Unify OpenCode and Codex starter kits
- Add .shared/prompts/ with tool-neutral prompts - Add .opencode/config/project.md, rules/, skills/ from opencode-kit - Add .codex/config/project.md from codex-kit - Copy .shared/prompts/ to both .opencode/prompts/ and .codex/prompts/ - Add features/INDEX.md and features/README.md - Update README with unified structure The two original starter kits are now redundant.
This commit is contained in:
@@ -1,20 +1,74 @@
|
||||
# Backend Rules
|
||||
|
||||
## PHP
|
||||
Backend development rules for PHP, databases, and APIs.
|
||||
|
||||
- PHP 8+ Syntax
|
||||
- Prepared Statements für DB Queries
|
||||
- Input Validation immer auf Server-Seite
|
||||
- Keine secrets in Code — .env nutzen
|
||||
## PHP Code
|
||||
|
||||
## REST API
|
||||
- Follow PSR-12 coding standard
|
||||
- Use strict types: `declare(strict_types=1);`
|
||||
- Use typed properties and return types
|
||||
- Maximum function length: ~40 lines
|
||||
- No code duplication — extract to helper functions
|
||||
|
||||
- JSON als Standard-Format
|
||||
- HTTP Status Codes korrekt nutzen
|
||||
- GET/POST/etc. semantisch richtig
|
||||
## API Design
|
||||
|
||||
## SQLite
|
||||
### RESTful Conventions
|
||||
|
||||
- Transactions für mehrere Writes
|
||||
- FOREIGN KEY Constraints aktiviert
|
||||
- Indexes auf häufige Query-Spalten
|
||||
| Method | Path | Action |
|
||||
|--------|------|--------|
|
||||
| GET | /users | List users |
|
||||
| GET | /users/{id} | Get single user |
|
||||
| POST | /users | Create user |
|
||||
| PUT | /users/{id} | Update user |
|
||||
| DELETE | /users/{id} | Delete user |
|
||||
|
||||
### Response Format
|
||||
|
||||
```php
|
||||
// Success
|
||||
json_response(['data' => $user, 'status' => 200]);
|
||||
|
||||
// Error
|
||||
json_response(['error' => 'Not found', 'status' => 404]);
|
||||
|
||||
// List with pagination
|
||||
json_response([
|
||||
'data' => $users,
|
||||
'total' => $total,
|
||||
'page' => $page,
|
||||
'per_page' => $perPage
|
||||
]);
|
||||
```
|
||||
|
||||
### Status Codes
|
||||
|
||||
- `200` OK
|
||||
- `201` Created
|
||||
- `204` No Content (successful DELETE)
|
||||
- `400` Bad Request
|
||||
- `401` Unauthorized
|
||||
- `403` Forbidden
|
||||
- `404` Not Found
|
||||
- `422` Unprocessable Entity (validation error)
|
||||
- `500` Internal Server Error
|
||||
|
||||
## Validation
|
||||
|
||||
- Validate in the controller/action before business logic
|
||||
- Return `422` with field-specific errors on validation failure
|
||||
- Never trust user input — validate everything
|
||||
|
||||
## Database
|
||||
|
||||
- Use PDO with parameterized queries (no string interpolation)
|
||||
- Use transactions for multi-step operations
|
||||
- Use indexes on columns used in WHERE/JOIN
|
||||
- Avoid N+1 queries
|
||||
- See `database.md` for SQLite/MariaDB/PostgreSQL portability
|
||||
|
||||
## Testing
|
||||
|
||||
- Unit test business logic in isolation
|
||||
- Integration test API endpoints
|
||||
- Test happy path AND error paths
|
||||
- Mock database in unit tests where practical
|
||||
|
||||
Reference in New Issue
Block a user