| # Development Rules |
|
|
| ## General Principles (Clean Code) |
|
|
| ### Constants Over Magic Numbers |
| - Replace hard-coded values with named constants. |
| - Use descriptive constant names that explain the value's purpose. |
| - Keep constants at the top of the file or in a dedicated constants file. |
|
|
| ### Meaningful Names |
| - Variables, functions, and types should reveal their purpose. |
| - Names should explain *why* something exists and *how* it's used. |
| - Avoid abbreviations unless they're universally understood. |
| - **Go Specific:** Use `PascalCase` for exported identifiers and `camelCase` for unexported ones. |
|
|
| ### Smart Comments |
| - Don't comment on *what* the code does - make the code self-documenting. |
| - Use comments to explain *why* something is done a certain way (decision documentation). |
| - Document APIs, complex algorithms, and non-obvious side effects. |
|
|
| ### Single Responsibility & DRY |
| - Each function should do exactly one thing and be small and focused. |
| - Extract repeated code into reusable functions. |
| - Maintain single sources of truth. |
|
|
| ### Encapsulation |
| - Hide implementation details. |
| - Expose clear interfaces. |
| - Move nested conditionals into well-named functions. |
|
|
| ## Go Development Rules |
|
|
| ### Error Handling |
| - **Always check errors:** `if err != nil { ... }`. |
| - Return errors to the caller rather than panicking (except during initialization). |
| - Use custom error types when beneficial for the caller. |
| - Wrap errors with context when propagating them (e.g., `fmt.Errorf("failed to process item: %w", err)`). |
|
|
| ### Concurrency |
| - Utilize Go's built-in concurrency features (goroutines, channels) when beneficial for performance, but avoid over-engineering. |
| - Always manage goroutine lifecycles (use `context` for cancellation). |
| - Use `sync.Mutex` or `sync.RWMutex` to protect shared state. |
|
|
| ### Dependency Management |
| - Use Go Modules. |
| - Group imports: Standard library, Third-party, Internal project imports. |
|
|
| ## Backend & API Development |
|
|
| ### API Structure (REST/Gin) |
| - Follow RESTful API design principles. |
| - Use appropriate HTTP status codes (200 OK, 201 Created, 400 Bad Request, 500 Internal Server Error). |
| - Format JSON responses consistently. |
| - Implement input validation for all API endpoints. |
|
|
| ### Security & Best Practices |
| - **Input Validation:** Validate all incoming data. |
| - **SQL Injection:** Use prepared statements or ORM features that handle parameterization safely. |
| - **Authentication/Authorization:** Implement proper checks (middleware) before processing sensitive requests. |
| - **Logging:** Use structured logging (`logrus`) for errors and important events. Do not log sensitive data (passwords, tokens). |
| - **Rate Limiting:** Implement rate limiting to protect API resources. |
|
|
| ### Database Interaction |
| - Use connection pooling to improve performance. |
| - Close database connections/rows when they are no longer needed (defer `rows.Close()`). |
| - Handle database errors gracefully. |
| - Consider using an ORM for complex queries and data modeling. |
|
|
| ## Scalability & Performance |
| - Consider caching strategies for read-heavy operations. |
| - Optimize database queries (indexing, avoiding N+1 problems). |
| - Design for horizontal scalability (stateless services where possible). |
|
|
| ## Version Control (Git) |
| - Write clear, imperative commit messages (e.g., "Add user login endpoint" not "Added user login endpoint"). |
| - Make small, focused commits. |
| - Review code for cleanliness and adherence to these rules before committing. |
|
|
| # Go ServeMux REST API Rules (Cursor Rules) |
|
|
| ## General Guidelines |
| - You are an expert AI programming assistant specializing in building APIs with Go, using the standard library's net/http package and the new ServeMux introduced in Go 1.22. |
| - Always use the latest stable version of Go (1.22 or newer) and be familiar with RESTful API design principles, best practices, and Go idioms. |
| - Follow the user's requirements carefully & to the letter. |
| - **Planning:** First think step-by-step - describe your plan for the API structure, endpoints, and data flow in pseudocode, written out in great detail. Confirm the plan, then write code! |
| - Write correct, up-to-date, bug-free, fully functional, secure, and efficient Go code for APIs. |
| - Leverage the power and simplicity of Go's standard library to create efficient and idiomatic APIs. |
|
|
| ## Implementation Details |
| - **Error Handling:** Implement proper error handling, including custom error types when beneficial. |
| - **Response Formatting:** Use appropriate status codes and format JSON responses correctly. |
| - **Validation:** Implement input validation for API endpoints. |
| - **Concurrency:** Utilize Go's built-in concurrency features when beneficial for API performance. |
| - **Logging:** Implement proper logging using the standard library's log package or a simple custom logger. |
| - **Middleware:** Consider implementing middleware for cross-cutting concerns (e.g., logging, authentication). |
| - **Security:** Implement rate limiting and authentication/authorization when appropriate. Always prioritize security, scalability, and maintainability. |
| - **Completeness:** Leave NO todos, placeholders, or missing pieces in the API implementation. |
| - **Comments:** Be concise in explanations, but provide brief comments for complex logic or Go-specific idioms. |
| - **Testing:** Offer suggestions for testing the API endpoints using Go's testing package. |
|
|
| # Go Backend Scalability Rules |
|
|
| ## General Expertise |
| - Consider scalability, reliability, maintainability, and security in all recommendations. |
| - Key areas: Database Management, API Development (REST, gRPC), Performance Optimization, Caching Strategies, Data Infrastructure (Kafka, Redis), and Containerization. |
|
|
| ## gRPC & Protocol Buffers |
| - **Proto Files:** Define clear messages/services. Use proper types/naming. Ensure `go_package` is correct. |
| - **Implementation:** Generate code with `protoc`. Handle errors/validation properly. |
| - **Database:** Connect using `database/sql` or ORM (e.g. GORM). Use prepared statements. |
|
|
| # Node.js and Express.js Best Practices |
|
|
| ## Project Structure |
| - Use proper directory structure. |
| - Implement proper module organization. |
| - Keep routes organized by domain. |
| - Implement proper error handling. |
|
|
| ## Express Setup |
| - Use proper middleware setup. |
| - Implement proper routing. |
| - Configure proper security middleware (CORS, Helmet). |
| - Implement proper validation. |
|
|
| ## Database & Auth |
| - Use proper ORM/ODM (Mongoose/Sequelize/Prisma). |
| - Implement proper migrations. |
| - Implement proper JWT handling and password hashing. |
| - Handle auth errors properly. |
|
|
| ## Performance & Security |
| - Implement proper caching and async operations. |
| - Implement proper rate limiting and input validation. |
| - Use proper security headers. |
| - Handle high traffic properly. |
|
|
| ## Testing & Deployment |
| - Write proper unit and integration tests. |
| - Use proper Docker setup and environment variables. |
| - Implement proper CI/CD. |
|
|