContext context) {
final document = parse(htmlString); // Expensive!
return _convert(document);
}
// Don't use setState for HTML content that doesn't change
setState(() {
_htmlContent = html; // Unnecessary rebuild
});
// Don't inline complex HTML parsing
Html(data: '<div>...</div>'); // Better to cache or pre-convert
```
## Integration with flutter-developer Agent
When HTML templates are provided as input:
1. **Analyze HTML structure** - Identify components, layouts, styles
2. **Generate Flutter code** - Convert to StatefulWidget/StatelessWidget
3. **Apply business logic** - Add state management, event handlers
4. **Implement responsive design** - Convert to LayoutBuilder/MediaQuery
5. **Add accessibility** - Ensure semantics are preserved
## Tools
### Required Packages
```yaml
dependencies:
flutter_html: ^3.0.0 # Runtime HTML rendering
html: ^0.15.6 # HTML parsing
cached_network_image: ^3.3.0 # Image caching
dev_dependencies:
build_runner: ^2.4.0 # Code generation
freezed: ^3.2.5 # Immutable models
```
### CLI Commands
```bash
# Analyze HTML template
flutter analyze lib/templates/
# Run code generation
flutter pub run build_runner watch
# Run tests
flutter test test/templates/
# Build for production
flutter build apk --release
flutter build ios --release
```
## See Also
- `flutter-widgets` - Widget patterns and best practices
- `flutter-state` - State management patterns
- `flutter-navigation` - Navigation patterns
- `flutter-network` - API integration patterns
## References
- flutter_html package: https://pub.dev/packages/flutter_html
- html package: https://pub.dev/packages/html
- Flutter Layout Cheat Sheet: https://medium.com/flutter-community/flutter-layout-cheat-sheet-5999e5bb38ab

61
AGENTS.md
View File

@@ -38,6 +38,8 @@ These agents are invoked automatically by `/pipeline` or manually via `@mention`
| `@lead-developer` | Implements code | Status: testing (tests fail) |
| `@frontend-developer` | UI implementation | When UI work needed |
| `@backend-developer` | Node.js/Express/APIs | When backend needed |
| `@flutter-developer` | Flutter mobile apps | When mobile development |
| `@go-developer` | Go backend services | When Go backend needed |
### Quality Assurance
| Agent | Role | When Invoked |
@@ -223,6 +225,65 @@ const runner = await createPipelineRunner({
await runner.run({ issueNumber: 42 })
```
## Agent Evolution Dashboard
Track agent model changes, performance, and recommendations in real-time.
### Access
```bash
# Sync agent data
bun run sync:evolution
# Open dashboard
bun run evolution:dashboard
bun run evolution:open
# or visit http://localhost:3001
```
### Dashboard Tabs
| Tab | Description |
|-----|-------------|
| **Overview** | Stats, recent changes, pending recommendations |
| **All Agents** | Filterable agent cards with history |
| **Timeline** | Full evolution history |
| **Recommendations** | Priority-based model suggestions |
| **Model Matrix** | Agent × Model mapping with fit scores |
### Data Sources
| Source | What it tracks |
|--------|----------------|
| `.kilo/agents/*.md` | Model, description, capabilities |
| `.kilo/kilo.jsonc` | Model assignments |
| `.kilo/capability-index.yaml` | Capability routing |
| Git History | Model and prompt changes |
| Gitea Comments | Performance scores |
### Evolution Data Structure
```json
{
"agents": {
"lead-developer": {
"current": { "model": "qwen3-coder:480b", "fit_score": 92 },
"history": [{ "type": "model_change", "from": "deepseek", "to": "qwen3" }],
"performance_log": [{ "issue": 42, "score": 8, "success": true }]
}
}
}
```
### Recommendations Priority
| Priority | When | Example |
|----------|------|---------|
| **Critical** | Fit score < 70 | Immediate model change required |
| **High** | Model unavailable | Switch to fallback |
| **Medium** | Better model available | Consider upgrade |
| **Low** | Optimization possible | Optional improvement |
## Code Style
- Use TypeScript for new files

BIN
data/tenerifeprop.db
View File

Binary file not shown.

12
src/server/index.ts
View File

@@ -199,7 +199,14 @@ app.get('/admin/js/*', (c) => {
})
// CSRF protection - only for API routes, not static files
app.use('/api/*', csrf())
// Exclude auth/logout from CSRF since it's safe (no state change that needs protection)
app.use('/api/*', async (c, next) => {
// Skip CSRF for logout endpoint
if (c.req.path === '/api/auth/logout') {
return next()
}
return csrf()(c, next)
})
// CSRF token endpoint for forms
app.get('/api/csrf-token', (c) => {
@@ -739,7 +746,7 @@ app.post('/api/auth/login', authRateLimit, async (c) => {
})
} catch (error) {
console.error('Login error:', error)
return c.json({ success: false, error: 'Authentication failed' }, 500)
return c.json({ success: false, error: 'Authentication failed', details: error instanceof Error ? error.message : 'Unknown error' }, 500)
}
})
@@ -1188,6 +1195,7 @@ app.get('/api/admin/stats', requireAdmin, (c) => {
// Serve static files and SPA routes
app.get('/property/*', serveStatic({ path: './public/property.html' }))
app.get('/admin/*', serveStatic({ path: './public/admin.html' }))
app.get('/login.html', serveStatic({ path: './public/login.html' }))
// Serve index.html for all other routes
app.get('*', serveStatic({ path: './public/index.html' }))