Templates

# Project: acme-api

## Stack
- Node 22, TypeScript (strict, ESM), Fastify, Postgres via Prisma.

## Commands
- Install: `npm ci`
- Dev: `npm run dev`
- Test: `npm test` (vitest). Run before every commit.
- Lint/format: `npm run lint` and `npm run format`.

## Conventions
- Prefer pure functions; keep side effects at the edges.
- All new code needs tests. No `any` without a written reason.
- Never commit secrets; use `.env` and `process.env`.

## Out of scope for the agent
- Do not run database migrations against production.
- Do not edit files under `vendor/`.

---
name: code-reviewer
description: Reviews staged changes for bugs, security issues, and style. Use proactively before commits.
tools: Read, Grep, Glob, Bash
model: sonnet
---

You are a meticulous senior code reviewer.

When invoked:
1. Run `git diff --staged` to see the changes.
2. Flag correctness bugs, security issues, and missing tests first.
3. Group feedback by severity. Cite file and line. Be concise and specific.

Never modify files yourself — report findings only.

---
description: Draft a changelog entry from recent commits.
argument-hint: [version]
allowed-tools: Bash(git log:*), Read
---

Summarize the commits since the last tag into a changelog for version $1.

Recent history:
!`git log --oneline -n 30`

Group entries under Added / Changed / Fixed. Keep it terse.

{
  "model": "sonnet",
  "includeCoAuthoredBy": true,
  "permissions": {
    "allow": ["Read", "Edit", "Bash(npm test:*)", "Bash(git status)"],
    "deny": ["Bash(rm:*)"]
  },
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [
          { "type": "command", "command": "npm run format", "timeout": 60 }
        ]
      }
    ]
  }
}

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem@2025.1.14", "./"]
    },
    "internal-api": {
      "type": "http",
      "url": "https://mcp.internal.example.com",
      "headers": { "Authorization": "${INTERNAL_MCP_TOKEN}" }
    }
  }
}

# AGENTS.md

## Stack
- Go 1.23, chi router, sqlc + Postgres.

## Build & test
- Build: `make build`
- Test: `go test ./...` — run before opening a PR.

## Conventions
- Wrap errors with %w; never panic in request handlers.
- Keep handlers thin; put logic in the service layer.
- Read secrets from the environment — never hardcode them.

---
name: security-auditor
description: Audits changes for security issues — injection, authz gaps, unsafe secret handling. Use before merging auth or input-handling code.
tools: Read, Grep, Glob
model: opus
---

You are a security auditor. For the changes in scope:
1. Check input validation, authentication/authorization, and secret handling.
2. Flag injection, SSRF, path traversal, and unsafe deserialization.
3. Report each issue with file:line, a severity, and a concrete fix.

Report findings only — never modify code yourself.

---
name: test-author
description: Writes focused unit tests for changed code. Use after implementing a feature or fixing a bug.
tools: Read, Edit, Bash
model: sonnet
---

You write tests, not implementation.
1. Read the changed code and its existing tests.
2. Add tests for the happy path, edge cases, and regressions.
3. Keep tests deterministic and fast; run them and report results.

---
description: Stage-aware commit — drafts a conventional-commit message from the staged diff.
allowed-tools: Bash(git add:*), Bash(git commit:*), Bash(git status:*), Bash(git diff:*)
---

Review the staged changes and write a concise conventional-commit message, then commit.

Staged summary:
!`git diff --staged --stat`

---
name: pdf-extract
description: Extract text and tables from PDF files and fill PDF forms. Use when the user mentions PDFs, extracting document data, or filling forms.
license: MIT
allowed-tools: Read, Bash(python3:*)
---

# PDF Extract

Extract text and tabular data from PDFs, and fill simple AcroForm fields.

## How to use

1. Confirm the target file is a PDF.
2. Extract text with `pdfplumber`:
   ```python
   import pdfplumber
   with pdfplumber.open("document.pdf") as pdf:
       text = pdf.pages[0].extract_text()
   ```
3. For tables, use `page.extract_tables()`.

For form filling and edge cases, see [references/FORMS.md](references/FORMS.md).

---
name: conventional-commits
description: Draft Conventional Commits messages from a staged diff. Use when committing changes or when the user asks for a commit message.
license: MIT
version: "1.0.0"
allowed-tools: Bash(git diff:*), Bash(git status:*)
---

# Conventional Commits

Write a single Conventional Commits message for the staged changes.

## Process

1. Read the staged diff: `git diff --staged`.
2. Pick a type: `feat`, `fix`, `docs`, `refactor`, `test`, `chore`.
3. Write `type(scope): summary` in the imperative mood, ≤ 72 chars.
4. Add a body only when the change needs rationale.

Never include secrets or file dumps in the message.