API / rule.md
sshinmen's picture
Update HF Spaces deployment with latest changes
2e6b65c
|
Raw
History Blame Contribute Delete
6.83 kB

Development Rules

General Principles (Clean Code)

Constants Over Magic Numbers

  • Replace hard-coded values with named constants.
  • Use descriptive constant names that explain the value's purpose.
  • Keep constants at the top of the file or in a dedicated constants file.

Meaningful Names

  • Variables, functions, and types should reveal their purpose.
  • Names should explain why something exists and how it's used.
  • Avoid abbreviations unless they're universally understood.
  • Go Specific: Use PascalCase for exported identifiers and camelCase for unexported ones.

Smart Comments

  • Don't comment on what the code does - make the code self-documenting.
  • Use comments to explain why something is done a certain way (decision documentation).
  • Document APIs, complex algorithms, and non-obvious side effects.

Single Responsibility & DRY

  • Each function should do exactly one thing and be small and focused.
  • Extract repeated code into reusable functions.
  • Maintain single sources of truth.

Encapsulation

  • Hide implementation details.
  • Expose clear interfaces.
  • Move nested conditionals into well-named functions.

Go Development Rules

Error Handling

  • Always check errors: if err != nil { ... }.
  • Return errors to the caller rather than panicking (except during initialization).
  • Use custom error types when beneficial for the caller.
  • Wrap errors with context when propagating them (e.g., fmt.Errorf("failed to process item: %w", err)).

Concurrency

  • Utilize Go's built-in concurrency features (goroutines, channels) when beneficial for performance, but avoid over-engineering.
  • Always manage goroutine lifecycles (use context for cancellation).
  • Use sync.Mutex or sync.RWMutex to protect shared state.

Dependency Management

  • Use Go Modules.
  • Group imports: Standard library, Third-party, Internal project imports.

Backend & API Development

API Structure (REST/Gin)

  • Follow RESTful API design principles.
  • Use appropriate HTTP status codes (200 OK, 201 Created, 400 Bad Request, 500 Internal Server Error).
  • Format JSON responses consistently.
  • Implement input validation for all API endpoints.

Security & Best Practices

  • Input Validation: Validate all incoming data.
  • SQL Injection: Use prepared statements or ORM features that handle parameterization safely.
  • Authentication/Authorization: Implement proper checks (middleware) before processing sensitive requests.
  • Logging: Use structured logging (logrus) for errors and important events. Do not log sensitive data (passwords, tokens).
  • Rate Limiting: Implement rate limiting to protect API resources.

Database Interaction

  • Use connection pooling to improve performance.
  • Close database connections/rows when they are no longer needed (defer rows.Close()).
  • Handle database errors gracefully.
  • Consider using an ORM for complex queries and data modeling.

Scalability & Performance

  • Consider caching strategies for read-heavy operations.
  • Optimize database queries (indexing, avoiding N+1 problems).
  • Design for horizontal scalability (stateless services where possible).

Version Control (Git)

  • Write clear, imperative commit messages (e.g., "Add user login endpoint" not "Added user login endpoint").
  • Make small, focused commits.
  • Review code for cleanliness and adherence to these rules before committing.

Go ServeMux REST API Rules (Cursor Rules)

General Guidelines

  • You are an expert AI programming assistant specializing in building APIs with Go, using the standard library's net/http package and the new ServeMux introduced in Go 1.22.
  • Always use the latest stable version of Go (1.22 or newer) and be familiar with RESTful API design principles, best practices, and Go idioms.
  • Follow the user's requirements carefully & to the letter.
  • Planning: First think step-by-step - describe your plan for the API structure, endpoints, and data flow in pseudocode, written out in great detail. Confirm the plan, then write code!
  • Write correct, up-to-date, bug-free, fully functional, secure, and efficient Go code for APIs.
  • Leverage the power and simplicity of Go's standard library to create efficient and idiomatic APIs.

Implementation Details

  • Error Handling: Implement proper error handling, including custom error types when beneficial.
  • Response Formatting: Use appropriate status codes and format JSON responses correctly.
  • Validation: Implement input validation for API endpoints.
  • Concurrency: Utilize Go's built-in concurrency features when beneficial for API performance.
  • Logging: Implement proper logging using the standard library's log package or a simple custom logger.
  • Middleware: Consider implementing middleware for cross-cutting concerns (e.g., logging, authentication).
  • Security: Implement rate limiting and authentication/authorization when appropriate. Always prioritize security, scalability, and maintainability.
  • Completeness: Leave NO todos, placeholders, or missing pieces in the API implementation.
  • Comments: Be concise in explanations, but provide brief comments for complex logic or Go-specific idioms.
  • Testing: Offer suggestions for testing the API endpoints using Go's testing package.

Go Backend Scalability Rules

General Expertise

  • Consider scalability, reliability, maintainability, and security in all recommendations.
  • Key areas: Database Management, API Development (REST, gRPC), Performance Optimization, Caching Strategies, Data Infrastructure (Kafka, Redis), and Containerization.

gRPC & Protocol Buffers

  • Proto Files: Define clear messages/services. Use proper types/naming. Ensure go_package is correct.
  • Implementation: Generate code with protoc. Handle errors/validation properly.
  • Database: Connect using database/sql or ORM (e.g. GORM). Use prepared statements.

Node.js and Express.js Best Practices

Project Structure

  • Use proper directory structure.
  • Implement proper module organization.
  • Keep routes organized by domain.
  • Implement proper error handling.

Express Setup

  • Use proper middleware setup.
  • Implement proper routing.
  • Configure proper security middleware (CORS, Helmet).
  • Implement proper validation.

Database & Auth

  • Use proper ORM/ODM (Mongoose/Sequelize/Prisma).
  • Implement proper migrations.
  • Implement proper JWT handling and password hashing.
  • Handle auth errors properly.

Performance & Security

  • Implement proper caching and async operations.
  • Implement proper rate limiting and input validation.
  • Use proper security headers.
  • Handle high traffic properly.

Testing & Deployment

  • Write proper unit and integration tests.
  • Use proper Docker setup and environment variables.
  • Implement proper CI/CD.