Unify OpenCode and Codex starter kits

- Add .shared/prompts/ with tool-neutral prompts
- Add .opencode/config/project.md, rules/, skills/ from opencode-kit
- Add .codex/config/project.md from codex-kit
- Copy .shared/prompts/ to both .opencode/prompts/ and .codex/prompts/
- Add features/INDEX.md and features/README.md
- Update README with unified structure

The two original starter kits are now redundant.
This commit is contained in:
Worker Skeletton
2026-05-25 14:11:00 +02:00
parent 2d4dbe48e9
commit 5c9b4333da
38 changed files with 1659 additions and 107 deletions

View File

@@ -1,20 +1,74 @@
# Backend Rules
## PHP
Backend development rules for PHP, databases, and APIs.
- PHP 8+ Syntax
- Prepared Statements für DB Queries
- Input Validation immer auf Server-Seite
- Keine secrets in Code — .env nutzen
## PHP Code
## REST API
- Follow PSR-12 coding standard
- Use strict types: `declare(strict_types=1);`
- Use typed properties and return types
- Maximum function length: ~40 lines
- No code duplication — extract to helper functions
- JSON als Standard-Format
- HTTP Status Codes korrekt nutzen
- GET/POST/etc. semantisch richtig
## API Design
## SQLite
### RESTful Conventions
- Transactions für mehrere Writes
- FOREIGN KEY Constraints aktiviert
- Indexes auf häufige Query-Spalten
| Method | Path | Action |
|--------|------|--------|
| GET | /users | List users |
| GET | /users/{id} | Get single user |
| POST | /users | Create user |
| PUT | /users/{id} | Update user |
| DELETE | /users/{id} | Delete user |
### Response Format
```php
// Success
json_response(['data' => $user, 'status' => 200]);
// Error
json_response(['error' => 'Not found', 'status' => 404]);
// List with pagination
json_response([
'data' => $users,
'total' => $total,
'page' => $page,
'per_page' => $perPage
]);
```
### Status Codes
- `200` OK
- `201` Created
- `204` No Content (successful DELETE)
- `400` Bad Request
- `401` Unauthorized
- `403` Forbidden
- `404` Not Found
- `422` Unprocessable Entity (validation error)
- `500` Internal Server Error
## Validation
- Validate in the controller/action before business logic
- Return `422` with field-specific errors on validation failure
- Never trust user input — validate everything
## Database
- Use PDO with parameterized queries (no string interpolation)
- Use transactions for multi-step operations
- Use indexes on columns used in WHERE/JOIN
- Avoid N+1 queries
- See `database.md` for SQLite/MariaDB/PostgreSQL portability
## Testing
- Unit test business logic in isolation
- Integration test API endpoints
- Test happy path AND error paths
- Mock database in unit tests where practical