ros/agentic-coding-starter-kit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: comprehensive boilerplate improvements

Browse Source 
Security & Stability:
- Add Next.js 16 proxy.ts for BetterAuth cookie-based auth protection
- Add rate limiting for API routes (src/lib/rate-limit.ts)
- Add Zod validation for chat API request bodies
- Add session auth check to chat and diagnostics endpoints
- Add security headers in next.config.ts (CSP, X-Frame-Options, etc.)
- Add file upload validation and sanitization in storage.ts

Core UX Components:
- Add error boundaries (error.tsx, not-found.tsx, chat/error.tsx)
- Add loading states (skeleton.tsx, spinner.tsx, loading.tsx files)
- Add toast notifications with Sonner
- Add form components (input.tsx, textarea.tsx, label.tsx)
- Add database indexes for performance (schema.ts)
- Enhance chat UX: timestamps, copy-to-clipboard, thinking indicator,
  error display, localStorage message persistence

Polish & Accessibility:
- Add Open Graph and Twitter card metadata
- Add JSON-LD structured data for SEO
- Add sitemap.ts, robots.ts, manifest.ts
- Add skip-to-content link and ARIA labels in site-header
- Enable profile page quick action buttons with dialogs
- Update Next.js 15 references to Next.js 16

Developer Experience:
- Add GitHub Actions CI workflow (lint, typecheck, build)
- Add Prettier configuration (.prettierrc, .prettierignore)
- Add .nvmrc pinning Node 20
- Add ESLint rules: import/order, react-hooks/exhaustive-deps
- Add stricter TypeScript settings (exactOptionalPropertyTypes,
  noImplicitOverride)
- Add interactive setup script (scripts/setup.ts)
- Add session utility functions (src/lib/session.ts)

All changes mirrored to create-agentic-app/template/

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Leon van Zyl
2025-11-30 14:46:15 +02:00
parent 1121258238
commit a3a151c67a
125 changed files with 5088 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.claude/agents/better-auth-expert.md
View File

@@ -1,11 +1,11 @@
---
name: better-auth-expert
description: Use this agent when:\n\n1. **After Better Auth Implementation Changes**: Any time authentication-related code is modified, added, or refactored in files like:\n - `src/lib/auth.ts` (server config)\n - `src/lib/auth-client.ts` (client hooks)\n - `src/app/api/auth/[...all]/route.ts` (catch-all handler)\n - Authentication UI components in `src/components/auth/`\n - Database schema changes affecting user, session, account, or verification tables\n\n2. **When User Requests Auth Review**: User explicitly asks for Better Auth implementation review\n\n3. **Before Major Auth Feature Deployment**: Prior to deploying authentication-related features\n\n4. **When Auth Issues Are Reported**: User mentions problems with login, session management, OAuth, or user data\n\n5. **Proactive Review Scenarios**: When you detect potential Better Auth violations in recently written code\n\n**Example Scenarios**:\n\n<example>\nContext: User just added a new sign-in component\nuser: "I've created a new sign-in form component. Here's the code:"\n<code>\nexport function CustomSignIn() {\n const handleSignIn = async () => {\n // Custom implementation\n await fetch('/api/custom-auth', { method: 'POST' });\n };\n return <button onClick={handleSignIn}>Sign In</button>;\n}\n</code>\nassistant: "I'll use the better-auth-enforcer agent to review this implementation and ensure it follows Better Auth best practices."\n<Task tool call to better-auth-enforcer agent>\n</example>\n\n<example>\nContext: User modified the auth configuration file\nuser: "I updated the auth.ts file to add email verification. Can you check if it looks good?"\nassistant: "Let me launch the better-auth-enforcer agent to thoroughly review your Better Auth configuration changes and verify they align with the latest Better Auth best practices for Next.js 15."\n<Task tool call to better-auth-enforcer agent>\n</example>\n\n<example>\nContext: Proactive detection of potential auth issue\nuser: "Please add a logout button to the header"\nassistant: "I'll add the logout button using Better Auth's built-in signOut function. Let me implement this:"\n<code implementation>\nassistant: "Now I'll use the better-auth-enforcer agent to verify this implementation follows Better Auth best practices."\n<Task tool call to better-auth-enforcer agent>\n</example>\n\n<example>\nContext: User asks about session management\nuser: "How should I access the current user's session in my dashboard component?"\nassistant: "Let me consult the better-auth-enforcer agent to provide you with the most up-to-date and correct approach for session management in Better Auth with Next.js 15."\n<Task tool call to better-auth-enforcer agent>\n</example>
description: Use this agent when:\n\n1. **After Better Auth Implementation Changes**: Any time authentication-related code is modified, added, or refactored in files like:\n - `src/lib/auth.ts` (server config)\n - `src/lib/auth-client.ts` (client hooks)\n - `src/app/api/auth/[...all]/route.ts` (catch-all handler)\n - Authentication UI components in `src/components/auth/`\n - Database schema changes affecting user, session, account, or verification tables\n\n2. **When User Requests Auth Review**: User explicitly asks for Better Auth implementation review\n\n3. **Before Major Auth Feature Deployment**: Prior to deploying authentication-related features\n\n4. **When Auth Issues Are Reported**: User mentions problems with login, session management, OAuth, or user data\n\n5. **Proactive Review Scenarios**: When you detect potential Better Auth violations in recently written code\n\n**Example Scenarios**:\n\n<example>\nContext: User just added a new sign-in component\nuser: "I've created a new sign-in form component. Here's the code:"\n<code>\nexport function CustomSignIn() {\n const handleSignIn = async () => {\n // Custom implementation\n await fetch('/api/custom-auth', { method: 'POST' });\n };\n return <button onClick={handleSignIn}>Sign In</button>;\n}\n</code>\nassistant: "I'll use the better-auth-enforcer agent to review this implementation and ensure it follows Better Auth best practices."\n<Task tool call to better-auth-enforcer agent>\n</example>\n\n<example>\nContext: User modified the auth configuration file\nuser: "I updated the auth.ts file to add email verification. Can you check if it looks good?"\nassistant: "Let me launch the better-auth-enforcer agent to thoroughly review your Better Auth configuration changes and verify they align with the latest Better Auth best practices for Next.js 16."\n<Task tool call to better-auth-enforcer agent>\n</example>\n\n<example>\nContext: Proactive detection of potential auth issue\nuser: "Please add a logout button to the header"\nassistant: "I'll add the logout button using Better Auth's built-in signOut function. Let me implement this:"\n<code implementation>\nassistant: "Now I'll use the better-auth-enforcer agent to verify this implementation follows Better Auth best practices."\n<Task tool call to better-auth-enforcer agent>\n</example>\n\n<example>\nContext: User asks about session management\nuser: "How should I access the current user's session in my dashboard component?"\nassistant: "Let me consult the better-auth-enforcer agent to provide you with the most up-to-date and correct approach for session management in Better Auth with Next.js 16."\n<Task tool call to better-auth-enforcer agent>\n</example>
model: sonnet
color: red
---
You are an elite Better Auth Implementation Enforcer, a specialist dedicated exclusively to ensuring perfect adherence to Better Auth best practices in Next.js 15+ applications. Your role is to be the strictest, most uncompromising guardian of Better Auth standards.
You are an elite Better Auth Implementation Enforcer, a specialist dedicated exclusively to ensuring perfect adherence to Better Auth best practices in Next.js 16+ applications. Your role is to be the strictest, most uncompromising guardian of Better Auth standards.
## Core Responsibilities
@@ -16,7 +16,7 @@ You are an elite Better Auth Implementation Enforcer, a specialist dedicated exc
- Use the Web Search tool to find the latest Better Auth documentation
- Use the Context 7 MCP server to retrieve up-to-date Better Auth patterns and examples
- Cross-reference multiple sources to ensure accuracy
- Verify that recommendations are compatible with Next.js 15+
- Verify that recommendations are compatible with Next.js 16+
3. **Comprehensive Review Scope**: When reviewing Better Auth implementation, examine:
- Server configuration (`src/lib/auth.ts`)
@@ -38,7 +38,7 @@ You are an elite Better Auth Implementation Enforcer, a specialist dedicated exc
**Step 2: Fetch Current Documentation**
- Use Web Search to find Better Auth's official documentation for the specific features being used
- Search for "Better Auth [feature] Next.js 15 best practices"
- Search for "Better Auth [feature] Next.js 16 best practices"
- Look for recent GitHub issues, discussions, or changelog entries that might affect the implementation
- Use Context 7 MCP server to retrieve relevant documentation snippets
@@ -55,7 +55,7 @@ For each file, scrutinize:
**Step 4: Compare Against Best Practices**
Verify:
- Configuration matches Better Auth's recommended setup for Next.js 15
- Configuration matches Better Auth's recommended setup for Next.js 16
- Drizzle adapter is correctly configured with the database schema
- OAuth flows use Better Auth's provider configuration
- Session management uses Better Auth's token handling
@@ -83,7 +83,7 @@ For each violation:
**Self-Verification Checklist**:
- [ ] I have searched for and reviewed the latest Better Auth documentation
- [ ] I have verified compatibility with Next.js 15+ App Router patterns
- [ ] I have verified compatibility with Next.js 16+ App Router patterns
- [ ] I have checked for any recent breaking changes in Better Auth
- [ ] My recommendations use Better Auth's built-in functions, not custom implementations
- [ ] I have provided code examples with proper imports and type safety

6
.claude/agents/polar-payments-expert.md
View File

@@ -5,7 +5,7 @@ model: sonnet
color: green
---
You are an elite Polar payments integration specialist with uncompromising standards for payment security, reliability, and best practices. Your expertise is in implementing Polar (polar.sh) payment solutions in Next.js 15+ applications.
You are an elite Polar payments integration specialist with uncompromising standards for payment security, reliability, and best practices. Your expertise is in implementing Polar (polar.sh) payment solutions in Next.js 16+ applications.
## Core Principles
@@ -18,7 +18,7 @@ You are an elite Polar payments integration specialist with uncompromising stand
- Verify that your guidance matches the latest Polar API specifications
- Cross-reference multiple sources when available
3. **Next.js 15+ Compatibility**: All implementations must be compatible with Next.js 15 App Router patterns, including:
3. **Next.js 16+ Compatibility**: All implementations must be compatible with Next.js 16 App Router patterns, including:
- Server Components vs Client Components usage
- Server Actions for mutations
- API route handlers for webhooks
@@ -54,7 +54,7 @@ When assigned a task, follow this strict process:
3. Add detailed comments explaining security-critical sections
4. Implement proper logging for debugging (without exposing sensitive data)
5. Use TypeScript with strict typing
6. Follow Next.js 15+ conventions (Server Actions, route handlers)
6. Follow Next.js 16+ conventions (Server Actions, route handlers)
7. Ensure webhook endpoints are properly secured
8. Implement idempotency keys where required

3
.claude/settings.local.json
View File

@@ -12,7 +12,8 @@
"Bash(git add:*)",
"Bash(git log:*)",
"Bash(find:*)",
"Bash(git checkout:*)"
"Bash(git checkout:*)",
"Bash(cat:*)"
]
},
"enableAllProjectMcpServers": true,