-
Notifications
You must be signed in to change notification settings - Fork 178
Expand file tree
/
Copy path.cursorrules
More file actions
231 lines (213 loc) · 9.51 KB
/
.cursorrules
File metadata and controls
231 lines (213 loc) · 9.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
# Evo AI - Project Rules and Structure
## Main Technologies
- FastAPI: Web framework for building the API
- SQLAlchemy: ORM for database interaction
- Alembic: Database migration system
- PostgreSQL: Main database
- Pydantic: Data validation and serialization
- Uvicorn: ASGI server for application execution
- Redis: Cache and session management
- JWT: Secure token authentication
- Bcrypt: Secure password hashing
- SendGrid: Email service for notifications
- Jinja2: Template engine for email rendering
## Project Structure
```
src/
├── api/
│ ├── __init__.py # Package initialization
│ ├── admin_routes.py # Admin routes for management interface
│ ├── agent_routes.py # Routes to manage agents
│ ├── auth_routes.py # Authentication routes (login, registration)
│ ├── chat_routes.py # Routes for chat interactions with agents
│ ├── client_routes.py # Routes to manage clients
│ ├── mcp_server_routes.py # Routes to manage MCP servers
│ ├── session_routes.py # Routes to manage chat sessions
│ └── tool_routes.py # Routes to manage tools for agents
├── config/
│ ├── database.py # Database configuration
│ └── settings.py # General settings
├── core/
│ ├── middleware.py # API Key middleware (legacy)
│ └── jwt_middleware.py # JWT authentication middleware
├── models/
│ └── models.py # SQLAlchemy models
├── schemas/
│ ├── schemas.py # Main Pydantic schemas
│ ├── chat.py # Chat schemas
│ ├── user.py # User and authentication schemas
│ └── audit.py # Audit logs schemas
├── services/
│ ├── agent_service.py # Business logic for agents
│ ├── agent_runner.py # Agent execution logic
│ ├── auth_service.py # JWT authentication logic
│ ├── audit_service.py # Audit logs logic
│ ├── client_service.py # Business logic for clients
│ ├── email_service.py # Email sending service
│ ├── mcp_server_service.py # Business logic for MCP servers
│ ├── session_service.py # Business logic for chat sessions
│ ├── tool_service.py # Business logic for tools
│ └── user_service.py # User management logic
├── templates/
│ ├── emails/
│ │ ├── base_email.html # Base template with common structure and styles
│ │ ├── verification_email.html # Email verification template
│ │ ├── password_reset.html # Password reset template
│ │ ├── welcome_email.html # Welcome email after verification
│ │ └── account_locked.html # Security alert for locked accounts
├── tests/
│ ├── __init__.py # Package initialization
│ ├── api/
│ │ ├── __init__.py # Package initialization
│ │ ├── test_auth_routes.py # Test for authentication routes
│ │ └── test_root.py # Test for root endpoint
│ ├── models/
│ │ ├── __init__.py # Package initialization
│ │ ├── test_models.py # Test for models
│ ├── services/
│ │ ├── __init__.py # Package initialization
│ │ ├── test_auth_service.py # Test for authentication service
│ │ └── test_user_service.py # Test for user service
└── utils/
├── logger.py # Logger configuration
└── security.py # Security utilities (JWT, hash)
```
## Code Standards
### Language Requirements
- **ALL code comments, docstrings, and logging messages MUST be written in English**
- Variable names, function names, and class names must be in English
- API error messages must be in English
- Documentation (including inline comments) must be in English
- Code examples in documentation must be in English
- Commit messages must be in English
### Project Configuration
- Dependencies managed in `pyproject.toml` using modern Python packaging standards
- Development dependencies specified as optional dependencies in `pyproject.toml`
- Single source of truth for project metadata in `pyproject.toml`
- Build system configured to use setuptools
- Pytest configuration in `pyproject.toml` under `[tool.pytest.ini_options]`
- Code formatting with Black configured in `pyproject.toml`
- Linting with Flake8 configured in `.flake8`
### Schemas (Pydantic)
- Use `BaseModel` as base for all schemas
- Define fields with explicit types
- Use `Optional` for optional fields
- Use `Field` for validations and default values
- Implement `Config` with `from_attributes = True` for models
- Use `EmailStr` for email validation
### Services
- Error handling with `SQLAlchemyError`
- Consistent logging with messages in English
- Strong typing with `Optional` for null returns
- Documentation with docstrings
- Rollback in case of error
- Standardized returns
- Use transactions for multiple operations
### Email Templates
- All email templates extend a base template
- Templates written in English
- Use Jinja2 templating system
- Consistent styling using a common base template
- Responsive design for mobile compatibility
- Clear call-to-action buttons
- Fallback mechanisms for failed template rendering
### Routes
- Appropriate status codes (201 for creation, 204 for deletion)
- Error handling with `HTTPException`
- Error messages in English
- Pagination for list endpoints
- Input validation with schemas
- JWT authentication for all protected routes
- Use of asynchronous functions with `async def`
### Migrations
- Use Alembic for migration management
- Descriptive names for migrations
- Maintain change history
- Use CASCADE when necessary to remove dependencies
### Authentication
- Use JWT for authentication with OAuth2PasswordBearer
- JWT tokens with expiration time defined in settings
- Access token containing essential user data (is_admin, client_id, etc.)
- Resource ownership verification based on client_id
- Protection of administrative routes with permission verification
- Email verification system via tokens
- Secure password recovery with one-time tokens
- Account locking after multiple failed login attempts
### Audit
- Record important administrative actions
- Automatic collection of contextual data (IP, user-agent)
- Relationship with user who performed the action
- Filtering and querying by different criteria
### Environment Variables
- Use .env file for sensitive settings
- Keep .env.example updated
- Document all environment variables
- Use safe default values
- Validate required variables
- Clear separation between development and production configurations
## Conventions
- Variable and function names in English
- Log and error messages in English
- Documentation in English
- User-facing content (emails, responses) in English
- Indentation with 4 spaces
- Maximum of 79 characters per line
## Commit Rules
- Use Conventional Commits format for all commit messages
- Format: `<type>(<scope>): <description>`
- Types:
- `feat`: A new feature
- `fix`: A bug fix
- `docs`: Documentation changes
- `style`: Changes that do not affect code meaning (formatting, etc.)
- `refactor`: Code changes that neither fix a bug nor add a feature
- `perf`: Performance improvements
- `test`: Adding or modifying tests
- `chore`: Changes to build process or auxiliary tools
- Scope is optional and should be the module or component affected
- Description should be concise, in the imperative mood, and not capitalized
- Use body for more detailed explanations if needed
- Reference issues in the footer with `Fixes #123` or `Relates to #123`
- Examples:
- `feat(auth): add password reset functionality`
- `fix(api): correct validation error in client registration`
- `docs: update API documentation for new endpoints`
- `refactor(services): improve error handling in authentication`
## Best Practices
- Always validate input data
- Implement appropriate logging
- Handle all possible errors
- Maintain consistency in returns
- Document functions and classes
- Follow SOLID principles
- Keep tests updated
- Protect routes with JWT authentication
- Use environment variables for sensitive configurations
- Implement resource ownership verification
- Store passwords only with secure hash (bcrypt)
- Implement appropriate expiration for tokens
- Use template inheritance for consistent email layouts
## Security
- JWT tokens with limited lifetime
- Email verification with one-time tokens
- Secure password hashing with bcrypt and random salt
- Audit system for administrative actions
- Resource-based access control
- Clear separation between regular users and administrators
- Strict input validation with Pydantic
- Account lockout after multiple failed login attempts
## Useful Commands
- `make run`: Start the server
- `make run-prod`: Start the server in production mode
- `make alembic-revision message="description"`: Create new migration
- `make alembic-upgrade`: Apply pending migrations
- `make alembic-downgrade`: Revert last migration
- `make alembic-migrate`: Create and apply new migration
- `make alembic-reset`: Reset database to initial state
- `make alembic-upgrade-cascade`: Force upgrade removing dependencies
- `make clear-cache`: Clean project cache
- `make seed-all`: Run all database seeders
- `make lint`: Run linting checks with flake8
- `make format`: Format code with black
- `make install`: Install project for development
- `make install-dev`: Install project with development dependencies