AgentSkillsCN

frontend-backend-rules

针对 Next.js 16+/React 19+/Tailwind v4 前端与 Python 3.13+/FastAPI/Firebase 异步后端的全栈开发,制定全面的编码规范。适用于编写、审查或调试前端或后端代码时使用。涵盖类型安全、架构设计、状态管理、安全性、性能、测试,以及禁止使用的编码模式。

SKILL.md
--- frontmatter
name: frontend-backend-rules
description: Comprehensive coding rules for full-stack development with Next.js 16+/React 19+/Tailwind v4 frontend and Python 3.13+/FastAPI/Firebase async-first backend. Use when writing, reviewing, or debugging frontend or backend code. Covers type safety, architecture, state management, security, performance, testing, and forbidden patterns.

Frontend & Backend Coding Rules

Quick Navigation

DomainReference Files
Frontendreferences/frontend-rules/ - 16 files covering TypeScript, React, Next.js, state management, styling, security, testing
Backendreferences/python-rules/ - 19 files covering async, FastAPI, Firebase, error handling, security, multi-tenancy, testing

Frontend Rules Summary (TypeScript/Next.js 16+/React 19+)

Read detailed rules: references/frontend-rules/01-overview.md

Critical Patterns

TopicDo ✅Don't ❌
TypesExplicit annotations, strict modeany type, implicit types
ComponentsFunctional, single responsibilityClass components, props drilling >2
DataTanStack Query, Server ComponentsuseEffect for fetching, Zustand for server state
Formsreact-hook-form + ZoduseState for forms, skip server validation
StylingTailwind v4, shadcn/uiCSS-in-JS libraries
ExportsNamed exportsDefault exports

Frontend References

FileWhen to Read
02-typescript-type-safety.mdWriting types, interfaces, generics
03-react-architecture.mdComponent design, props, composition
04-server-components-actions.mdServer Components, Server Actions, async params
05-state-management.mdChoosing state solution, Zustand, Context
06-data-fetching.mdTanStack Query, caching, invalidation
07-form-handling.mdreact-hook-form, Zod validation
08-styling-design-system.mdTailwind v4, CSS variables, theming
09-performance.mdCode splitting, memoization, images
10-accessibility.mdARIA, keyboard nav, semantic HTML
11-security.mdXSS, CSRF, secrets, validation
12-error-handling.mdError boundaries, async errors
13-testing.mdVitest, RTL, Playwright
14-code-organization.mdFolder structure, barrel exports
15-forbidden-patterns.mdAnti-patterns to avoid
16-configuration.mdtsconfig, ESLint, next.config

Backend Rules Summary (Python 3.13+/FastAPI/Firebase)

Read detailed rules: references/python-rules/01-overview.md

Critical Patterns

TopicDo ✅Don't ❌
Asyncasync def all routes, asyncio.timeout()time.sleep(), blocking I/O
TypesFull annotations, Pydantic modelsAny type, untyped dict
DatabaseRequest-scoped sessions, tenant filterGlobal sessions, no tenant filter
ErrorsCustom exceptions, retry with backoffBare Exception, no retry
SecurityJWT verification, rate limitingHardcoded secrets, no auth
TasksTaskGroup, store task referencesFire-and-forget, RUF006 violations

Backend References

FileWhen to Read
02-core-philosophy.mdAsync-first mindset, principles
03-async-programming.mdTaskGroup, cancellation, timeouts
04-fastapi-architecture.mdRoutes, dependencies, lifespan
05-telegram-bot.mdPTB handlers, JobQueue, conversations
06-firebase-integration.mdFirestore, auth, transactions
07-error-handling.mdExceptions, retries, circuit breaker
08-security.mdJWT, RBAC, rate limiting, CORS
09-multi-tenant.mdTenant isolation, query filtering
10-performance.mdConnection pooling, caching, batching
11-memory-management.mdGC, streaming, context vars
12-observability.mdStructlog, Prometheus, Sentry
13-testing.mdpytest-asyncio, fixtures, AsyncMock
14-type-system.mdType hints, TypedDict, Pydantic
15-configuration.mdEnvironment, settings, .env
16-code-quality.mdRuff, Pylint, Pyrefly, CI/CD
17-scalability.mdStateless design, load balancing
18-clean-architecture.mdLayers, dependency injection
19-forbidden-patterns.mdAnti-patterns, correctness checklist

Deployment Checklist

Frontend

  • Server Components by default, 'use client' only when needed
  • TanStack Query for server state
  • react-hook-form + Zod for forms
  • No any types, named exports only
  • Next.js Image for all images
  • Security headers in next.config.js

Backend

  • All routes/dependencies async def
  • Every await has timeout
  • Every query filters by tenant_id
  • JWT verified with signature check
  • Rate limiting on auth endpoints
  • Ruff/Pylint/Pyrefly pass with zero errors
  • Tests use AsyncMock, cover error paths

Code Quality Commands

bash
# Frontend
cd apps/web && bun run lint && bun run type-check

# Backend
ruff check . --fix
ruff format .
pyrefly check
pytest