feat: upgrade agent team with browser, MCP, CLI tools, rules, and hooks

- Add Chrome browser access to 6 visual agents (18 tools each) - Add Playwright access to 2 testing agents (22 tools each) - Add 4 MCP servers: Postgres Pro, Redis, Lighthouse, Docker (.mcp.json) - Add 3 new rules: testing.md, security.md, remotion-service.md - Add Context7 library references to all domain agents - Add CLI tool instructions per agent (curl, ffprobe, k6, semgrep, etc.) - Update team protocol with new capabilities column - Add orchestrator dispatch guidance for new agent capabilities - Init git repo tracking docs + Claude config only Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 22:46:16 +03:00
commit e6bfe7c946
49 changed files with 12381 additions and 0 deletions
@@ -0,0 +1,56 @@
+---
+paths:
+  - "cofee_backend/cpv3/**/*.py"
+---
+
+# Backend Module Rules
+
+## Module Structure (strict — do not deviate)
+
+Every module contains exactly these files — no more, no subdirectories:
+```
+modules/<module>/
+├── __init__.py
+├── models.py      # SQLAlchemy models
+├── schemas.py     # Pydantic DTOs (*Create, *Update, *Read)
+├── repository.py  # Database CRUD
+├── service.py     # Business logic + Dramatiq actors
+└── router.py      # FastAPI endpoints
+```
+
+When in doubt, put logic in `service.py`. Cross-cutting concerns go in `infrastructure/`, not in module subdirectories.
+
+## Repository Pattern
+
+- One repository per model, accepts `AsyncSession` in constructor.
+- Filter soft-deleted records (`is_deleted`) by default.
+- Methods should be atomic and focused.
+
+## Schemas
+
+- Inherit from `cpv3.common.schemas.Schema` (Pydantic with `from_attributes=True`).
+- Suffix names: `*Create`, `*Update`, `*Read`.
+- Use `Literal` types for enums with string values.
+
+## Models
+
+- Inherit from `Base` + `BaseModelMixin` (`cpv3.db.base`).
+- Use explicit column types, add indexes for frequently queried fields.
+- Soft deletes via `is_deleted` flag.
+
+## Endpoints
+
+- Use dependency injection for DB session (`get_db`), auth (`get_current_user`), and services.
+- Return typed response models. Use appropriate HTTP status codes.
+
+## Settings
+
+- All config via `get_settings()` from `cpv3.infrastructure.settings.py` (cached with `@lru_cache`).
+- Never hardcode configuration values.
+
+## Style
+
+- Python 3.11+, `from __future__ import annotations` for forward references.
+- Line length: 100 characters (Ruff). Type hints on all function signatures.
+- Async-first for I/O. Use `anyio.to_thread.run_sync` for CPU-bound work in async context.
+- Store error messages as module-level constants with `ERROR_` prefix.
@@ -0,0 +1,48 @@
+---
+paths:
+  - "cofee_frontend/src/**/*.ts"
+  - "cofee_frontend/src/**/*.tsx"
+---
+
+# Frontend FSD Rules
+
+## Import Direction (strict)
+
+`pages → widgets → features → entities → shared` — no upward or cross-slice imports within the same layer. Enforced by `eslint-plugin-boundaries`.
+
+## Component Convention
+
+Generate components with `bun run gc <layer> <Name>`. Each component folder:
+- `index.ts` — public re-export only
+- `ComponentName.tsx` — implementation
+- `ComponentName.module.scss` — scoped styles
+- `ComponentName.d.ts` — props interface (`IComponentNameProps`)
+
+## Features are Module-Aware
+
+Features live in domain subfolders (`features/profile/`, `features/project/`), never flat at `src/features/`. Each module has a barrel `index.ts`. Import via barrel: `import { X } from "@features/profile"`.
+
+After `bun run gc feature <Name>`, move the generated folder into the correct domain module.
+
+## API Client Rules
+
+- **In React components**: always use `api.useQuery()` / `api.useMutation()` from `@shared/api` (TanStack Query + openapi-fetch). For polling use `refetchInterval`.
+- **Outside React** (utilities, event handlers): use `fetchClient` from `@shared/api`.
+- **File uploads**: use `uploadFile()` from `@shared/api/uploadFile`.
+- **Never** use raw `fetch()`, `useEffect`-based data fetching, or `axios` for API calls.
+
+## Styling
+
+- SCSS Modules (`.module.scss`) for all component styles.
+- SCSS partials (`_variables`, `_breakpoints`, `_typography`, `_mixins`) are auto-injected via `next.config.mjs` — no manual imports needed.
+- Class composition: `import cs from "classnames"`.
+
+## Path Aliases
+
+Use `@shared/*`, `@entities/*`, `@features/*`, `@widgets/*`, `@pages/*`, `@app/*` — never relative paths across layers.
+
+## Code Style
+
+- Prettier: tabs (width 2), no semicolons, double quotes, sorted imports.
+- `data-testid` on every component root element.
+- Explicit return types on functional components.
@@ -0,0 +1,10 @@
+---
+paths:
+  - "cofee_frontend/src/**/*.tsx"
+---
+
+# Localization
+
+All user-facing UI text **must be in Russian**: labels, headings, buttons, placeholders, tooltips, aria-labels, error messages, breadcrumbs.
+
+The only exception is the brand name "Coffee Project" / "Cofee Project" — it stays in English.
@@ -0,0 +1,31 @@
+---
+paths:
+  - "remotion_service/**"
+---
+
+# Remotion Service Rules
+
+## Animations
+- ONLY use Remotion interpolate()/spring() for all animations
+- NEVER use CSS transitions, CSS animations, or Framer Motion
+- All timing must be frame-based, not time-based
+
+## Compositions
+- Deterministic frame rendering: no Date.now(), no Math.random(), no network calls during render
+- All data must be passed via inputProps from the server
+- useCurrentFrame() and useVideoConfig() for all timing calculations
+
+## Server
+- ElysiaJS, single POST /api/render endpoint
+- Flow: receive S3 path + transcription -> Remotion CLI render -> upload to S3 -> return path
+- Health check: GET /health
+
+## Captions
+- All caption presets live in src/components/captions/
+- Caption data format: Word[] with start/end timestamps from transcription module
+
+## Video Inspection
+- Use ffprobe (installed) to validate input video codec/resolution/fps before render
+- Use ffprobe to verify output after render
+- Use ffmpeg to extract single frames for visual caption verification
+- Use mediainfo for detailed container metadata
@@ -0,0 +1,27 @@
+# Security Conventions
+
+## Authentication
+- JWT tokens via get_current_user dependency injection
+- Passwords: bcrypt hash, never plain text
+- Token refresh: handled by users module
+
+## File Uploads
+- Validated by extension + MIME type in files module
+- Upload via uploadFile() from @shared/api/uploadFile — never raw FormData
+- Endpoint: /api/files/upload/
+
+## Secrets Management
+- All config via get_settings() (cached @lru_cache) — never hardcode
+- S3/MinIO credentials: env vars only, never in code or commits
+- JWT secret: env var, never in code
+
+## Data Protection
+- Soft deletes: is_deleted flag — ensure deleted records never leak through API responses
+- CORS: configured in main.py — restrict to frontend origin in production
+- SQL injection: prevented by SQLAlchemy parameterized queries — never use raw SQL strings
+- XSS: React auto-escapes — never use dangerouslySetInnerHTML
+
+## Scanning Tools (for Security Auditor agent)
+- Python SAST: semgrep + bandit (via uv run --group tools)
+- Dependency CVEs: pip-audit (via uv run --group tools)
+- Secret detection: gitleaks (via brew)
@@ -0,0 +1,20 @@
+# Testing Conventions
+
+## Backend Tests
+- Real DB + real Redis. No mocks. conftest.py has shared fixtures.
+- Location: cofee_backend/tests/integration/<module>.py
+- Naming: test_<action>_<scenario> (e.g., test_create_project_without_name)
+- Run: cd cofee_backend && uv run pytest
+- Single test: uv run pytest -k "test_name"
+- API fuzzing: cd cofee_backend && uv run --group tools schemathesis run http://localhost:8000/api/schema/ --checks all
+
+## Frontend E2E Tests
+- Playwright with data-testid selectors on every interactive element
+- Location: cofee_frontend/tests/
+- Run: cd cofee_frontend && bun run test:e2e
+- Every component root element must have data-testid
+
+## General
+- Never mock the database — use real test DB
+- Tests must be deterministic — no Date.now(), no Math.random()
+- Test error paths, not just happy paths