fix(workflow): update stop state for preview chat

fix(workflow): keep preview run state on panel close
fix(workflow): restore fetchInspectVars and invalidAllLastRun calls lost during refactor
2026-06-08 09:27:39 +08:00 · 2026-01-26 22:50:38 +08:00 · 2026-01-26 22:42:14 +08:00 · 2026-01-26 21:55:16 +08:00 · 2026-01-26 21:49:10 +08:00
10260 changed files with 428638 additions and 1241676 deletions
--- a/.agent/skills/component-refactoring
+++ b/.agent/skills/component-refactoring
@ -0,0 +1 @@
 ../../.agents/skills/component-refactoring
--- a/.agent/skills/frontend-code-review
+++ b/.agent/skills/frontend-code-review
@ -0,0 +1 @@
 ../../.agents/skills/frontend-code-review
--- a/.agent/skills/frontend-testing
+++ b/.agent/skills/frontend-testing
@ -0,0 +1 @@
 ../../.agents/skills/frontend-testing
--- a/.agent/skills/orpc-contract-first
+++ b/.agent/skills/orpc-contract-first
@ -0,0 +1 @@
 ../../.agents/skills/orpc-contract-first
--- a/.agent/skills/skill-creator
+++ b/.agent/skills/skill-creator
@ -0,0 +1 @@
 ../../.agents/skills/skill-creator
--- a/.agent/skills/vercel-react-best-practices
+++ b/.agent/skills/vercel-react-best-practices
@ -0,0 +1 @@
 ../../.agents/skills/vercel-react-best-practices
--- a/.agent/skills/web-design-guidelines
+++ b/.agent/skills/web-design-guidelines
@ -0,0 +1 @@
 ../../.agents/skills/web-design-guidelines
--- a/.agents/skills/backend-code-review/SKILL.md
+++ b/.agents/skills/backend-code-review/SKILL.md
@ -1,168 +0,0 @@
 ---
 name: backend-code-review
 description: Review backend code for quality, security, maintainability, and best practices based on established checklist rules. Use when the user requests a review, analysis, or improvement of backend files (e.g., `.py`) under the `api/` directory. Do NOT use for frontend files (e.g., `.tsx`, `.ts`, `.js`). Supports pending-change review, code snippets review, and file-focused review.
 ---
 # Backend Code Review
 ## When to use this skill
 Use this skill whenever the user asks to **review, analyze, or improve** backend code (e.g., `.py`) under the `api/` directory. Supports the following review modes:
 - **Pending-change review**: when the user asks to review current changes (inspect staged/working-tree files slated for commit to get the changes).
 - **Code snippets review**: when the user pastes code snippets (e.g., a function/class/module excerpt) into the chat and asks for a review.
 - **File-focused review**: when the user points to specific files and asks for a review of those files (one file or a small, explicit set of files, e.g., `api/...`, `api/app.py`).
 Do NOT use this skill when:
 - The request is about frontend code or UI (e.g., `.tsx`, `.ts`, `.js`, `web/`).
 - The user is not asking for a review/analysis/improvement of backend code.
 - The scope is not under `api/` (unless the user explicitly asks to review backend-related changes outside `api/`).
 ## How to use this skill
 Follow these steps when using this skill:
 1. **Identify the review mode** (pending-change vs snippet vs file-focused) based on the user’s input. Keep the scope tight: review only what the user provided or explicitly referenced.
 2. Follow the rules defined in **Checklist** to perform the review. If no Checklist rule matches, apply **General Review Rules** as a fallback to perform the best-effort review.
 3. Compose the final output strictly follow the **Required Output Format**.
 Notes when using this skill:
 - Always include actionable fixes or suggestions (including possible code snippets).
 - Use best-effort `File:Line` references when a file path and line numbers are available; otherwise, use the most specific identifier you can.
 ## Checklist
 - db schema design: if the review scope includes code/files under `api/models/` or `api/migrations/`, follow [references/db-schema-rule.md](references/db-schema-rule.md) to perform the review
 - architecture: if the review scope involves controller/service/core-domain/libs/model layering, dependency direction, or moving responsibilities across modules, follow [references/architecture-rule.md](references/architecture-rule.md) to perform the review
 - repositories abstraction: if the review scope contains table/model operations (e.g., `select(...)`, `session.execute(...)`, joins, CRUD) and is not under `api/repositories`, `api/core/repositories`, or `api/extensions/*/repositories/`, follow [references/repositories-rule.md](references/repositories-rule.md) to perform the review
 - sqlalchemy patterns: if the review scope involves SQLAlchemy session/query usage, db transaction/crud usage, or raw SQL usage, follow [references/sqlalchemy-rule.md](references/sqlalchemy-rule.md) to perform the review
 ## General Review Rules
 ### 1. Security Review
 Check for:
 - SQL injection vulnerabilities
 - Server-Side Request Forgery (SSRF)
 - Command injection
 - Insecure deserialization
 - Hardcoded secrets/credentials
 - Improper authentication/authorization
 - Insecure direct object references
 ### 2. Performance Review
 Check for:
 - N+1 queries
 - Missing database indexes
 - Memory leaks
 - Blocking operations in async code
 - Missing caching opportunities
 ### 3. Code Quality Review
 Check for:
 - Code forward compatibility
 - Code duplication (DRY violations)
 - Functions doing too much (SRP violations)
 - Deep nesting / complex conditionals
 - Magic numbers/strings
 - Poor naming
 - Missing error handling
 - Incomplete type coverage
 ### 4. Testing Review
 Check for:
 - Missing test coverage for new code
 - Tests that don't test behavior
 - Flaky test patterns
 - Missing edge cases
 ## Required Output Format
 When this skill invoked, the response must exactly follow one of the two templates:
 ### Template A (any findings)
 ```markdown
 # Code Review Summary
 Found <X> critical issues need to be fixed:
 ## 🔴 Critical (Must Fix)
 ### 1. <brief description of the issue>
 FilePath: <path> line <line>
 <relevant code snippet or pointer>
 #### Explanation
 <detailed explanation and references of the issue>
 #### Suggested Fix
 1. <brief description of suggested fix>
 2. <code example> (optional, omit if not applicable)
 ---
 ... (repeat for each critical issue) ...
 Found <Y> suggestions for improvement:
 ## 🟡 Suggestions (Should Consider)
 ### 1. <brief description of the suggestion>
 FilePath: <path> line <line>
 <relevant code snippet or pointer>
 #### Explanation
 <detailed explanation and references of the suggestion>
 #### Suggested Fix
 1. <brief description of suggested fix>
 2. <code example> (optional, omit if not applicable)
 ---
 ... (repeat for each suggestion) ...
 Found <Z> optional nits:
 ## 🟢 Nits (Optional)
 ### 1. <brief description of the nit>
 FilePath: <path> line <line>
 <relevant code snippet or pointer>
 #### Explanation
 <explanation and references of the optional nit>
 #### Suggested Fix
 - <minor suggestions>
 ---
 ... (repeat for each nits) ...
 ## ✅ What's Good
 - <Positive feedback on good patterns>
 ```
 - If there are no critical issues or suggestions or option nits or good points, just omit that section.
 - If the issue number is more than 10, summarize as "Found 10+ critical issues/suggestions/optional nits" and only output the first 10 items.
 - Don't compress the blank lines between sections; keep them as-is for readability.
 - If there is any issue requires code changes, append a brief follow-up question to ask whether the user wants to apply the fix(es) after the structured output. For example: "Would you like me to use the Suggested fix(es) to address these issues?"
 ### Template B (no issues)
 ```markdown
 ## Code Review Summary
 ✅ No issues found.
 ```
--- a/.agents/skills/backend-code-review/references/architecture-rule.md
+++ b/.agents/skills/backend-code-review/references/architecture-rule.md
@ -1,91 +0,0 @@
 # Rule Catalog — Architecture
 ## Scope
 - Covers: controller/service/core-domain/libs/model layering, dependency direction, responsibility placement, observability-friendly flow.
 ## Rules
 ### Keep business logic out of controllers
 - Category: maintainability
 - Severity: critical
 - Description: Controllers should parse input, call services, and return serialized responses. Business decisions inside controllers make behavior hard to reuse and test.
 - Suggested fix: Move domain/business logic into the service or core/domain layer. Keep controller handlers thin and orchestration-focused.
 - Example:
  - Bad:
    ```python
    @bp.post("/apps/<app_id>/publish")
    def publish_app(app_id: str):
        payload = request.get_json() or {}
        if payload.get("force") and current_user.role != "admin":
            raise ValueError("only admin can force publish")
        app = App.query.get(app_id)
        app.status = "published"
        db.session.commit()
        return {"result": "ok"}
    ```
  - Good:
    ```python
    @bp.post("/apps/<app_id>/publish")
    def publish_app(app_id: str):
        payload = PublishRequest.model_validate(request.get_json() or {})
        app_service.publish_app(app_id=app_id, force=payload.force, actor_id=current_user.id)
        return {"result": "ok"}
    ```
 ### Preserve layer dependency direction
 - Category: best practices
 - Severity: critical
 - Description: Controllers may depend on services, and services may depend on core/domain abstractions. Reversing this direction (for example, core importing controller/web modules) creates cycles and leaks transport concerns into domain code.
 - Suggested fix: Extract shared contracts into core/domain or service-level modules and make upper layers depend on lower, not the reverse.
 - Example:
  - Bad:
    ```python
    # core/policy/publish_policy.py
    from controllers.console.app import request_context
    def can_publish() -> bool:
        return request_context.current_user.is_admin
    ```
  - Good:
    ```python
    # core/policy/publish_policy.py
    def can_publish(role: str) -> bool:
        return role == "admin"
    # service layer adapts web/user context to domain input
    allowed = can_publish(role=current_user.role)
    ```
 ### Keep libs business-agnostic
 - Category: maintainability
 - Severity: critical
 - Description: Modules under `api/libs/` should remain reusable, business-agnostic building blocks. They must not encode product/domain-specific rules, workflow orchestration, or business decisions.
 - Suggested fix:
  - If business logic appears in `api/libs/`, extract it into the appropriate `services/` or `core/` module and keep `libs` focused on generic, cross-cutting helpers.
  - Keep `libs` dependencies clean: avoid importing service/controller/domain-specific modules into `api/libs/`.
 - Example:
  - Bad:
    ```python
    # api/libs/conversation_filter.py
    from services.conversation_service import ConversationService
    def should_archive_conversation(conversation, tenant_id: str) -> bool:
        # Domain policy and service dependency are leaking into libs.
        service = ConversationService()
        if service.has_paid_plan(tenant_id):
            return conversation.idle_days > 90
        return conversation.idle_days > 30
    ```
  - Good:
    ```python
    # api/libs/datetime_utils.py (business-agnostic helper)
    def older_than_days(idle_days: int, threshold_days: int) -> bool:
        return idle_days > threshold_days
    # services/conversation_service.py (business logic stays in service/core)
    from libs.datetime_utils import older_than_days
    def should_archive_conversation(conversation, tenant_id: str) -> bool:
        threshold_days = 90 if has_paid_plan(tenant_id) else 30
        return older_than_days(conversation.idle_days, threshold_days)
    ```
--- a/.agents/skills/backend-code-review/references/db-schema-rule.md
+++ b/.agents/skills/backend-code-review/references/db-schema-rule.md
@ -1,157 +0,0 @@
 # Rule Catalog — DB Schema Design
 ## Scope
 - Covers: model/base inheritance, schema boundaries in model properties, tenant-aware schema design, index redundancy checks, dialect portability in models, and cross-database compatibility in migrations.
 - Does NOT cover: session lifecycle, transaction boundaries, and query execution patterns (handled by `sqlalchemy-rule.md`).
 ## Rules
 ### Do not query other tables inside `@property`
 - Category: [maintainability, performance]
 - Severity: critical
 - Description: A model `@property` must not open sessions or query other tables. This hides dependencies across models, tightly couples schema objects to data access, and can cause N+1 query explosions when iterating collections.
 - Suggested fix:
  - Keep model properties pure and local to already-loaded fields.
  - Move cross-table data fetching to service/repository methods.
  - For list/batch reads, fetch required related data explicitly (join/preload/bulk query) before rendering derived values.
 - Example:
  - Bad:
    ```python
    class Conversation(TypeBase):
        __tablename__ = "conversations"
        @property
        def app_name(self) -> str:
            with Session(db.engine, expire_on_commit=False) as session:
                app = session.execute(select(App).where(App.id == self.app_id)).scalar_one()
                return app.name
    ```
  - Good:
    ```python
    class Conversation(TypeBase):
        __tablename__ = "conversations"
        @property
        def display_title(self) -> str:
            return self.name or "Untitled"
    # Service/repository layer performs explicit batch fetch for related App rows.
    ```
 ### Prefer including `tenant_id` in model definitions
 - Category: maintainability
 - Severity: suggestion
 - Description: In multi-tenant domains, include `tenant_id` in schema definitions whenever the entity belongs to tenant-owned data. This improves data isolation safety and keeps future partitioning/sharding strategies practical as data volume grows.
 - Suggested fix:
  - Add a `tenant_id` column and ensure related unique/index constraints include tenant dimension when applicable.
  - Propagate `tenant_id` through service/repository contracts to keep access paths tenant-aware.
  - Exception: if a table is explicitly designed as non-tenant-scoped global metadata, document that design decision clearly.
 - Example:
  - Bad:
    ```python
    from sqlalchemy.orm import Mapped
    class Dataset(TypeBase):
        __tablename__ = "datasets"
        id: Mapped[str] = mapped_column(StringUUID, primary_key=True)
        name: Mapped[str] = mapped_column(sa.String(255), nullable=False)
    ```
  - Good:
    ```python
    from sqlalchemy.orm import Mapped
    class Dataset(TypeBase):
        __tablename__ = "datasets"
        id: Mapped[str] = mapped_column(StringUUID, primary_key=True)
        tenant_id: Mapped[str] = mapped_column(StringUUID, nullable=False, index=True)
        name: Mapped[str] = mapped_column(sa.String(255), nullable=False)
    ```
 ### Detect and avoid duplicate/redundant indexes
 - Category: performance
 - Severity: suggestion
 - Description: Review index definitions for leftmost-prefix redundancy. For example, index `(a, b, c)` can safely cover most lookups for `(a, b)`. Keeping both may increase write overhead and can mislead the optimizer into suboptimal execution plans.
 - Suggested fix:
  - Before adding an index, compare against existing composite indexes by leftmost-prefix rules.
  - Drop or avoid creating redundant prefixes unless there is a proven query-pattern need.
  - Apply the same review standard in both model `__table_args__` and migration index DDL.
 - Example:
  - Bad:
    ```python
    __table_args__ = (
        sa.Index("idx_msg_tenant_app", "tenant_id", "app_id"),
        sa.Index("idx_msg_tenant_app_created", "tenant_id", "app_id", "created_at"),
    )
    ```
  - Good:
    ```python
    __table_args__ = (
        # Keep the wider index unless profiling proves a dedicated short index is needed.
        sa.Index("idx_msg_tenant_app_created", "tenant_id", "app_id", "created_at"),
    )
    ```
 ### Avoid PostgreSQL-only dialect usage in models; wrap in `models.types`
 - Category: maintainability
 - Severity: critical
 - Description: Model/schema definitions should avoid PostgreSQL-only constructs directly in business models. When database-specific behavior is required, encapsulate it in `api/models/types.py` using both PostgreSQL and MySQL dialect implementations, then consume that abstraction from model code.
 - Suggested fix:
  - Do not directly place dialect-only types/operators in model columns when a portable wrapper can be used.
  - Add or extend wrappers in `models.types` (for example, `AdjustedJSON`, `LongText`, `BinaryData`) to normalize behavior across PostgreSQL and MySQL.
 - Example:
  - Bad:
    ```python
    from sqlalchemy.dialects.postgresql import JSONB
    from sqlalchemy.orm import Mapped
    class ToolConfig(TypeBase):
        __tablename__ = "tool_configs"
        config: Mapped[dict] = mapped_column(JSONB, nullable=False)
    ```
  - Good:
    ```python
    from sqlalchemy.orm import Mapped
    from models.types import AdjustedJSON
    class ToolConfig(TypeBase):
        __tablename__ = "tool_configs"
        config: Mapped[dict] = mapped_column(AdjustedJSON(), nullable=False)
    ```
 ### Guard migration incompatibilities with dialect checks and shared types
 - Category: maintainability
 - Severity: critical
 - Description: Migration scripts under `api/migrations/versions/` must account for PostgreSQL/MySQL incompatibilities explicitly. For dialect-sensitive DDL or defaults, branch on the active dialect (for example, `conn.dialect.name == "postgresql"`), and prefer reusable compatibility abstractions from `models.types` where applicable.
 - Suggested fix:
  - In migration upgrades/downgrades, bind connection and branch by dialect for incompatible SQL fragments.
  - Reuse `models.types` wrappers in column definitions when that keeps behavior aligned with runtime models.
  - Avoid one-dialect-only migration logic unless there is a documented, deliberate compatibility exception.
 - Example:
  - Bad:
    ```python
    with op.batch_alter_table("dataset_keyword_tables") as batch_op:
        batch_op.add_column(
            sa.Column(
                "data_source_type",
                sa.String(255),
                server_default=sa.text("'database'::character varying"),
                nullable=False,
            )
        )
    ```
  - Good:
    ```python
    def _is_pg(conn) -> bool:
        return conn.dialect.name == "postgresql"
    conn = op.get_bind()
    default_expr = sa.text("'database'::character varying") if _is_pg(conn) else sa.text("'database'")
    with op.batch_alter_table("dataset_keyword_tables") as batch_op:
        batch_op.add_column(
            sa.Column("data_source_type", sa.String(255), server_default=default_expr, nullable=False)
        )
    ```
--- a/.agents/skills/backend-code-review/references/repositories-rule.md
+++ b/.agents/skills/backend-code-review/references/repositories-rule.md
@ -1,61 +0,0 @@
 # Rule Catalog - Repositories Abstraction
 ## Scope
 - Covers: when to reuse existing repository abstractions, when to introduce new repositories, and how to preserve dependency direction between service/core and infrastructure implementations.
 - Does NOT cover: SQLAlchemy session lifecycle and query-shape specifics (handled by `sqlalchemy-rule.md`), and table schema/migration design (handled by `db-schema-rule.md`).
 ## Rules
 ### Introduce repositories abstraction
 - Category: maintainability
 - Severity: suggestion
 - Description: If a table/model already has a repository abstraction, all reads/writes/queries for that table should use the existing repository. If no repository exists, introduce one only when complexity justifies it, such as large/high-volume tables, repeated complex query logic, or likely storage-strategy variation.
 - Suggested fix:
  - First check  `api/repositories`, `api/core/repositories`, and `api/extensions/*/repositories/` to verify whether the table/model already has a repository abstraction. If it exists, route all operations through it and add missing repository methods instead of bypassing it with ad-hoc SQLAlchemy access.
  - If no repository exists, add one only when complexity warrants it (for example, repeated complex queries, large data domains, or multiple storage strategies), while preserving dependency direction (service/core depends on abstraction; infra provides implementation).
 - Example:
  - Bad:
    ```python
    # Existing repository is ignored and service uses ad-hoc table queries.
    class AppService:
        def archive_app(self, app_id: str, tenant_id: str) -> None:
            app = self.session.execute(
                select(App).where(App.id == app_id, App.tenant_id == tenant_id)
            ).scalar_one()
            app.archived = True
            self.session.commit()
    ```
  - Good:
    ```python
    # Case A: Existing repository must be reused for all table operations.
    class AppService:
        def archive_app(self, app_id: str, tenant_id: str) -> None:
            app = self.app_repo.get_by_id(app_id=app_id, tenant_id=tenant_id)
            app.archived = True
            self.app_repo.save(app)
    # If the query is missing, extend the existing abstraction.
    active_apps = self.app_repo.list_active_for_tenant(tenant_id=tenant_id)
    ```
  - Bad:
    ```python
    # No repository exists, but large-domain query logic is scattered in service code.
    class ConversationService:
        def list_recent_for_app(self, app_id: str, tenant_id: str, limit: int) -> list[Conversation]:
            ...
            # many filters/joins/pagination variants duplicated across services
    ```
  - Good:
    ```python
    # Case B: Introduce repository for large/complex domains or storage variation.
    class ConversationRepository(Protocol):
        def list_recent_for_app(self, app_id: str, tenant_id: str, limit: int) -> list[Conversation]: ...
    class SqlAlchemyConversationRepository:
        def list_recent_for_app(self, app_id: str, tenant_id: str, limit: int) -> list[Conversation]:
            ...
    class ConversationService:
        def __init__(self, conversation_repo: ConversationRepository):
            self.conversation_repo = conversation_repo
    ```
--- a/.agents/skills/backend-code-review/references/sqlalchemy-rule.md
+++ b/.agents/skills/backend-code-review/references/sqlalchemy-rule.md
@ -1,139 +0,0 @@
 # Rule Catalog — SQLAlchemy Patterns
 ## Scope
 - Covers: SQLAlchemy session and transaction lifecycle, query construction, tenant scoping, raw SQL boundaries, and write-path concurrency safeguards.
 - Does NOT cover: table/model schema and migration design details (handled by `db-schema-rule.md`).
 ## Rules
 ### Use Session context manager with explicit transaction control behavior
 - Category: best practices
 - Severity: critical
 - Description: Session and transaction lifecycle must be explicit and bounded on write paths. Missing commits can silently drop intended updates, while ad-hoc or long-lived transactions increase contention, lock duration, and deadlock risk.
 - Suggested fix:
  - Use **explicit `session.commit()`** after completing a related write unit.
  - Or use **`session.begin()` context manager** for automatic commit/rollback on a scoped block.
  - Keep transaction windows short: avoid network I/O, heavy computation, or unrelated work inside the transaction.
 - Example:
  - Bad:
    ```python
    # Missing commit: write may never be persisted.
    with Session(db.engine, expire_on_commit=False) as session:
        run = session.get(WorkflowRun, run_id)
        run.status = "cancelled"
    # Long transaction: external I/O inside a DB transaction.
    with Session(db.engine, expire_on_commit=False) as session, session.begin():
        run = session.get(WorkflowRun, run_id)
        run.status = "cancelled"
        call_external_api()
    ```
  - Good:
    ```python
    # Option 1: explicit commit.
    with Session(db.engine, expire_on_commit=False) as session:
        run = session.get(WorkflowRun, run_id)
        run.status = "cancelled"
        session.commit()
    # Option 2: scoped transaction with automatic commit/rollback.
    with Session(db.engine, expire_on_commit=False) as session, session.begin():
        run = session.get(WorkflowRun, run_id)
        run.status = "cancelled"
    # Keep non-DB work outside transaction scope.
    call_external_api()
    ```
 ### Enforce tenant_id scoping on shared-resource queries
 - Category: security
 - Severity: critical
 - Description: Reads and writes against shared tables must be scoped by `tenant_id` to prevent cross-tenant data leakage or corruption.
 - Suggested fix: Add `tenant_id` predicate to all tenant-owned entity queries and propagate tenant context through service/repository interfaces.
 - Example:
  - Bad:
    ```python
    stmt = select(Workflow).where(Workflow.id == workflow_id)
    workflow = session.execute(stmt).scalar_one_or_none()
    ```
  - Good:
    ```python
    stmt = select(Workflow).where(
        Workflow.id == workflow_id,
        Workflow.tenant_id == tenant_id,
    )
    workflow = session.execute(stmt).scalar_one_or_none()
    ```
 ### Prefer SQLAlchemy expressions over raw SQL by default
 - Category: maintainability
 - Severity: suggestion
 - Description: Raw SQL should be exceptional. ORM/Core expressions are easier to evolve, safer to compose, and more consistent with the codebase.
 - Suggested fix: Rewrite straightforward raw SQL into SQLAlchemy `select/update/delete` expressions; keep raw SQL only when required by clear technical constraints.
 - Example:
  - Bad:
    ```python
    row = session.execute(
        text("SELECT * FROM workflows WHERE id = :id AND tenant_id = :tenant_id"),
        {"id": workflow_id, "tenant_id": tenant_id},
    ).first()
    ```
  - Good:
    ```python
    stmt = select(Workflow).where(
        Workflow.id == workflow_id,
        Workflow.tenant_id == tenant_id,
    )
    row = session.execute(stmt).scalar_one_or_none()
    ```
 ### Protect write paths with concurrency safeguards
 - Category: quality
 - Severity: critical
 - Description: Multi-writer paths without explicit concurrency control can silently overwrite data. Choose the safeguard based on contention level, lock scope, and throughput cost instead of defaulting to one strategy.
 - Suggested fix:
  - **Optimistic locking**: Use when contention is usually low and retries are acceptable. Add a version (or updated_at) guard in `WHERE` and treat `rowcount == 0` as a conflict.
  - **Redis distributed lock**: Use when the critical section spans multiple steps/processes (or includes non-DB side effects) and you need cross-worker mutual exclusion.
  - **SELECT ... FOR UPDATE**: Use when contention is high on the same rows and strict in-transaction serialization is required. Keep transactions short to reduce lock wait/deadlock risk.
  - In all cases, scope by `tenant_id` and verify affected row counts for conditional writes.
 - Example:
  - Bad:
    ```python
    # No tenant scope, no conflict detection, and no lock on a contested write path.
    session.execute(update(WorkflowRun).where(WorkflowRun.id == run_id).values(status="cancelled"))
    session.commit()  # silently overwrites concurrent updates
    ```
  - Good:
    ```python
    # 1) Optimistic lock (low contention, retry on conflict)
    result = session.execute(
        update(WorkflowRun)
        .where(
            WorkflowRun.id == run_id,
            WorkflowRun.tenant_id == tenant_id,
            WorkflowRun.version == expected_version,
        )
        .values(status="cancelled", version=WorkflowRun.version + 1)
    )
    if result.rowcount == 0:
        raise WorkflowStateConflictError("stale version, retry")
    # 2) Redis distributed lock (cross-worker critical section)
    lock_name = f"workflow_run_lock:{tenant_id}:{run_id}"
    with redis_client.lock(lock_name, timeout=20):
        session.execute(
            update(WorkflowRun)
            .where(WorkflowRun.id == run_id, WorkflowRun.tenant_id == tenant_id)
            .values(status="cancelled")
        )
        session.commit()
    # 3) Pessimistic lock with SELECT ... FOR UPDATE (high contention)
    run = session.execute(
        select(WorkflowRun)
        .where(WorkflowRun.id == run_id, WorkflowRun.tenant_id == tenant_id)
        .with_for_update()
    ).scalar_one()
    run.status = "cancelled"
    session.commit()
    ```
--- a/.agents/skills/component-refactoring/SKILL.md
+++ b/.agents/skills/component-refactoring/SKILL.md
@ -63,7 +63,7 @@ pnpm analyze-component <path> --json
 ```typescript
 // ❌ Before: Complex state logic in component
-function Configuration() {
+const Configuration: FC = () => {
  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
  const [datasetConfigs, setDatasetConfigs] = useState<DatasetConfigs>(...)
  const [completionParams, setCompletionParams] = useState<FormValue>({})
@ -85,7 +85,7 @@ export const useModelConfig = (appId: string) => {
 }
 // Component becomes cleaner
-function Configuration() {
+const Configuration: FC = () => {
  const { modelConfig, setModelConfig } = useModelConfig(appId)
  return <div>...</div>
 }
@ -187,10 +187,53 @@ const Template = useMemo(() => {
 **When**: Component directly handles API calls, data transformation, or complex async operations.
-**Dify Convention**:
+**Dify Convention**: Use `@tanstack/react-query` hooks from `web/service/use-*.ts` or create custom data hooks.
- This skill is for component decomposition, not query/mutation design.
+
- Do not introduce deprecated `useInvalid` / `useReset`.
+```typescript
- Do not add thin passthrough `useQuery` wrappers during refactoring; only extract a custom hook when it truly orchestrates multiple queries/mutations or shared derived state.
+// ❌ Before: API logic in component
 const MCPServiceCard = () => {
  const [basicAppConfig, setBasicAppConfig] = useState({})
  useEffect(() => {
    if (isBasicApp && appId) {
      (async () => {
        const res = await fetchAppDetail({ url: '/apps', id: appId })
        setBasicAppConfig(res?.model_config || {})
      })()
    }
  }, [appId, isBasicApp])
  // More API-related logic...
 }
 // ✅ After: Extract to data hook using React Query
 // use-app-config.ts
 import { useQuery } from '@tanstack/react-query'
 import { get } from '@/service/base'
 const NAME_SPACE = 'appConfig'
 export const useAppConfig = (appId: string, isBasicApp: boolean) => {
  return useQuery({
    enabled: isBasicApp && !!appId,
    queryKey: [NAME_SPACE, 'detail', appId],
    queryFn: () => get<AppDetailResponse>(`/apps/${appId}`),
    select: data => data?.model_config || {},
  })
 }
 // Component becomes cleaner
 const MCPServiceCard = () => {
  const { data: config, isLoading } = useAppConfig(appId, isBasicApp)
  // UI only
 }
 ```
 **React Query Best Practices in Dify**:
 - Define `NAME_SPACE` for query key organization
 - Use `enabled` option for conditional fetching
 - Use `select` for data transformation
 - Export invalidation hooks: `useInvalidXxx`
 **Dify Examples**:
 - `web/service/use-workflow.ts`
@ -365,7 +408,7 @@ For each extraction:
  ┌────────────────────────────────────────┐
  │ 1. Extract code                        │
  │ 2. Run: pnpm lint:fix                  │
-  │ 3. Run: pnpm type-check                │
+  │ 3. Run: pnpm type-check:tsgo           │
  │ 4. Run: pnpm test                      │
  │ 5. Test functionality manually         │
  │ 6. PASS? → Next extraction             │
@ -437,4 +480,4 @@ const useButtonState = () => {
 ### Related Skills
 - `frontend-testing` - For testing refactored components
- `web/docs/test.md` - Testing specification
+- `web/testing/testing.md` - Testing specification
--- a/.agents/skills/component-refactoring/references/complexity-patterns.md
+++ b/.agents/skills/component-refactoring/references/complexity-patterns.md
@ -60,10 +60,8 @@ const Template = useMemo(() => {
 **After** (complexity: ~3):
 ```typescript
 import type { ComponentType } from 'react'
 // Define lookup table outside component
-const TEMPLATE_MAP: Record<AppModeEnum, Record<string, ComponentType<TemplateProps>>> = {
+const TEMPLATE_MAP: Record<AppModeEnum, Record<string, FC<TemplateProps>>> = {
  [AppModeEnum.CHAT]: {
    [LanguagesSupported[1]]: TemplateChatZh,
    [LanguagesSupported[7]]: TemplateChatJa,
--- a/.agents/skills/component-refactoring/references/component-splitting.md
+++ b/.agents/skills/component-refactoring/references/component-splitting.md
@ -65,10 +65,10 @@ interface ConfigurationHeaderProps {
  onPublish: () => void
 }
-function ConfigurationHeader({
+const ConfigurationHeader: FC<ConfigurationHeaderProps> = ({
  isAdvancedMode,
  onPublish,
-}: ConfigurationHeaderProps) {
+}) => {
  const { t } = useTranslation()
  return (
@ -136,7 +136,7 @@ const AppInfo = () => {
 }
 // ✅ After: Separate view components
-function AppInfoExpanded({ appDetail, onAction }: AppInfoViewProps) {
+const AppInfoExpanded: FC<AppInfoViewProps> = ({ appDetail, onAction }) => {
  return (
    <div className="expanded">
      {/* Clean, focused expanded view */}
@ -144,7 +144,7 @@ function AppInfoExpanded({ appDetail, onAction }: AppInfoViewProps) {
  )
 }
-function AppInfoCollapsed({ appDetail, onAction }: AppInfoViewProps) {
+const AppInfoCollapsed: FC<AppInfoViewProps> = ({ appDetail, onAction }) => {
  return (
    <div className="collapsed">
      {/* Clean, focused collapsed view */}
@ -203,12 +203,12 @@ interface AppInfoModalsProps {
  onSuccess: () => void
 }
-function AppInfoModals({
+const AppInfoModals: FC<AppInfoModalsProps> = ({
  appDetail,
  activeModal,
  onClose,
  onSuccess,
-}: AppInfoModalsProps) {
+}) => {
  const handleEdit = async (data) => { /* logic */ }
  const handleDuplicate = async (data) => { /* logic */ }
  const handleDelete = async () => { /* logic */ }
@ -296,7 +296,7 @@ interface OperationItemProps {
  onAction: (id: string) => void
 }
-function OperationItem({ operation, onAction }: OperationItemProps) {
+const OperationItem: FC<OperationItemProps> = ({ operation, onAction }) => {
  return (
    <div className="operation-item">
      <span className="icon">{operation.icon}</span>
@ -435,7 +435,7 @@ interface ChildProps {
  onSubmit: () => void
 }
-function Child({ value, onChange, onSubmit }: ChildProps) {
+const Child: FC<ChildProps> = ({ value, onChange, onSubmit }) => {
  return (
    <div>
      <input value={value} onChange={e => onChange(e.target.value)} />
--- a/.agents/skills/component-refactoring/references/hook-extraction.md
+++ b/.agents/skills/component-refactoring/references/hook-extraction.md
@ -112,13 +112,13 @@ export const useModelConfig = ({
 ```typescript
 // Before: 50+ lines of state management
-function Configuration() {
+const Configuration: FC = () => {
  const [modelConfig, setModelConfig] = useState<ModelConfig>(...)
  // ... lots of related state and effects
 }
 // After: Clean component
-function Configuration() {
+const Configuration: FC = () => {
  const {
    modelConfig,
    setModelConfig,
@ -155,12 +155,48 @@ function Configuration() {
 ## Common Hook Patterns in Dify
-### 1. Data Fetching / Mutation Hooks
+### 1. Data Fetching Hook (React Query)
-When hook extraction touches query or mutation code, do not use this reference as the source of truth for data-layer patterns.
+```typescript
 // Pattern: Use @tanstack/react-query for data fetching
 import { useQuery, useQueryClient } from '@tanstack/react-query'
 import { get } from '@/service/base'
 import { useInvalid } from '@/service/use-base'
- Do not introduce deprecated `useInvalid` / `useReset`.
+const NAME_SPACE = 'appConfig'
- Do not extract thin passthrough `useQuery` hooks; only extract orchestration hooks.
+
 // Query keys for cache management
 export const appConfigQueryKeys = {
  detail: (appId: string) => [NAME_SPACE, 'detail', appId] as const,
 }
 // Main data hook
 export const useAppConfig = (appId: string) => {
  return useQuery({
    enabled: !!appId,
    queryKey: appConfigQueryKeys.detail(appId),
    queryFn: () => get<AppDetailResponse>(`/apps/${appId}`),
    select: data => data?.model_config || null,
  })
 }
 // Invalidation hook for refreshing data
 export const useInvalidAppConfig = () => {
  return useInvalid([NAME_SPACE])
 }
 // Usage in component
 const Component = () => {
  const { data: config, isLoading, error, refetch } = useAppConfig(appId)
  const invalidAppConfig = useInvalidAppConfig()
  const handleRefresh = () => {
    invalidAppConfig() // Invalidates cache and triggers refetch
  }
  return <div>...</div>
 }
 ```
 ### 2. Form State Hook
--- a/.agents/skills/e2e-cucumber-playwright/SKILL.md
+++ b/.agents/skills/e2e-cucumber-playwright/SKILL.md
@ -1,79 +0,0 @@
 ---
 name: e2e-cucumber-playwright
 description: Write, update, or review Dify end-to-end tests under `e2e/` that use Cucumber, Gherkin, and Playwright. Use when the task involves `.feature` files, `features/step-definitions/`, `features/support/`, `DifyWorld`, scenario tags, locator/assertion choices, or E2E testing best practices for this repository.
 ---
 # Dify E2E Cucumber + Playwright
 Use this skill for Dify's repository-level E2E suite in `e2e/`. Use [`e2e/AGENTS.md`](../../../e2e/AGENTS.md) as the canonical guide for local architecture and conventions, then apply Playwright/Cucumber best practices only where they fit the current suite.
 ## Scope
 - Use this skill for `.feature` files, Cucumber step definitions, `DifyWorld`, hooks, tags, and E2E review work under `e2e/`.
 - Do not use this skill for Vitest or React Testing Library work under `web/`; use `frontend-testing` instead.
 - Do not use this skill for backend test or API review tasks under `api/`.
 ## Read Order
 1. Read [`e2e/AGENTS.md`](../../../e2e/AGENTS.md) first.
 2. Read only the files directly involved in the task:
   - target `.feature` files under `e2e/features/`
   - related step files under `e2e/features/step-definitions/`
   - `e2e/features/support/hooks.ts` and `e2e/features/support/world.ts` when session lifecycle or shared state matters
   - `e2e/scripts/run-cucumber.ts` and `e2e/cucumber.config.ts` when tags or execution flow matter
 3. Read [`references/playwright-best-practices.md`](references/playwright-best-practices.md) only when locator, assertion, isolation, or waiting choices are involved.
 4. Read [`references/cucumber-best-practices.md`](references/cucumber-best-practices.md) only when scenario wording, step granularity, tags, or expression design are involved.
 5. Re-check official Playwright or Cucumber docs with the available documentation tools before introducing a new framework pattern.
 ## Local Rules
 - `e2e/` uses Cucumber for scenarios and Playwright as the browser layer.
 - `DifyWorld` is the per-scenario context object. Type `this` as `DifyWorld` and use `async function`, not arrow functions.
 - Keep glue organized by capability under `e2e/features/step-definitions/`; use `common/` only for broadly reusable steps.
 - Browser session behavior comes from `features/support/hooks.ts`:
  - default: authenticated session with shared storage state
  - `@unauthenticated`: clean browser context
  - `@authenticated`: readability/selective-run tag only unless implementation changes
  - `@fresh`: only for `e2e:full*` flows
 - Do not import Playwright Test runner patterns that bypass the current Cucumber + `DifyWorld` architecture unless the task is explicitly about changing that architecture.
 ## Workflow
 1. Rebuild local context.
   - Inspect the target feature area.
   - Reuse an existing step when wording and behavior already match.
   - Add a new step only for a genuinely new user action or assertion.
   - Keep edits close to the current capability folder unless the step is broadly reusable.
 2. Write behavior-first scenarios.
   - Describe user-observable behavior, not DOM mechanics.
   - Keep each scenario focused on one workflow or outcome.
   - Keep scenarios independent and re-runnable.
 3. Write step definitions in the local style.
   - Keep one step to one user-visible action or one assertion.
   - Prefer Cucumber Expressions such as `{string}` and `{int}`.
   - Scope locators to stable containers when the page has repeated elements.
   - Avoid page-object layers or extra helper abstractions unless repeated complexity clearly justifies them.
 4. Use Playwright in the local style.
   - Prefer user-facing locators: `getByRole`, `getByLabel`, `getByPlaceholder`, `getByText`, then `getByTestId` for explicit contracts.
   - Use web-first `expect(...)` assertions.
   - Do not use `waitForTimeout`, manual polling, or raw visibility checks when a locator action or retrying assertion already expresses the behavior.
 5. Validate narrowly.
   - Run the narrowest tagged scenario or flow that exercises the change.
   - Run `pnpm -C e2e check`.
   - Broaden verification only when the change affects hooks, tags, setup, or shared step semantics.
 ## Review Checklist
 - Does the scenario describe behavior rather than implementation?
 - Does it fit the current session model, tags, and `DifyWorld` usage?
 - Should an existing step be reused instead of adding a new one?
 - Are locators user-facing and assertions web-first?
 - Does the change introduce hidden coupling across scenarios, tags, or instance state?
 - Does it document or implement behavior that differs from the real hooks or configuration?
 Lead findings with correctness, flake risk, and architecture drift.
 ## References
 - [`references/playwright-best-practices.md`](references/playwright-best-practices.md)
 - [`references/cucumber-best-practices.md`](references/cucumber-best-practices.md)
--- a/.agents/skills/e2e-cucumber-playwright/agents/openai.yaml
+++ b/.agents/skills/e2e-cucumber-playwright/agents/openai.yaml
@ -1,4 +0,0 @@
 interface:
  display_name: "E2E Cucumber + Playwright"
  short_description: "Write and review Dify E2E scenarios."
  default_prompt: "Use $e2e-cucumber-playwright to write or review a Dify E2E scenario under e2e/."
--- a/.agents/skills/e2e-cucumber-playwright/references/cucumber-best-practices.md
+++ b/.agents/skills/e2e-cucumber-playwright/references/cucumber-best-practices.md
@ -1,93 +0,0 @@
 # Cucumber Best Practices For Dify E2E
 Use this reference when writing or reviewing Gherkin scenarios, step definitions, parameter expressions, and step reuse in Dify's `e2e/` suite.
 Official sources:
 - https://cucumber.io/docs/guides/10-minute-tutorial/
 - https://cucumber.io/docs/cucumber/step-definitions/
 - https://cucumber.io/docs/cucumber/cucumber-expressions/
 ## What Matters Most
 ### 1. Treat scenarios as executable specifications
 Cucumber scenarios should describe examples of behavior, not test implementation recipes.
 Apply it like this:
 - write what the user does and what should happen
 - avoid UI-internal wording such as selector details, DOM structure, or component names
 - keep language concrete enough that the scenario reads like living documentation
 ### 2. Keep scenarios focused
 A scenario should usually prove one workflow or business outcome. If a scenario wanders across several unrelated behaviors, split it.
 In Dify's suite, this means:
 - one capability-focused scenario per feature path
 - no long setup chains when existing bootstrap or reusable steps already cover them
 - no hidden dependency on another scenario's side effects
 ### 3. Reuse steps, but only when behavior really matches
 Good reuse reduces duplication. Bad reuse hides meaning.
 Prefer reuse when:
 - the user action is genuinely the same
 - the expected outcome is genuinely the same
 - the wording stays natural across features
 Write a new step when:
 - the behavior is materially different
 - reusing the old wording would make the scenario misleading
 - a supposedly generic step would become an implementation-detail wrapper
 ### 4. Prefer Cucumber Expressions
 Use Cucumber Expressions for parameters unless regex is clearly necessary.
 Common examples:
 - `{string}` for labels, names, and visible text
 - `{int}` for counts
 - `{float}` for decimal values
 - `{word}` only when the value is truly a single token
 Keep expressions readable. If a step needs complicated parsing logic, first ask whether the scenario wording should be simpler.
 ### 5. Keep step definitions thin and meaningful
 Step definitions are glue between Gherkin and automation, not a second abstraction language.
 For Dify:
 - type `this` as `DifyWorld`
 - use `async function`
 - keep each step to one user-visible action or assertion
 - rely on `DifyWorld` and existing support code for shared context
 - avoid leaking cross-scenario state
 ### 6. Use tags intentionally
 Tags should communicate run scope or session semantics, not become ad hoc metadata.
 In Dify's current suite:
 - capability tags group related scenarios
 - `@unauthenticated` changes session behavior
 - `@authenticated` is descriptive/selective, not a behavior switch by itself
 - `@fresh` belongs to reset/full-install flows only
 If a proposed tag implies behavior, verify that hooks or runner configuration actually implement it.
 ## Review Questions
 - Does the scenario read like a real example of product behavior?
 - Are the steps behavior-oriented instead of implementation-oriented?
 - Is a reused step still truthful in this feature?
 - Is a new tag documenting real behavior, or inventing semantics that the suite does not implement?
 - Would a new reader understand the outcome without opening the step-definition file?
--- a/.agents/skills/e2e-cucumber-playwright/references/playwright-best-practices.md
+++ b/.agents/skills/e2e-cucumber-playwright/references/playwright-best-practices.md
@ -1,96 +0,0 @@
 # Playwright Best Practices For Dify E2E
 Use this reference when writing or reviewing locator, assertion, isolation, or synchronization logic for Dify's Cucumber-based E2E suite.
 Official sources:
 - https://playwright.dev/docs/best-practices
 - https://playwright.dev/docs/locators
 - https://playwright.dev/docs/test-assertions
 - https://playwright.dev/docs/browser-contexts
 ## What Matters Most
 ### 1. Keep scenarios isolated
 Playwright's model is built around clean browser contexts so one test does not leak into another. In Dify's suite, that principle maps to per-scenario session setup in `features/support/hooks.ts` and `DifyWorld`.
 Apply it like this:
 - do not depend on another scenario having run first
 - do not persist ad hoc scenario state outside `DifyWorld`
 - do not couple ordinary scenarios to `@fresh` behavior
 - when a flow needs special auth/session semantics, express that through the existing tag model or explicit hook changes
 ### 2. Prefer user-facing locators
 Playwright recommends built-in locators that reflect what users perceive on the page.
 Preferred order in this repository:
 1. `getByRole`
 2. `getByLabel`
 3. `getByPlaceholder`
 4. `getByText`
 5. `getByTestId` when an explicit test contract is the most stable option
 Avoid raw CSS/XPath selectors unless no stable user-facing contract exists and adding one is not practical.
 Also remember:
 - repeated content usually needs scoping to a stable container
 - exact text matching is often too brittle when role/name or label already exists
 - `getByTestId` is acceptable when semantics are weak but the contract is intentional
 ### 3. Use web-first assertions
 Playwright assertions auto-wait and retry. Prefer them over manual state inspection.
 Prefer:
 - `await expect(page).toHaveURL(...)`
 - `await expect(locator).toBeVisible()`
 - `await expect(locator).toBeHidden()`
 - `await expect(locator).toBeEnabled()`
 - `await expect(locator).toHaveText(...)`
 Avoid:
 - `expect(await locator.isVisible()).toBe(true)`
 - custom polling loops for DOM state
 - `waitForTimeout` as synchronization
 If a condition genuinely needs custom retry logic, use Playwright's polling/assertion tools deliberately and keep that choice local and explicit.
 ### 4. Let actions wait for actionability
 Locator actions already wait for the element to be actionable. Do not preface every click/fill with extra timing logic unless the action needs a specific visible/ready assertion for clarity.
 Good pattern:
 - assert a meaningful visible state when that is part of the behavior
 - then click/fill/select via locator APIs
 Bad pattern:
 - stack arbitrary waits before every action
 - wait on unstable implementation details instead of the visible state the user cares about
 ### 5. Match debugging to the current suite
 Playwright's wider ecosystem supports traces and rich debugging tools. Dify's current suite already captures:
 - full-page screenshots
 - page HTML
 - console errors
 - page errors
 Use the existing artifact flow by default. If a task is specifically about improving diagnostics, confirm the change fits the current Cucumber architecture before importing broader Playwright tooling.
 ## Review Questions
 - Would this locator survive DOM refactors that do not change user-visible behavior?
 - Is this assertion using Playwright's retrying semantics?
 - Is any explicit wait masking a real readiness problem?
 - Does this code preserve per-scenario isolation?
 - Is a new abstraction really needed, or does it bypass the existing `DifyWorld` + step-definition model?
--- a/.agents/skills/frontend-code-review/SKILL.md
+++ b/.agents/skills/frontend-code-review/SKILL.md
@ -1,93 +1,73 @@
 ---
 name: frontend-code-review
-description: Review Dify frontend code for correctness, accessibility, component design, dify-ui usage, data/query boundaries, performance, and tests. Trigger for `.tsx`, `.ts`, `.js`, UI, React, Next.js, pending-change, or focused frontend review requests.
+description: "Trigger when the user requests a review of frontend files (e.g., `.tsx`, `.ts`, `.js`). Support both pending-change reviews and focused file reviews while applying the checklist rules."
 ---
 # Frontend Code Review
-## When To Use
+## Intent
 Use this skill whenever the user asks to review frontend code (especially `.tsx`, `.ts`, or `.js` files). Support two review modes:
-Use this skill when the user asks to review, audit, analyze, or sanity-check frontend code under `web/`, `packages/dify-ui/`, or frontend-adjacent TypeScript files.
+1. **Pending-change review** – inspect staged/working-tree files slated for commit and flag checklist violations before submission.
 2. **File-targeted review** – review the specific file(s) the user names and report the relevant checklist findings.
-Supported modes:
+Stick to the checklist below for every applicable file and mode.
- **Pending-change review**: inspect staged and working-tree changes.
+## Checklist
- **File-focused review**: inspect explicitly named files or paths.
+See [references/code-quality.md](references/code-quality.md), [references/performance.md](references/performance.md), [references/business-logic.md](references/business-logic.md) for the living checklist split by category—treat it as the canonical set of rules to follow.
 - **Diff/snippet review**: review pasted diffs or snippets using best-effort references.
-Do not use this skill for backend-only code under `api/`; use `backend-code-review` instead.
+Flag each rule violation with urgency metadata so future reviewers can prioritize fixes.
 ## Required Context
 Before reviewing, read the relevant local contracts:
 - `web/AGENTS.md` for Dify frontend workflow, overlays, design tokens, state, and tests.
 - `packages/dify-ui/README.md` and `packages/dify-ui/AGENTS.md` when code uses or changes `@langgenius/dify-ui/*`.
 - `web/docs/overlay.md` when reviewing dialogs, drawers, popovers, tooltips, menus, selects, comboboxes, or other floating UI.
 - `web/docs/test.md` and the `frontend-testing` skill when reviewing tests or testability.
 - `how-to-write-component` when reviewing React component structure, ownership, effects, query/mutation contracts, or memoization.
 For any UI, UX, or accessibility review, fetch the latest Web Interface Guidelines before finalizing findings. Treat them as a required baseline, not the complete source of accessibility truth:
 ```text
 https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md
 ```
 If the review depends on a current framework, SDK, browser API, or accessibility behavior and local code does not settle it, check the current official docs first. For browser compatibility, deprecation, or behavior-sensitive frontend APIs, verify MDN or the relevant standard.
 ## Rule Packs
 Apply every relevant rule pack:
 - [references/accessibility-ui.md](references/accessibility-ui.md) — accessibility, semantic HTML, focus, forms, keyboard, disabled states, copy, and long-content behavior. Combines Web Interface Guidelines with Dify UI, Base UI, MDN, and local primitive contracts.
 - [references/dify-ui.md](references/dify-ui.md) — Dify UI primitive usage, Base UI semantics, overlays, forms, tokens, radius mapping, and primitive boundaries.
 - [references/component-architecture.md](references/component-architecture.md) — component ownership, props, state, effects, exports, wrappers, and feature organization.
 - [references/data-query-contracts.md](references/data-query-contracts.md) — generated contracts, TanStack Query, mutations, workspace/auth/SSR boundaries, URL/local storage state.
 - [references/performance.md](references/performance.md) — React/Next performance review rules from Vercel guidance, scoped to real risk.
 - [references/testing.md](references/testing.md) — frontend test review rules.
 - [references/dify-invariants.md](references/dify-invariants.md) — stable Dify-specific runtime invariants that generic React/a11y rules will not catch.
 - [references/code-quality.md](references/code-quality.md) — general TypeScript, styling, naming, and maintainability rules.
 ## Review Process
 1. Open the relevant component/module. Gather lines that relate to class names, React Flow hooks, prop memoization, and styling.
 2. For each rule in the review point, note where the code deviates and capture a representative snippet.
 3. Compose the review section per the template below. Group violations first by **Urgent** flag, then by category order (Code Quality, Performance, Business Logic).
-1. Identify the review scope. For pending changes, inspect `git diff --stat`, `git diff`, and staged diff if relevant. For file-focused reviews, stay within the named files unless a referenced owner/contract must be read.
+## Required output
-2. Read code around the changed lines and the owning module. Do not review by isolated snippets when nearby ownership, labels, query inputs, or overlay structure decide correctness.
+When invoked, the response must exactly follow one of the two templates:
 3. Check user-visible regressions first: accessibility, broken interaction, auth/permission leaks, query/hydration errors, data loss, navigation mistakes, and impossible states.
 4. Then check maintainability and performance: ownership, effects, wrappers, memoization, bundle/waterfall risks, tests, and design-system drift.
 5. Report only actionable findings. Do not list speculative risks, style preferences, or broad refactors unless they are directly tied to a reproducible issue in scope.
-## Severity
+### Template A (any findings)
 ```
 # Code review
 Found <N> urgent issues need to be fixed:
- **P0**: security/privacy/auth leak, data loss, production crash, inaccessible critical flow, or broken primary workflow.
+## 1 <brief description of bug>
- **P1**: user-visible regression, hydration/SSR failure, invalid API/query contract, broken keyboard/focus behavior, or serious design-system/a11y violation.
+FilePath: <path> line <line>
- **P2**: maintainability or performance issue likely to cause bugs, duplicated state, incorrect ownership, missing tests for risky behavior, or non-critical a11y issue.
+<relevant code snippet or pointer>
 - **P3**: minor cleanup with clear value. Omit unless the user asked for a thorough audit.
 ## Output Format
-Lead with findings, ordered by severity. Use this structure:
+### Suggested fix
 <brief description of suggested fix>
-```markdown
+---
-## Findings
+... (repeat for each urgent issue) ...
- [P1] Short issue title
+Found <M> suggestions for improvement:
  File: `path/to/file.tsx:123`
  Why it matters and how to reproduce or reason about it.
  Suggested fix: concrete fix direction.
-## Open Questions
+## 1 <brief description of suggestion>
 FilePath: <path> line <line>
 <relevant code snippet or pointer>
 - Question or assumption, if any.
-## Summary
+### Suggested fix
 <brief description of suggested fix>
-Brief secondary context. Mention tests not run or residual risk.
+---
 ... (repeat for each suggestion) ...
 ```
-Rules:
+If there are no urgent issues, omit that section. If there are no suggestions, omit that section.
 If the issue number is more than 10, summarize as "10+ urgent issues" or "10+ suggestions" and just output the first 10 issues.
 Don't compress the blank lines between sections; keep them as-is for readability.
 If you use Template A (i.e., there are issues to fix) and at least one issue requires code changes, append a brief follow-up question after the structured output asking whether the user wants you to apply the suggested fix(es). For example: "Would you like me to use the Suggested fix section to address these issues?"
 ### Template B (no issues)
 ```
 ## Code review
 No issues found.
 ```
 - If there are no findings, say `No issues found.` and mention any test gaps or residual risk.
 - Always include file and line when available.
 - Keep findings concrete and reproducible.
 - Do not include praise sections by default.
 - Do not ask to apply fixes unless the user explicitly wants review plus implementation.
--- a/.agents/skills/frontend-code-review/references/accessibility-ui.md
+++ b/.agents/skills/frontend-code-review/references/accessibility-ui.md
@ -1,109 +0,0 @@
 # Accessibility And UI Rules
 Accessibility findings are first-class review findings. Treat broken keyboard access, missing accessible names, focus loss, and unreachable popup content as correctness bugs, not polish.
 Before finalizing UI or accessibility findings, fetch the latest Web Interface Guidelines as a required baseline:
 ```text
 https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md
 ```
 Do not treat that document as the complete accessibility rule set. Combine it with:
 - `packages/dify-ui/README.md`, `packages/dify-ui/AGENTS.md`, and the relevant primitive implementation when code uses `@langgenius/dify-ui/*`.
 - Base UI docs and local `.d.ts` contracts when primitive semantics, focus target, labels, or popup reachability are unclear.
 - MDN or relevant WAI-ARIA/browser standards when behavior, compatibility, or deprecation status matters.
 - The current feature's product semantics, because an accessible primitive can still be used in an inaccessible workflow.
 ## Semantic HTML
 Flag:
 - Clickable `div` or `span` used for actions.
 - Router navigation implemented with button or `onClick` when a `Link` / `<a>` is the real semantic element.
 - Icon-only buttons without `aria-label` or `aria-labelledby`.
 - Decorative icons missing `aria-hidden="true"`.
 - Images without `alt`; use `alt=""` only when truly decorative.
 - Heading levels that skip hierarchy in page-level content.
 Prefer semantic HTML before ARIA.
 ## Keyboard And Focus
 Flag:
 - Interactive elements without visible `focus-visible` treatment.
 - `outline-none` / `outline-hidden` without an equivalent focus-visible ring or state.
 - Custom interactive elements missing keyboard handling.
 - Focus trapped, lost, or sent to the wrong surface after dialog/popover/menu close.
 - Focus ring applied to the wrong DOM node. Verify the actual focus target, especially with Base UI controls such as Slider.
 Use `focus-visible` for keyboard focus. Use `focus-within` or `has-[:focus-visible]` when the visual wrapper is not the focused element.
 ## Forms
 Flag:
 - Inputs, selects, switches, checkboxes, radios, comboboxes, or sliders without a label relationship.
 - Missing stable `name` on form fields that submit or validate.
 - Incorrect input `type`, `inputMode`, `autoComplete`, or `spellCheck` for email, token, URL, number, search, code, or username fields.
 - Labels that are not clickable.
 - Submit buttons disabled before a request starts, preventing normal submit behavior.
 - Non-submit buttons inside forms missing `type="button"`.
 - Errors not associated with fields or not reachable by screen readers.
 - Error recovery that does not focus or expose the first invalid field.
 - `onPaste` blocking paste.
 - Placeholder text used as the only label.
 - Password managers accidentally triggered on non-auth fields because autocomplete is missing or wrong.
 Prefer visible labels. If visible surrounding text already labels the control, use a visually hidden label or a precise `aria-label`.
 ## Disabled, Loading, And Async States
 Flag:
 - Loading state without `aria-busy`, `role="status"`, or another accessible update path when it changes user interaction.
 - Spinner or decorative loading icon exposed to screen readers.
 - Disabled controls that hide the reason users cannot proceed.
 - `aria-disabled` used without manually blocking click, Space, and Enter.
 - Toasts, inline validation, or async status changes that are not announced when users need the update to continue.
 - Icon-only loading/error affordances without text or accessible status where the state matters.
 Use native `disabled` when the control must not be interactive. Use `aria-disabled` only when the element must remain focusable and the code handles all blocked interactions.
 For repeated shared disabled reasons, prefer a visible group message or badge plus native disabled controls. Use per-control popover/info only when the reason is item-specific.
 ## Overlays And Popup Reachability
 Flag:
 - Tooltip used for long, structured, interactive, or unique information.
 - Tooltip content required to understand or complete a flow.
 - PreviewCard content that touch or screen-reader users cannot reach through the trigger's click destination.
 - Popover/dialog/menu triggers without accessible names.
 - Popup content without title/description where the primitive requires them.
 Use Popover for explanatory content, rich help, and infotips. Use Tooltip only as a short visual label for a trigger that already has an accessible name.
 ## Long Content And Layout
 Flag:
 - Text in flex/grid children without `min-w-0` when it can overflow.
 - Names, labels, file names, model names, workspace names, or user content lacking `truncate`, `line-clamp`, or `break-words`.
 - Right-side icons, badges, checks, or actions that shrink before the text area.
 - Empty arrays or empty strings rendering broken layout instead of an empty state.
 - Button, tab, badge, chip, menu item, or card text that can overlap sibling controls at common viewport widths.
 The usual Dify layout chain is: container has width constraints, text region uses `min-w-0 flex-1 truncate`, adornments use `shrink-0`.
 ## Motion, Images, And Copy
 Flag:
 - `transition-all`.
 - Animations that do not respect reduced motion.
 - Layout-affecting animation where transform/opacity would work.
 - Images without dimensions.
 - Loading copy using `...` instead of `…`.
 - Hardcoded dates, times, numbers, or currency formats instead of `Intl.*`.
--- a/.agents/skills/frontend-code-review/references/business-logic.md
+++ b/.agents/skills/frontend-code-review/references/business-logic.md
@ -0,0 +1,15 @@
 # Rule Catalog — Business Logic
 ## Can't use workflowStore in Node components
 IsUrgent: True
 ### Description
 File path pattern of node components: `web/app/components/workflow/nodes/[nodeName]/node.tsx`
 Node components are also used when creating a RAG Pipe from a template, but in that context there is no workflowStore Provider, which results in a blank screen. [This Issue](https://github.com/langgenius/dify/issues/29168) was caused by exactly this reason.
 ### Suggested Fix
 Use `import { useNodes } from 'reactflow'` instead of `import useNodes from '@/app/components/workflow/store/workflow/use-nodes'`.
--- a/.agents/skills/frontend-code-review/references/code-quality.md
+++ b/.agents/skills/frontend-code-review/references/code-quality.md
@ -1,66 +1,44 @@
-# Code Quality Rules
+# Rule Catalog — Code Quality
-## Scope Control
+## Conditional class names use utility function
-Flag changes that expand beyond the requested feature or review scope:
+IsUrgent: True
 Category: Code Quality
- Repo-wide cleanup mixed into a targeted fix.
+### Description
 - Compatibility exports, aliases, shims, or wrapper layers added without an explicit migration requirement.
 - Shared abstractions created before there is stable cross-feature reuse.
 - Business components moved into generic shared locations without a clear ownership boundary.
-## TypeScript
+Ensure conditional CSS is handled via the shared `classNames` instead of custom ternaries, string concatenation, or template strings. Centralizing class logic keeps components consistent and easier to maintain.
-Flag:
+### Suggested Fix
- `any` or broad `Record<string, any>` where generated/API types or local domain types exist.
+```ts
- Re-declared API shapes instead of importing generated or returned types.
+import { cn } from '@/utils/classnames'
- Weak route/query param typing that leaks `string | string[] | undefined` deep into components.
+const classNames = cn(isActive ? 'text-primary-600' : 'text-gray-500')
- Runtime wrappers added only to satisfy TypeScript when a narrower type boundary would preserve the existing runtime shape.
+```
-Prefer:
+## Tailwind-first styling
- Explicit domain names that match the API contract.
+IsUrgent: True
- Type narrowing at route/API boundaries.
+Category: Code Quality
 - Small conversion helpers colocated with the component that needs them.
-## Styling
+### Description
-Flag:
+Favor Tailwind CSS utility classes instead of adding new `.module.css` files unless a Tailwind combination cannot achieve the required styling. Keeping styles in Tailwind improves consistency and reduces maintenance overhead.
- New CSS modules or ad hoc CSS when Tailwind utilities and Dify tokens cover the need.
+Update this file when adding, editing, or removing Code Quality rules so the catalog remains accurate.
 - Generic color utilities where Dify semantic tokens exist.
 - Hardcoded magic class values for colors, spacing, radius, shadow, z-index, or typography when Dify tokens, component variants, or documented radius mappings exist.
 - `!` important modifiers or important CSS overrides without a narrow, documented reason.
 - Manual string concatenation for conditional classes.
 - JS conditional class branches for primitive visual states already exposed by Dify UI/Base UI `data-*` selectors.
 - Incoming `className` placed before default classes in `cn(...)`, preventing call-site overrides.
 - Arbitrary z-index or one-off layering fixes on overlays.
-Use:
+## Classname ordering for easy overrides
- `cn(...)` from the local package or utility already used by the file.
+### Description
 - Dify semantic tokens and Tailwind v4 utilities.
 - Existing component variants before one-off class forks.
 - Primitive selectors such as `data-disabled:*`, `data-checked:*`, `data-highlighted:*`, `group-data-*`, `peer-data-*`, and `has-[:focus-visible]` before adding React state or boolean props solely for styling.
 - Component-level variants, semantic tokens, and normal cascade/order before `!` overrides. Use `!` only for a contained compatibility override that cannot be expressed through the component API or local selector structure.
-## Imports
+When writing components, always place the incoming `className` prop after the component’s own class values so that downstream consumers can override or extend the styling. This keeps your component’s defaults but still lets external callers change or remove specific styles.
-Flag:
+Example:
- Barrel imports from `@langgenius/dify-ui`; consumers must use subpath exports.
+```tsx
- New overlay imports from legacy `@/app/components/base/modal`, `dialog`, or `drawer`.
+import { cn } from '@/utils/classnames'
 - Cross-feature imports that bypass explicit top-level public files.
 - Direct imports from generated/internal implementation files when a feature contract already exposes the intended surface.
-## Copy And i18n
+const Button = ({ className }) => {
-
+  return <div className={cn('bg-primary-600', className)}></div>
-Flag:
+}
-
+```
 - User-facing hardcoded strings in `web/`.
 - Translation namespace drift, especially using unrelated module namespaces for local feature copy.
 - Generic button labels like `Continue` where the action is specific.
 - Error messages that state only the failure and not the next step.
 Use feature-local translation keys by default. Alias only when crossing namespaces.
--- a/.agents/skills/frontend-code-review/references/component-architecture.md
+++ b/.agents/skills/frontend-code-review/references/component-architecture.md
@ -1,85 +0,0 @@
 # Component Architecture Rules
 Use these rules for React component structure, ownership, state, props, effects, and module organization.
 ## Ownership
 Flag:
 - State, query, mutation, or handlers hoisted above the lowest component that actually uses them.
 - Parent components owning row/item actions that do not coordinate a workflow.
 - Prop drilling through multiple pass-through layers.
 - A page/tab-level section component becoming the data owner without needing a shared snapshot or shared loading/error/empty UI.
 - Feature code promoted to shared only because it appears once or might be reused later.
 Accept repeated TanStack Query calls in siblings when each component independently consumes the data. Cache deduplication is not a reason to hoist by itself.
 ## Component Boundaries
 Flag:
 - Shallow wrappers that only rename props or hide the real primitive.
 - Extra DOM wrappers that do not provide layout, semantics, accessibility, state ownership, or library integration.
 - Dialog/dropdown/popover hidden surfaces that obscure the parent flow when they should be extracted into a small local component.
 - Business forms, menu bodies, or one-off helpers moved away from their owner without reuse or semantic value.
 Prefer colocated components split by actual data and state needs.
 ## Bad Component Design Patterns
 Flag:
 - Components that mix data fetching, mutation side effects, popup state, form validation, layout, and row rendering without a clear owner.
 - Generic components with many boolean props that encode one feature's workflow.
 - A shared component that imports feature-specific copy, routes, or API contracts.
 - A feature component that accepts pre-rendered fragments only to avoid placing ownership correctly.
 - A child component that receives both raw server data and separately derived flags for the same concept.
 - A wrapper that changes accessible semantics of the primitive it wraps.
 - A component that exposes controlled props but still keeps a competing private state for the same value.
 - A component that cannot render empty, loading, or missing optional API fields without caller-side preprocessing.
 ## Props And Types
 Flag:
 - `React.FC` / `FC`.
 - Default exports outside framework-required files.
 - Named `Props` types for trivial one-off props where inline typing is clearer.
 - Props named by UI implementation instead of domain/API role.
 - API data converted too early or under a generic name that breaks traceability.
 - Callers duplicating fallback checks that the lowest rendering component already handles.
 Prefer top-level `function` declarations for components and module helpers. Use arrow functions for callbacks and local lambdas.
 ## Effects
 Flag effects that:
 - Transform props/state for rendering.
 - Copy one state value into another representing the same concept.
 - Handle user actions that belong in event handlers.
 - Reset state from props when a keyed reset, stable ID, or render-time derivation would work.
 - Fetch data that belongs in framework APIs or TanStack Query.
 If an effect remains, it must synchronize with a named external system: browser API, subscription, timer, analytics-on-visibility, non-React widget, or imperative DOM integration.
 ## State Modeling
 Flag:
 - Storing derived booleans, disabled flags, default tabs, or loading labels that can be calculated from current query/feature state.
 - Local state used to fake server data or generated contract fields.
 - UI state persisted to localStorage when it is live app state.
 - Feature-local mock shells wired to unrelated existing APIs before the real API is confirmed.
 Prefer render-time derivation. Keep true local state for user choices, transient input, controlled popups, and feature UI state that has no server source.
 ## Navigation
 Flag:
 - Imperative router navigation for ordinary links.
 - Button semantics used for navigation.
 - Navigation state hidden in component state when URL state is required for shareable filters, tabs, or pagination.
 Use `Link` for normal navigation. Use router APIs for mutation success, guarded redirects, command flows, or form submission side effects.
--- a/.agents/skills/frontend-code-review/references/data-query-contracts.md
+++ b/.agents/skills/frontend-code-review/references/data-query-contracts.md
@ -1,74 +0,0 @@
 # Data, Query, And Contract Rules
 Use these rules for generated contracts, TanStack Query, mutations, auth/SSR boundaries, URL state, and client persistence.
 ## Generated Contracts
 Flag:
 - New legacy service/helper wrappers around generated `queryOptions()` or `mutationOptions()`.
 - Continuing to use deprecated contract operations when a ready generated contract exists.
 - Assuming a generated file means an operation is ready without checking deprecated markers, schema shape, and the actual UI consumer.
 - Re-declaring API DTOs in components.
 - Adding compatibility layers instead of migrating the pointed line and deleting the old layer.
 Use `web/contract/*` as the API shape source of truth. Follow existing `{ params, query?, body? }` input shape.
 ## Queries
 Flag:
 - `enabled` used to hide missing required input instead of `input: skipToken`.
 - Fake fallback IDs or placeholder inputs used to force a query to run.
 - Query results copied into local state for rendering.
 - Shared query behavior such as invalidation, stale defaults, or retry rules reimplemented at call sites.
 - `prefetchQuery` treated as a hard gate or as returning data/errors to the caller.
 Use `useQuery(consoleQuery.xxx.queryOptions(...))` or `useQuery(marketplaceQuery.xxx.queryOptions(...))` directly unless a feature hook performs real orchestration.
 ## Mutations
 Flag:
 - Deprecated `useInvalid` or `useReset`.
 - `mutateAsync` used without a need for Promise semantics.
 - Awaited mutations without `try/catch`.
 - Components owning shared cache invalidation that belongs in query defaults.
 - Optimistic updates that do not match current list/detail ownership.
 Use generated `mutationOptions()` directly when possible. Put shared cache behavior in `createTanstackQueryUtils(...experimental_defaults...)`.
 ## SSR, Auth, And Route Boundaries
 Flag:
 - Request-time auth, setup, workspace role, or tenant decisions moved into static `next.config redirects()`.
 - Dynamic role gates depending on `workspaces.current` implemented as static path redirects.
 - Authorization logic depending on soft `prefetchQuery`.
 - Removing a client fallback before server API unavailable behavior is defined.
 - Global placeholder query contracts introduced to solve a route-local Suspense issue.
 - Branding-sensitive UI reading placeholder defaults without checking pending/placeholder state.
 Separate hard gates from soft prefetches. `fetchQuery` can be a server decision boundary; `prefetchQuery` is cache warmup.
 ## Workspace And Tenant
 Flag:
 - Treating workspace switch as ordinary CRUD invalidation when the current app flow performs server switch plus full reload.
 - Query keys that omit workspace/tenant identity when the query truly varies by workspace and no full reload boundary applies.
 - Mixing `workspace_id` and `tenant_id` without tracing the current backend/API contract.
 Current Dify workspace switch should be reviewed as a tenant cache boundary first.
 ## URL State And Local Storage
 Flag:
 - Shareable filters, tabs, pagination, selected panels, or search state hidden only in component state.
 - One-shot navigation signals modeled as subscribed persistent state.
 - Live app state stored in localStorage.
 - Direct `window.localStorage`, `globalThis.localStorage`, or raw storage calls in app code.
 - High-frequency interaction state persisted on every change instead of on commit/settle.
 Use URL state for shareable UI state, feature/Jotai/store state for live UI state, and `@/hooks/use-local-storage` only for low-frequency client-only preferences, dismissed notices, and UI defaults.
--- a/.agents/skills/frontend-code-review/references/dify-invariants.md
+++ b/.agents/skills/frontend-code-review/references/dify-invariants.md
@ -1,22 +0,0 @@
 # Dify Invariants
 Use these stable Dify-specific runtime rules in addition to the generic review packs.
 This file is not a place for active feature notes. Do not add rules for one branch, one PR, or a short-lived product decision such as a specific agent-v2, plugin, model-provider, or onboarding task. Keep a rule here only when all of these are true:
 - It is a stable Dify runtime invariant.
 - Generic React, TypeScript, accessibility, dify-ui, query, or performance rules would not catch it.
 - The failure mode is concrete enough to produce a file-line review finding.
 - The rule is likely to remain valid across normal feature work.
 ## Workflow Nodes And RAG Pipe
 Flag:
 - Node components under `web/app/components/workflow/nodes/[nodeName]/node.tsx` importing workflow store hooks that are unavailable in RAG Pipe template rendering.
 - Node UI relying on provider context that is not mounted in every rendering surface.
 - Store reads in render where React Flow `useNodes` / `useEdges` provide the actual node/edge source.
 Known failure mode: workflow node components can also render while creating a RAG Pipe from a template. In that context there may be no workflowStore provider, causing a blank screen.
 Prefer React Flow hooks for node/edge UI consumption. Use store APIs only where the provider is guaranteed and the code path is workflow-only.
--- a/.agents/skills/frontend-code-review/references/dify-ui.md
+++ b/.agents/skills/frontend-code-review/references/dify-ui.md
@ -1,123 +0,0 @@
 # Dify UI Rules
 Use these rules whenever a review touches `packages/dify-ui/` or code consuming `@langgenius/dify-ui/*`.
 Before finalizing findings for those files, read the current local docs that apply:
 - `packages/dify-ui/README.md`
 - `packages/dify-ui/AGENTS.md`
 - `web/docs/overlay.md` for floating UI
 - `packages/dify-ui/src/<primitive>/index.tsx` for the primitive being changed or consumed
 ## Package Boundary
 Flag in `packages/dify-ui`:
 - Imports from `web/`.
 - Dependencies on Next.js, i18n, ky, Jotai, Zustand, TanStack Query, oRPC, or business APIs.
 - Business-specific component behavior that belongs in `web/`.
 - Multiple unrelated primitives in one component folder.
 `packages/dify-ui` is a primitive layer: Base UI headless components + `cva` + `cn` + Dify design tokens.
 ## Imports And Exports
 Flag:
 - Consumer imports from `@langgenius/dify-ui` without a subpath.
 - Missing `package.json#exports` entry for a new primitive.
 - Internal package imports using workspace subpaths instead of relative paths.
 - Exported props using internal-only types that consumers cannot import from the component subpath.
 Consumers use subpath exports such as `@langgenius/dify-ui/button`.
 ## Props And State
 Flag:
 - Flattened props where related values need a discriminated union, such as `value` / `defaultValue`, `multiple` / `value`, or `clearable` / `onChange`.
 - React state used only to mirror Base UI state for class names.
 - JavaScript conditional class logic for visual states that the Dify UI/Base UI primitive already exposes through `data-*` attributes or CSS variables.
 - Controlled props added when uncontrolled DOM state or CSS variables would be enough.
 - Thin wrappers that rename Base UI parts without adding semantics.
 Prefer Base UI/Dify UI data attributes and CSS variables for visual state: `data-open`, `data-checked`, `data-disabled`, `data-highlighted`, `data-popup-open`, `group-data-*`, `peer-data-*`, `has-[:focus-visible]`, and primitive CSS variables such as anchor width or transform origin. Use JS conditional classes for product/business state that the primitive does not expose.
 ## Forms
 Flag:
 - Form-like UI using unrelated `Input` and `Button` pieces without a submit boundary.
 - Text-like fields not composed through `FieldRoot`, `FieldLabel`, and `FieldControl` when using Dify UI form semantics.
 - Select fields using `FieldLabel` instead of `SelectLabel`.
 - Slider fields using a generic label instead of `SliderLabel`.
 - Checkbox/radio groups missing `FieldsetRoot` and `FieldsetLegend`.
 - Field errors or descriptions rendered without `FieldDescription` / `FieldError` relationships.
 `Form` is the submit boundary. Dify UI form primitives are not a form state-management framework; business validation and schema-driven behavior belong in `web/`.
 ## Overlay Contract
 Flag:
 - Legacy web overlay imports in new or modified code.
 - Manual portals around Dify UI overlay primitives.
 - Call-site `z-*` overrides on overlays.
 - Missing root `isolation: isolate` assumptions when debugging overlay stacking.
 - Repeated backdrop, z-index, or portal chrome at call sites.
 - Tooltip used for infotips, long text, or interactive content.
 All Dify UI body-portalled overlays use `z-50`. Toast uses `z-60`. DOM order handles stacking between overlays.
 ## Primitive Selection
 Flag:
 - `Tabs` used for simple mode/filter/view selection where `SegmentedControl` is the semantic primitive.
 - `SegmentedControl` used where `tablist` / `tabpanel` semantics are required.
 - `Select` used for searchable or free-form input.
 - `Combobox` used for unrestricted search text where no selected option is remembered.
 - `Autocomplete` used for closed-list selection.
 - Tooltip or PreviewCard used for content that must be reachable on touch or by screen readers.
 Use:
 - `Autocomplete` for free-form text with optional suggestions.
 - `Combobox` for searchable selected values from a collection.
 - `Select` for closed, scannable option sets.
 - `Popover` for infotips, help text, rich content, or interactions.
 ## Bad Usage Patterns To Flag
 Flag:
 - Styling a raw Base UI primitive directly in `web/` when a Dify UI primitive exists.
 - Wrapping a Dify UI primitive in a feature component that hides its label, error, disabled, or focus contract.
 - Replacing a semantic primitive with a generic `div` plus classes to match a screenshot.
 - Using `Tooltip` because it is visually convenient when the content is actually help text or needs touch access.
 - Adding a `z-*` override to make a child popup appear over a parent dialog.
 - Adding a new app-level wrapper around Dialog, Drawer, Popover, Select, or Combobox that repeats portal/backdrop/positioner logic.
 - Using dify-ui `Input` as a drop-in replacement for legacy inputs that include search, clear, copy, unit, localized placeholder, or number normalization behavior.
 - Building a form row from loose text and controls instead of the matching Field/Form primitives.
 - Adding component state only to style `data-open`, `data-checked`, `data-disabled`, or highlighted states that Base UI already exposes.
 - Passing booleans down only so children can toggle classes already expressible with primitive `data-*` selectors.
 ## Tokens, Radius, And Styling
 Flag:
 - `radius-*` class names.
 - Custom Tailwind `borderRadius` extension for Figma radius values.
 - Generic colors where semantic Dify tokens exist.
 - Hardcoded design values where Dify tokens, component variants, or documented Figma radius mappings exist.
 - `!` important modifiers used to fight primitive styles instead of fixing the variant, selector, or component composition.
 - Manual class strings that duplicate primitive variants.
 - `min-w-(--anchor-width)` on picker popups when it defeats viewport clamping.
 Use the Figma radius mapping from `packages/dify-ui/AGENTS.md`; for example `--radius/sm` maps to `rounded-md`, and `--radius/md` maps to `rounded-lg`.
 Use `!` only for a tightly scoped compatibility override after confirming the primitive API, data attributes, and selector structure cannot express the state.
 ## Focus Details
 Flag focus rings attached to the wrong element. For example, Base UI `Slider.Thumb` focuses an internal `input[type=range]`, so the visible thumb wrapper needs `has-[:focus-visible]` rather than direct wrapper `focus-visible`.
--- a/.agents/skills/frontend-code-review/references/performance.md
+++ b/.agents/skills/frontend-code-review/references/performance.md
@ -1,78 +1,45 @@
-# Performance Rules
+# Rule Catalog — Performance
-Review performance only where there is realistic impact. Do not request `memo`, `useMemo`, `useCallback`, virtualization, or caching as style preferences.
+## React Flow data usage
-## Async Waterfalls
+IsUrgent: True
 Category: Performance
-Flag:
+### Description
- Awaiting remote feature flags or fetches before checking cheap synchronous conditions.
+When rendering React Flow, prefer `useNodes`/`useEdges` for UI consumption and rely on `useStoreApi` inside callbacks that mutate or read node/edge state. Avoid manually pulling Flow data outside of these hooks.
 - Sequential awaits for independent operations.
 - API routes or server components starting requests late when they could start early.
 - Nested per-item fetches running serially when each item can fetch in parallel.
 - Suspense boundaries that force the whole page to wait when a lower boundary could stream or isolate loading.
-Prefer `Promise.all` for independent work and branch-local awaits for conditionally needed data.
+## Complex prop memoization
-## Bundle Size
+IsUrgent: True
 Category: Performance
-Flag:
+### Description
- Barrel imports from heavy libraries or `@langgenius/dify-ui`.
+Wrap complex prop values (objects, arrays, maps) in `useMemo` prior to passing them into child components to guarantee stable references and prevent unnecessary renders.
 - Dynamic paths that prevent static trace analysis.
 - Heavy components loaded eagerly when hidden behind a dialog, tab, command, or feature activation.
 - Analytics, logging, editor, visualization, or third-party SDK code loaded before it is needed.
 - Feature-local optional modules imported at top level only for rare flows.
-Use direct imports and `next/dynamic` where the user-visible path benefits.
+Update this file when adding, editing, or removing Performance rules so the catalog remains accurate.
-## Server Rendering
+Wrong:
-Flag:
+```tsx
 <HeavyComp
    config={{
        provider: ...,
        detail: ...
    }}
 />
 ```
- Request-specific mutable state stored at module scope in SSR/RSC paths.
+Right:
 - Large duplicate data serialized across RSC/client boundaries.
 - Static I/O repeated per request when it could be hoisted safely.
 - Cross-request cache without a bounded invalidation strategy.
 - Server actions lacking API-route-equivalent auth checks.
-Use request-scoped deduplication such as `React.cache()` when repeated server reads in one request are the problem.
+```tsx
 const config = useMemo(() => ({
    provider: ...,
    detail: ...
 }), [provider, detail]);
-## Re-rendering
+<HeavyComp
-
+    config={config}
-Flag:
+/>
-
+```
 - Effects or subscriptions reading broad state when a derived boolean or narrower selector is enough.
 - Components defined inside components.
 - Derived rendering state stored in state/effects.
 - Non-primitive default props recreated for memoized children.
 - Expensive work recalculated on every render where it affects real interaction cost.
 - High-frequency transient values stored in state when refs or CSS variables would avoid render loops.
 Do not flag simple primitive expressions wrapped or not wrapped in `useMemo`; prefer no memo for simple work.
 Require stable object/array/function identity only when:
 - The child is memoized and identity affects renders.
 - The value is an effect/query dependency.
 - A library API requires stable references.
 - Profiling or local behavior shows avoidable re-rendering.
 ## DOM, Lists, And Rendering
 Flag:
 - Layout reads in render (`getBoundingClientRect`, `offset*`, `scrollTop`).
 - Interleaved DOM reads/writes that can cause layout thrashing.
 - Large lists rendering without virtualization, pagination, or `content-visibility`.
 - SVG/animation code animating expensive properties when transform/opacity would work.
 - `transition-all`.
 - Long-running non-critical browser work performed immediately instead of idle/deferred scheduling.
 ## React Flow
 For workflow React Flow components, keep this Dify-specific rule:
 - UI consumption should use React Flow hooks such as `useNodes` / `useEdges`.
 - Callback-only reads or mutations can use `useStoreApi`.
 - Node components under `web/app/components/workflow/nodes/[nodeName]/node.tsx` must not depend on workflow stores that are absent in RAG Pipe template rendering.
--- a/.agents/skills/frontend-code-review/references/testing.md
+++ b/.agents/skills/frontend-code-review/references/testing.md
@ -1,72 +0,0 @@
 # Testing Review Rules
 Use these rules when reviewing test files, testability of changed code, or risky frontend changes that should have tests.
 ## Missing Coverage
 Flag missing tests when the change affects:
 - User-visible behavior, navigation, form submission, validation, permissions, or loading/error/empty states.
 - Query/mutation cache behavior.
 - Accessibility-critical behavior such as labels, keyboard flow, focus, disabled state, or popup reachability.
 - URL state parsing/serialization.
 - Storage persistence or one-shot signals.
 - Regression-prone workflow or generated contract migration paths.
 Do not request tests for purely mechanical renames or styling-only changes unless the styling affects layout, focus, or interaction.
 ## Selectors
 Flag:
 - `getByTestId` used where role, label, text, placeholder, landmark, or scoped dialog/menu queries are available.
 - Production `data-testid` added only to satisfy tests.
 - Assertions against decorative icons rather than the named control.
 - Tests that cannot find controls semantically but leave broken markup unchanged.
 Prefer `getByRole` with accessible name, then `getByLabelText`, `getByPlaceholderText`, `getByText`, and `within(...)`.
 ## Mocking
 Flag:
 - Mocking `@langgenius/dify-ui/*` primitives.
 - Mocking `@/app/components/base/*` components when the real component is practical.
 - Mocking sibling or child components in the same directory for integration behavior.
 - Mocks that do not match the real component's conditional rendering.
 - Module-level mock state not reset in `beforeEach`.
 - `vi.clearAllMocks()` in `afterEach` instead of `beforeEach`.
 Use real project components for integration behavior. Mock APIs, `next/navigation`, browser shims, or complex providers only when setup would dominate the test.
 ## Behavior
 Flag:
 - Tests inspecting implementation details instead of user-observable behavior.
 - Assertions that hardcode brittle copy when pattern matching or semantic roles would express behavior better.
 - Fake timers used without real timing behavior.
 - Async assertions missing `await`, `findBy*`, or `waitFor`.
 - Test data missing required fields because inline partial objects bypass real types.
 Use typed factory functions with complete defaults and partial overrides.
 ## URL State
 For `nuqs` or query-state hooks, flag tests that:
 - Mock URL state when URL synchronization is the behavior under review.
 - Do not test parser serialize/parse round trips for custom parsers.
 - Do not assert default-clearing behavior when defaults should be removed from the URL.
 Prefer shared `NuqsTestingAdapter` helpers when available.
 ## Organization
 Flag:
 - Component/hook/util tests outside sibling `__tests__/` directories.
 - Directory-level reviews that test only `index.tsx` while other files in scope contain behavior.
 - Large test files with repeated setup that should use local builders.
 When a component is very complex, prefer a refactor finding before asking for exhaustive tests.
--- a/.agents/skills/frontend-testing/SKILL.md
+++ b/.agents/skills/frontend-testing/SKILL.md
@ -5,9 +5,9 @@ description: Generate Vitest + React Testing Library tests for Dify frontend com
 # Dify Frontend Testing Skill
-This skill enables Codex to generate high-quality, comprehensive frontend tests for the Dify project following established conventions and best practices.
+This skill enables Claude to generate high-quality, comprehensive frontend tests for the Dify project following established conventions and best practices.
-> **⚠️ Authoritative Source**: This skill is derived from `web/docs/test.md`. Use Vitest mock/timer APIs (`vi.*`).
+> **⚠️ Authoritative Source**: This skill is derived from `web/testing/testing.md`. Use Vitest mock/timer APIs (`vi.*`).
 ## When to Apply This Skill
@ -24,27 +24,35 @@ Apply this skill when the user:
 **Do NOT apply** when:
 - User is asking about backend/API tests (Python/pytest)
- User is asking about E2E tests (Cucumber + Playwright under `e2e/`)
+- User is asking about E2E tests (Playwright/Cypress)
 - User is only asking conceptual questions without code context
 ## Quick Reference
-### Key Commands
+### Tech Stack
-Run these commands from `web/`. From the repository root, prefix them with `pnpm -C web`.
+| Tool | Version | Purpose |
 |------|---------|---------|
 | Vitest | 4.0.16 | Test runner |
 | React Testing Library | 16.0 | Component testing |
 | jsdom | - | Test environment |
 | nock | 14.0 | HTTP mocking |
 | TypeScript | 5.x | Type safety |
 ### Key Commands
 ```bash
 # Run all tests
 pnpm test
 # Watch mode
-pnpm test --watch
+pnpm test:watch
 # Run specific file
 pnpm test path/to/file.spec.tsx
 # Generate coverage report
-pnpm test --coverage
+pnpm test:coverage
 # Analyze component complexity
 pnpm analyze-component <path>
@ -55,8 +63,7 @@ pnpm analyze-component <path> --review
 ### File Naming
- Test files: `ComponentName.spec.tsx` inside a same-level `__tests__/` directory
+- Test files: `ComponentName.spec.tsx` (same directory as component)
 - Placement rule: Component, hook, and utility tests must live in a sibling `__tests__/` folder at the same level as the source under test. For example, `foo/index.tsx` maps to `foo/__tests__/index.spec.tsx`, and `foo/bar.ts` maps to `foo/__tests__/bar.spec.ts`.
 - Integration tests: `web/__tests__/` directory
 ## Test Structure Template
@ -192,21 +199,11 @@ When assigned to test a directory/path, test **ALL content** within that path:
 - ✅ **Import real project components** directly (including base components and siblings)
 - ✅ **Only mock**: API services (`@/service/*`), `next/navigation`, complex context providers
- ❌ **DO NOT mock** base components (`@/app/components/base/*`) or dify-ui primitives (`@langgenius/dify-ui/*`)
+- ❌ **DO NOT mock** base components (`@/app/components/base/*`)
 - ❌ **DO NOT mock** sibling/child components in the same directory
 > See [Test Structure Template](#test-structure-template) for correct import/mock patterns.
 ### `nuqs` Query State Testing (Required for URL State Hooks)
 When a component or hook uses `useQueryState` / `useQueryStates`:
 - ✅ Use `NuqsTestingAdapter` (prefer shared helpers in `web/test/nuqs-testing.tsx`)
 - ✅ Assert URL synchronization via `onUrlUpdate` (`searchParams`, `options.history`)
 - ✅ For custom parsers (`createParser`), keep `parse` and `serialize` bijective and add round-trip edge cases (`%2F`, `%25`, spaces, legacy encoded values)
 - ✅ Verify default-clearing behavior (default values should be removed from URL when applicable)
 - ⚠️ Only mock `nuqs` directly when URL behavior is explicitly out of scope for the test
 ## Core Principles
 ### 1. AAA Pattern (Arrange-Act-Assert)
@ -220,10 +217,7 @@ Every test should clearly separate:
 ### 2. Black-Box Testing
 - Test observable behavior, not implementation details
- Use semantic queries (`getByRole` with accessible `name`, `getByLabelText`, `getByPlaceholderText`, `getByText`, and scoped `within(...)`)
+- Use semantic queries (getByRole, getByLabelText)
 - Treat `getByTestId` as a last resort. If a control cannot be found by role/name, label, landmark, or dialog scope, fix the component accessibility first instead of adding or relying on `data-testid`.
 - Remove production `data-testid` attributes when semantic selectors can cover the behavior. Keep them only for non-visual mocked boundaries, editor/browser shims such as Monaco, canvas/chart output, or third-party widgets with no accessible DOM in the test environment.
 - Do not assert decorative icons by test id. Assert the named control that contains them, or mark decorative icons `aria-hidden`.
 - Avoid testing internal state directly
 - **Prefer pattern matching over hardcoded strings** in assertions:
@ -315,17 +309,17 @@ For more detailed information, refer to:
 ### Primary Specification (MUST follow)
- **`web/docs/test.md`** - The canonical testing specification. This skill is derived from this document.
+- **`web/testing/testing.md`** - The canonical testing specification. This skill is derived from this document.
 ### Reference Examples in Codebase
 - `web/utils/classnames.spec.ts` - Utility function tests
- `web/app/components/base/radio/__tests__/index.spec.tsx` - Component tests
+- `web/app/components/base/button/index.spec.tsx` - Component tests
 - `web/__mocks__/provider-context.ts` - Mock factory example
 ### Project Configuration
- `web/vite.config.ts` - Vite/Vitest configuration
+- `web/vitest.config.ts` - Vitest configuration
 - `web/vitest.setup.ts` - Test environment setup
 - `web/scripts/analyze-component.js` - Component analysis tool
 - Modules are not mocked automatically. Global mocks live in `web/vitest.setup.ts` (for example `react-i18next`, `next/image`); mock other modules like `ky` or `mime` locally in test files.
--- a/.agents/skills/frontend-testing/assets/component-test.template.tsx
+++ b/.agents/skills/frontend-testing/assets/component-test.template.tsx
@ -41,7 +41,7 @@ import userEvent from '@testing-library/user-event'
 // Router (if component uses useRouter, usePathname, useSearchParams)
 // WHY: Isolates tests from Next.js routing, enables testing navigation behavior
 // const mockPush = vi.fn()
-// vi.mock('@/next/navigation', () => ({
+// vi.mock('next/navigation', () => ({
 //   useRouter: () => ({ push: mockPush }),
 //   usePathname: () => '/test-path',
 // }))
--- a/.agents/skills/frontend-testing/references/checklist.md
+++ b/.agents/skills/frontend-testing/references/checklist.md
@ -36,7 +36,7 @@ Use this checklist when generating or reviewing tests for Dify frontend componen
 ### Integration vs Mocking
- [ ] **DO NOT mock base components or dify-ui primitives** (base `Loading`, `Input`, `Badge`; dify-ui `Button`, `Tooltip`, `Dialog`, etc.)
+- [ ] **DO NOT mock base components** (`Loading`, `Button`, `Tooltip`, etc.)
 - [ ] Import real project components instead of mocking
 - [ ] Only mock: API calls, complex context providers, third-party libs with side effects
 - [ ] Prefer integration testing when using single spec file
@ -73,16 +73,13 @@ Use this checklist when generating or reviewing tests for Dify frontend componen
 ### Mocks
- [ ] **DO NOT mock base components or dify-ui primitives** (`@/app/components/base/*` or `@langgenius/dify-ui/*`)
+- [ ] **DO NOT mock base components** (`@/app/components/base/*`)
 - [ ] `vi.clearAllMocks()` in `beforeEach` (not `afterEach`)
 - [ ] Shared mock state reset in `beforeEach`
 - [ ] i18n uses global mock (auto-loaded in `web/vitest.setup.ts`); only override locally for custom translations
 - [ ] Router mocks match actual Next.js API
 - [ ] Mocks reflect actual component conditional behavior
 - [ ] Only mock: API services, complex context providers, third-party libs
 - [ ] For `nuqs` URL-state tests, wrap with `NuqsTestingAdapter` (prefer `web/test/nuqs-testing.tsx`)
 - [ ] For `nuqs` URL-state tests, assert `onUrlUpdate` payload (`searchParams`, `options.history`)
 - [ ] If custom `nuqs` parser exists, add round-trip tests for encoded edge cases (`%2F`, `%25`, spaces, legacy encoded values)
 ### Queries
@ -127,7 +124,7 @@ For the current file being tested:
 - [ ] Run full directory test: `pnpm test path/to/directory/`
 - [ ] Check coverage report: `pnpm test:coverage`
 - [ ] Run `pnpm lint:fix` on all test files
- [ ] Run `pnpm type-check`
+- [ ] Run `pnpm type-check:tsgo`
 ## Common Issues to Watch
--- a/.agents/skills/frontend-testing/references/mocking.md
+++ b/.agents/skills/frontend-testing/references/mocking.md
@ -2,27 +2,29 @@
 ## ⚠️ Important: What NOT to Mock
-### DO NOT Mock Base Components or dify-ui Primitives
+### DO NOT Mock Base Components
-**Never mock components from `@/app/components/base/` or from `@langgenius/dify-ui/*`** such as:
+**Never mock components from `@/app/components/base/`** such as:
- Legacy base (`@/app/components/base/*`): `Loading`, `Spinner`, `Input`, `Badge`, `Tag`
+- `Loading`, `Spinner`
- dify-ui primitives (`@langgenius/dify-ui/*`): `Button`, `Tooltip`, `Dialog`, `Popover`, `DropdownMenu`, `ContextMenu`, `Select`, `AlertDialog`, `Toast`
+- `Button`, `Input`, `Select`
 - `Tooltip`, `Modal`, `Dropdown`
 - `Icon`, `Badge`, `Tag`
 **Why?**
- These components have their own dedicated tests
+- Base components will have their own dedicated tests
 - Mocking them creates false positives (tests pass but real integration fails)
 - Using real components tests actual integration behavior
 ```typescript
-// ❌ WRONG: Don't mock base components or dify-ui primitives
+// ❌ WRONG: Don't mock base components
 vi.mock('@/app/components/base/loading', () => () => <div>Loading</div>)
-vi.mock('@langgenius/dify-ui/button', () => ({ Button: ({ children }: any) => <button>{children}</button> }))
+vi.mock('@/app/components/base/button', () => ({ children }: any) => <button>{children}</button>)
-// ✅ CORRECT: Import and use the real components
+// ✅ CORRECT: Import and use real base components
 import Loading from '@/app/components/base/loading'
-import { Button } from '@langgenius/dify-ui/button'
+import Button from '@/app/components/base/button'
 // They will render normally in tests
 ```
@ -56,7 +58,7 @@ See [Zustand Store Testing](#zustand-store-testing) section for full details.
 | Location | Purpose |
 |----------|---------|
-| `web/vitest.setup.ts` | Global mocks shared by all tests (`react-i18next`, `zustand`, clipboard, FloatingPortal, Monaco, localStorage`) |
+| `web/vitest.setup.ts` | Global mocks shared by all tests (`react-i18next`, `next/image`, `zustand`) |
 | `web/__mocks__/zustand.ts` | Zustand mock implementation (auto-resets stores after each test) |
 | `web/__mocks__/` | Reusable mock factories shared across multiple test files |
 | Test file | Test-specific mocks, inline with `vi.mock()` |
@ -123,31 +125,6 @@ describe('Component', () => {
 })
 ```
 ### 2.1 `nuqs` Query State (Preferred: Testing Adapter)
 For tests that validate URL query behavior, use `NuqsTestingAdapter` instead of mocking `nuqs` directly.
 ```typescript
 import { renderHookWithNuqs } from '@/test/nuqs-testing'
 it('should sync query to URL with push history', async () => {
  const { result, onUrlUpdate } = renderHookWithNuqs(() => useMyQueryState(), {
    searchParams: '?page=1',
  })
  act(() => {
    result.current.setQuery({ page: 2 })
  })
  await waitFor(() => expect(onUrlUpdate).toHaveBeenCalled())
  const update = onUrlUpdate.mock.calls[onUrlUpdate.mock.calls.length - 1][0]
  expect(update.options.history).toBe('push')
  expect(update.searchParams.get('page')).toBe('2')
 })
 ```
 Use direct `vi.mock('nuqs')` only when URL synchronization is intentionally out of scope.
 ### 3. Portal Components (with Shared State)
 ```typescript
@ -216,21 +193,28 @@ describe('Component', () => {
 })
 ```
-### 5. HTTP and `fetch` Mocking
+### 5. HTTP Mocking with Nock
 ```typescript
 import nock from 'nock'
 const GITHUB_HOST = 'https://api.github.com'
 const GITHUB_PATH = '/repos/owner/repo'
 const mockGithubApi = (status: number, body: Record<string, unknown>, delayMs = 0) => {
  return nock(GITHUB_HOST)
    .get(GITHUB_PATH)
    .delay(delayMs)
    .reply(status, body)
 }
 describe('GithubComponent', () => {
-  beforeEach(() => {
+  afterEach(() => {
-    vi.clearAllMocks()
+    nock.cleanAll()
  })
  it('should display repo info', async () => {
-    vi.mocked(globalThis.fetch).mockResolvedValueOnce(
+    mockGithubApi(200, { name: 'dify', stars: 1000 })
      new Response(JSON.stringify({ name: 'dify', stars: 1000 }), {
        status: 200,
        headers: { 'Content-Type': 'application/json' },
      }),
    )
    render(<GithubComponent />)
@ -240,12 +224,7 @@ describe('GithubComponent', () => {
  })
  it('should handle API error', async () => {
-    vi.mocked(globalThis.fetch).mockResolvedValueOnce(
+    mockGithubApi(500, { message: 'Server error' })
      new Response(JSON.stringify({ message: 'Server error' }), {
        status: 500,
        headers: { 'Content-Type': 'application/json' },
      }),
    )
    render(<GithubComponent />)
@ -256,8 +235,6 @@ describe('GithubComponent', () => {
 })
 ```
 Prefer mocking `@/service/*` modules or spying on `global.fetch` / `ky` clients with deterministic responses. Do not introduce an HTTP interception dependency such as `nock` or MSW unless it is already declared in the workspace or adding it is part of the task.
 ### 6. Context Providers
 ```typescript
@ -317,7 +294,7 @@ const renderWithQueryClient = (ui: React.ReactElement) => {
 ### ✅ DO
-1. **Use real base components and dify-ui primitives** - Import from `@/app/components/base/` or `@langgenius/dify-ui/*` directly
+1. **Use real base components** - Import from `@/app/components/base/` directly
 1. **Use real project components** - Prefer importing over mocking
 1. **Use real Zustand stores** - Set test state via `store.setState()`
 1. **Reset mocks in `beforeEach`**, not `afterEach`
@ -328,11 +305,11 @@ const renderWithQueryClient = (ui: React.ReactElement) => {
 ### ❌ DON'T
-1. **Don't mock base components or dify-ui primitives** (`Loading`, `Input`, `Button`, `Tooltip`, `Dialog`, etc.)
+1. **Don't mock base components** (`Loading`, `Button`, `Tooltip`, etc.)
 1. **Don't mock Zustand store modules** - Use real stores with `setState()`
 1. Don't mock components you can import directly
 1. Don't create overly simplified mocks that miss conditional logic
-1. Don't leave HTTP mocks or service mock state leaking between tests
+1. Don't forget to clean up nock after each test
 1. Don't use `any` types in mocks without necessity
 ### Mock Decision Tree
@ -340,7 +317,7 @@ const renderWithQueryClient = (ui: React.ReactElement) => {
 ```
 Need to use a component in test?
 │
-├─ Is it from @/app/components/base/* or @langgenius/dify-ui/*?
+├─ Is it from @/app/components/base/*?
 │  └─ YES → Import real component, DO NOT mock
 │
 ├─ Is it a project component?
--- a/.agents/skills/frontend-testing/references/workflow.md
+++ b/.agents/skills/frontend-testing/references/workflow.md
@ -4,7 +4,7 @@ This guide defines the workflow for generating tests, especially for complex com
 ## Scope Clarification
-This guide addresses **multi-file workflow** (how to process multiple test files). For coverage requirements within a single test file, see `web/docs/test.md` § Coverage Goals.
+This guide addresses **multi-file workflow** (how to process multiple test files). For coverage requirements within a single test file, see `web/testing/testing.md` § Coverage Goals.
 | Scope | Rule |
 |-------|------|
@ -227,12 +227,12 @@ Failing tests compound:
 **Fix failures immediately before proceeding.**
-## Integration with Codex's Todo Feature
+## Integration with Claude's Todo Feature
-When using Codex for multi-file testing:
+When using Claude for multi-file testing:
-1. **Create a todo list** before starting
+1. **Ask Claude to create a todo list** before starting
-1. **Process one file at a time**
+1. **Request one file at a time** or ensure Claude processes incrementally
 1. **Verify each test passes** before asking for the next
 1. **Mark todos complete** as you progress
--- a/.agents/skills/how-to-write-component/SKILL.md
+++ b/.agents/skills/how-to-write-component/SKILL.md
@ -1,71 +0,0 @@
 ---
 name: how-to-write-component
 description: React/TypeScript component style guide. Use when writing, refactoring, or reviewing React components, especially around props typing, state boundaries, shared local state with Jotai atoms, API types, query/mutation contracts, navigation, memoization, wrappers, and empty-state handling.
 ---
 # How To Write A Component
 Use this as the decision guide for React/TypeScript component structure. Existing code is reference material, not automatic precedent; when it conflicts with these rules, adapt the approach instead of reproducing the violation.
 ## Core Defaults
 - Search before adding UI, hooks, helpers, or styling patterns. Reuse existing base components, feature components, hooks, utilities, and design styles when they fit.
 - Group code by feature workflow, route, or ownership area: components, hooks, local types, query helpers, atoms, constants, and small utilities should live near the code that changes with them.
 - Promote code to shared only when multiple verticals need the same stable primitive. Otherwise keep it local and compose shared primitives inside the owning feature.
 - Follow Dify's CSS-first Tailwind v4 contract from `packages/dify-ui/README.md` and `packages/dify-ui/AGENTS.md`. Prefer design-system tokens, utilities, and radius mappings over generic Tailwind guidance.
 ## Ownership
 - Put local state, queries, mutations, handlers, and derived UI data in the lowest component that uses them. Extract a purpose-built owner component only when the logic has no natural home.
 - Repeated TanStack query calls in sibling components are acceptable when each component independently consumes the data. Do not hoist a query only because it is duplicated; TanStack Query handles deduplication and cache sharing.
 - Hoist state, queries, or callbacks to a parent only when the parent consumes the data, coordinates shared loading/error/empty UI, needs one consistent snapshot, or owns a workflow spanning children.
 - Avoid prop drilling. One pass-through layer is acceptable; repeated forwarding means ownership should move down or into feature-scoped Jotai UI state. Keep server/cache state in query and API data flow.
 - Keep callbacks in a parent only for workflow coordination such as form submission, shared selection, batch behavior, or navigation. Otherwise let the child or row own its action.
 - Prefer uncontrolled DOM state and CSS variables before adding controlled props.
 ## Components, Props, And Types
 - Type component signatures directly; do not use `FC` or `React.FC`.
 - Prefer `function` for top-level components and module helpers. Use arrow functions for local callbacks, handlers, and lambda-style APIs.
 - Prefer named exports. Use default exports only where the framework requires them, such as Next.js route files.
 - Type simple one-off props inline. Use a named `Props` type only when reused, exported, complex, or clearer.
 - Use API-generated or API-returned types at component boundaries. Keep small UI conversion helpers beside the component that needs them.
 - Name values by their domain role and backend API contract, and keep that name stable across the call chain, especially IDs like `appInstanceId`. Normalize framework or route params at the boundary.
 - Keep fallback and invariant checks at the lowest component that already handles that state; callers should pass raw values through instead of duplicating checks.
 ## Queries And Mutations
 - Keep `web/contract/*` as the single source of truth for API shape; follow existing domain/router patterns and the `{ params, query?, body? }` input shape.
 - Consume queries directly with `useQuery(consoleQuery.xxx.queryOptions(...))` or `useQuery(marketplaceQuery.xxx.queryOptions(...))`.
 - Avoid pass-through hooks and thin `web/service/use-*` wrappers that only rename `queryOptions()` or `mutationOptions()`. Extract a small `queryOptions` helper only when repeated call-site options justify it.
 - Keep feature hooks for real orchestration, workflow state, or shared domain behavior.
 - For missing required query input, use `input: skipToken`; use `enabled` only for extra business gating after the input is valid.
 - Consume mutations directly with `useMutation(consoleQuery.xxx.mutationOptions(...))` or `useMutation(marketplaceQuery.xxx.mutationOptions(...))`; use oRPC clients as `mutationFn` only for custom flows.
 - Put shared cache behavior in `createTanstackQueryUtils(...experimental_defaults...)`; components may add UI feedback callbacks, but should not own shared invalidation rules.
 - Do not use deprecated `useInvalid` or `useReset`.
 - Prefer `mutate(...)`; use `mutateAsync(...)` only when Promise semantics are required, and wrap awaited calls in `try/catch`.
 ## Component Boundaries
 - Use the first level below a page or tab to organize independent page sections when it adds real structure. This layer is layout/semantic first, not automatically the data owner.
 - Split deeper components by the data and state each layer actually needs. Each component should access only necessary data, and ownership should stay at the lowest consumer.
 - Keep cohesive forms, menu bodies, and one-off helpers local unless they need their own state, reuse, or semantic boundary.
 - Separate hidden secondary surfaces from the trigger's main flow. For dialogs, dropdowns, popovers, and similar branches, extract a small local component that owns the trigger, open state, and hidden content when it would obscure the parent flow.
 - Preserve composability by separating behavior ownership from layout ownership. A dropdown action may own its trigger, open state, and menu content; the caller owns placement such as slots, offsets, and alignment.
 - Avoid unnecessary DOM hierarchy. Do not add wrapper elements unless they provide layout, semantics, accessibility, state ownership, or integration with a library API; prefer fragments or styling an existing element when possible.
 - Avoid shallow wrappers and prop renaming unless the wrapper adds validation, orchestration, error handling, state ownership, or a real semantic boundary.
 ## You Might Not Need An Effect
 - Use Effects only to synchronize with external systems such as browser APIs, non-React widgets, subscriptions, timers, analytics that must run because the component was shown, or imperative DOM integration.
 - Do not use Effects to transform props or state for rendering. Calculate derived values during render, and use `useMemo` only when the calculation is actually expensive.
 - Do not use Effects to handle user actions. Put action-specific logic in the event handler where the cause is known.
 - Do not use Effects to copy one state value into another state value representing the same concept. Pick one source of truth and derive the rest during render.
 - Do not reset or adjust state from props with an Effect. Prefer a `key` reset, storing a stable ID and deriving the selected object, or guarded same-component render-time adjustment when truly necessary.
 - Prefer framework data APIs or TanStack Query for data fetching instead of writing request Effects in components.
 - If an Effect still seems necessary, first name the external system it synchronizes with. If there is no external system, remove the Effect and restructure the state or event flow.
 ## Navigation And Performance
 - Prefer `Link` for normal navigation. Use router APIs only for command-flow side effects such as mutation success, guarded redirects, or form submission.
 - Avoid `memo`, `useMemo`, and `useCallback` unless there is a clear performance reason.
--- a/.agents/skills/orpc-contract-first/SKILL.md
+++ b/.agents/skills/orpc-contract-first/SKILL.md
@ -0,0 +1,46 @@
 ---
 name: orpc-contract-first
 description: Guide for implementing oRPC contract-first API patterns in Dify frontend. Triggers when creating new API contracts, adding service endpoints, integrating TanStack Query with typed contracts, or migrating legacy service calls to oRPC. Use for all API layer work in web/contract and web/service directories.
 ---
 # oRPC Contract-First Development
 ## Project Structure
 ```
 web/contract/
 ├── base.ts           # Base contract (inputStructure: 'detailed')
 ├── router.ts         # Router composition & type exports
 ├── marketplace.ts    # Marketplace contracts
 └── console/          # Console contracts by domain
    ├── system.ts
    └── billing.ts
 ```
 ## Workflow
 1. **Create contract** in `web/contract/console/{domain}.ts`
   - Import `base` from `../base` and `type` from `@orpc/contract`
   - Define route with `path`, `method`, `input`, `output`
 2. **Register in router** at `web/contract/router.ts`
   - Import directly from domain file (no barrel files)
   - Nest by API prefix: `billing: { invoices, bindPartnerStack }`
 3. **Create hooks** in `web/service/use-{domain}.ts`
   - Use `consoleQuery.{group}.{contract}.queryKey()` for query keys
   - Use `consoleClient.{group}.{contract}()` for API calls
 ## Key Rules
 - **Input structure**: Always use `{ params, query?, body? }` format
 - **Path params**: Use `{paramName}` in path, match in `params` object
 - **Router nesting**: Group by API prefix (e.g., `/billing/*` → `billing: {}`)
 - **No barrel files**: Import directly from specific files
 - **Types**: Import from `@/types/`, use `type<T>()` helper
 ## Type Export
 ```typescript
 export type ConsoleInputs = InferContractRouterInputs<typeof consoleRouterContract>
 ```
--- a/.agents/skills/skill-creator/SKILL.md
+++ b/.agents/skills/skill-creator/SKILL.md
@ -0,0 +1,355 @@
 ---
 name: skill-creator
 description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
 ---
 # Skill Creator
 This skill provides guidance for creating effective skills.
 ## About Skills
 Skills are modular, self-contained packages that extend Claude's capabilities by providing
 specialized knowledge, workflows, and tools. Think of them as "onboarding guides" for specific
 domains or tasks—they transform Claude from a general-purpose agent into a specialized agent
 equipped with procedural knowledge that no model can fully possess.
 ### What Skills Provide
 1. Specialized workflows - Multi-step procedures for specific domains
 2. Tool integrations - Instructions for working with specific file formats or APIs
 3. Domain expertise - Company-specific knowledge, schemas, business logic
 4. Bundled resources - Scripts, references, and assets for complex and repetitive tasks
 ## Core Principles
 ### Concise is Key
 The context window is a public good. Skills share the context window with everything else Claude needs: system prompt, conversation history, other Skills' metadata, and the actual user request.
 **Default assumption: Claude is already very smart.** Only add context Claude doesn't already have. Challenge each piece of information: "Does Claude really need this explanation?" and "Does this paragraph justify its token cost?"
 Prefer concise examples over verbose explanations.
 ### Set Appropriate Degrees of Freedom
 Match the level of specificity to the task's fragility and variability:
 **High freedom (text-based instructions)**: Use when multiple approaches are valid, decisions depend on context, or heuristics guide the approach.
 **Medium freedom (pseudocode or scripts with parameters)**: Use when a preferred pattern exists, some variation is acceptable, or configuration affects behavior.
 **Low freedom (specific scripts, few parameters)**: Use when operations are fragile and error-prone, consistency is critical, or a specific sequence must be followed.
 Think of Claude as exploring a path: a narrow bridge with cliffs needs specific guardrails (low freedom), while an open field allows many routes (high freedom).
 ### Anatomy of a Skill
 Every skill consists of a required SKILL.md file and optional bundled resources:
 ```
 skill-name/
 ├── SKILL.md (required)
 │   ├── YAML frontmatter metadata (required)
 │   │   ├── name: (required)
 │   │   └── description: (required)
 │   └── Markdown instructions (required)
 └── Bundled Resources (optional)
    ├── scripts/          - Executable code (Python/Bash/etc.)
    ├── references/       - Documentation intended to be loaded into context as needed
    └── assets/           - Files used in output (templates, icons, fonts, etc.)
 ```
 #### SKILL.md (required)
 Every SKILL.md consists of:
 - **Frontmatter** (YAML): Contains `name` and `description` fields. These are the only fields that Claude reads to determine when the skill gets used, thus it is very important to be clear and comprehensive in describing what the skill is, and when it should be used.
 - **Body** (Markdown): Instructions and guidance for using the skill. Only loaded AFTER the skill triggers (if at all).
 #### Bundled Resources (optional)
 ##### Scripts (`scripts/`)
 Executable code (Python/Bash/etc.) for tasks that require deterministic reliability or are repeatedly rewritten.
 - **When to include**: When the same code is being rewritten repeatedly or deterministic reliability is needed
 - **Example**: `scripts/rotate_pdf.py` for PDF rotation tasks
 - **Benefits**: Token efficient, deterministic, may be executed without loading into context
 - **Note**: Scripts may still need to be read by Claude for patching or environment-specific adjustments
 ##### References (`references/`)
 Documentation and reference material intended to be loaded as needed into context to inform Claude's process and thinking.
 - **When to include**: For documentation that Claude should reference while working
 - **Examples**: `references/finance.md` for financial schemas, `references/mnda.md` for company NDA template, `references/policies.md` for company policies, `references/api_docs.md` for API specifications
 - **Use cases**: Database schemas, API documentation, domain knowledge, company policies, detailed workflow guides
 - **Benefits**: Keeps SKILL.md lean, loaded only when Claude determines it's needed
 - **Best practice**: If files are large (>10k words), include grep search patterns in SKILL.md
 - **Avoid duplication**: Information should live in either SKILL.md or references files, not both. Prefer references files for detailed information unless it's truly core to the skill—this keeps SKILL.md lean while making information discoverable without hogging the context window. Keep only essential procedural instructions and workflow guidance in SKILL.md; move detailed reference material, schemas, and examples to references files.
 ##### Assets (`assets/`)
 Files not intended to be loaded into context, but rather used within the output Claude produces.
 - **When to include**: When the skill needs files that will be used in the final output
 - **Examples**: `assets/logo.png` for brand assets, `assets/slides.pptx` for PowerPoint templates, `assets/frontend-template/` for HTML/React boilerplate, `assets/font.ttf` for typography
 - **Use cases**: Templates, images, icons, boilerplate code, fonts, sample documents that get copied or modified
 - **Benefits**: Separates output resources from documentation, enables Claude to use files without loading them into context
 #### What to Not Include in a Skill
 A skill should only contain essential files that directly support its functionality. Do NOT create extraneous documentation or auxiliary files, including:
 - README.md
 - INSTALLATION_GUIDE.md
 - QUICK_REFERENCE.md
 - CHANGELOG.md
 - etc.
 The skill should only contain the information needed for an AI agent to do the job at hand. It should not contain auxilary context about the process that went into creating it, setup and testing procedures, user-facing documentation, etc. Creating additional documentation files just adds clutter and confusion.
 ### Progressive Disclosure Design Principle
 Skills use a three-level loading system to manage context efficiently:
 1. **Metadata (name + description)** - Always in context (~100 words)
 2. **SKILL.md body** - When skill triggers (<5k words)
 3. **Bundled resources** - As needed by Claude (Unlimited because scripts can be executed without reading into context window)
 #### Progressive Disclosure Patterns
 Keep SKILL.md body to the essentials and under 500 lines to minimize context bloat. Split content into separate files when approaching this limit. When splitting out content into other files, it is very important to reference them from SKILL.md and describe clearly when to read them, to ensure the reader of the skill knows they exist and when to use them.
 **Key principle:** When a skill supports multiple variations, frameworks, or options, keep only the core workflow and selection guidance in SKILL.md. Move variant-specific details (patterns, examples, configuration) into separate reference files.
 **Pattern 1: High-level guide with references**
 ```markdown
 # PDF Processing
 ## Quick start
 Extract text with pdfplumber:
 [code example]
 ## Advanced features
 - **Form filling**: See [FORMS.md](FORMS.md) for complete guide
 - **API reference**: See [REFERENCE.md](REFERENCE.md) for all methods
 - **Examples**: See [EXAMPLES.md](EXAMPLES.md) for common patterns
 ```
 Claude loads FORMS.md, REFERENCE.md, or EXAMPLES.md only when needed.
 **Pattern 2: Domain-specific organization**
 For Skills with multiple domains, organize content by domain to avoid loading irrelevant context:
 ```
 bigquery-skill/
 ├── SKILL.md (overview and navigation)
 └── reference/
    ├── finance.md (revenue, billing metrics)
    ├── sales.md (opportunities, pipeline)
    ├── product.md (API usage, features)
    └── marketing.md (campaigns, attribution)
 ```
 When a user asks about sales metrics, Claude only reads sales.md.
 Similarly, for skills supporting multiple frameworks or variants, organize by variant:
 ```
 cloud-deploy/
 ├── SKILL.md (workflow + provider selection)
 └── references/
    ├── aws.md (AWS deployment patterns)
    ├── gcp.md (GCP deployment patterns)
    └── azure.md (Azure deployment patterns)
 ```
 When the user chooses AWS, Claude only reads aws.md.
 **Pattern 3: Conditional details**
 Show basic content, link to advanced content:
 ```markdown
 # DOCX Processing
 ## Creating documents
 Use docx-js for new documents. See [DOCX-JS.md](DOCX-JS.md).
 ## Editing documents
 For simple edits, modify the XML directly.
 **For tracked changes**: See [REDLINING.md](REDLINING.md)
 **For OOXML details**: See [OOXML.md](OOXML.md)
 ```
 Claude reads REDLINING.md or OOXML.md only when the user needs those features.
 **Important guidelines:**
 - **Avoid deeply nested references** - Keep references one level deep from SKILL.md. All reference files should link directly from SKILL.md.
 - **Structure longer reference files** - For files longer than 100 lines, include a table of contents at the top so Claude can see the full scope when previewing.
 ## Skill Creation Process
 Skill creation involves these steps:
 1. Understand the skill with concrete examples
 2. Plan reusable skill contents (scripts, references, assets)
 3. Initialize the skill (run init_skill.py)
 4. Edit the skill (implement resources and write SKILL.md)
 5. Package the skill (run package_skill.py)
 6. Iterate based on real usage
 Follow these steps in order, skipping only if there is a clear reason why they are not applicable.
 ### Step 1: Understanding the Skill with Concrete Examples
 Skip this step only when the skill's usage patterns are already clearly understood. It remains valuable even when working with an existing skill.
 To create an effective skill, clearly understand concrete examples of how the skill will be used. This understanding can come from either direct user examples or generated examples that are validated with user feedback.
 For example, when building an image-editor skill, relevant questions include:
 - "What functionality should the image-editor skill support? Editing, rotating, anything else?"
 - "Can you give some examples of how this skill would be used?"
 - "I can imagine users asking for things like 'Remove the red-eye from this image' or 'Rotate this image'. Are there other ways you imagine this skill being used?"
 - "What would a user say that should trigger this skill?"
 To avoid overwhelming users, avoid asking too many questions in a single message. Start with the most important questions and follow up as needed for better effectiveness.
 Conclude this step when there is a clear sense of the functionality the skill should support.
 ### Step 2: Planning the Reusable Skill Contents
 To turn concrete examples into an effective skill, analyze each example by:
 1. Considering how to execute on the example from scratch
 2. Identifying what scripts, references, and assets would be helpful when executing these workflows repeatedly
 Example: When building a `pdf-editor` skill to handle queries like "Help me rotate this PDF," the analysis shows:
 1. Rotating a PDF requires re-writing the same code each time
 2. A `scripts/rotate_pdf.py` script would be helpful to store in the skill
 Example: When designing a `frontend-webapp-builder` skill for queries like "Build me a todo app" or "Build me a dashboard to track my steps," the analysis shows:
 1. Writing a frontend webapp requires the same boilerplate HTML/React each time
 2. An `assets/hello-world/` template containing the boilerplate HTML/React project files would be helpful to store in the skill
 Example: When building a `big-query` skill to handle queries like "How many users have logged in today?" the analysis shows:
 1. Querying BigQuery requires re-discovering the table schemas and relationships each time
 2. A `references/schema.md` file documenting the table schemas would be helpful to store in the skill
 To establish the skill's contents, analyze each concrete example to create a list of the reusable resources to include: scripts, references, and assets.
 ### Step 3: Initializing the Skill
 At this point, it is time to actually create the skill.
 Skip this step only if the skill being developed already exists, and iteration or packaging is needed. In this case, continue to the next step.
 When creating a new skill from scratch, always run the `init_skill.py` script. The script conveniently generates a new template skill directory that automatically includes everything a skill requires, making the skill creation process much more efficient and reliable.
 Usage:
 ```bash
 scripts/init_skill.py <skill-name> --path <output-directory>
 ```
 The script:
 - Creates the skill directory at the specified path
 - Generates a SKILL.md template with proper frontmatter and TODO placeholders
 - Creates example resource directories: `scripts/`, `references/`, and `assets/`
 - Adds example files in each directory that can be customized or deleted
 After initialization, customize or remove the generated SKILL.md and example files as needed.
 ### Step 4: Edit the Skill
 When editing the (newly-generated or existing) skill, remember that the skill is being created for another instance of Claude to use. Include information that would be beneficial and non-obvious to Claude. Consider what procedural knowledge, domain-specific details, or reusable assets would help another Claude instance execute these tasks more effectively.
 #### Learn Proven Design Patterns
 Consult these helpful guides based on your skill's needs:
 - **Multi-step processes**: See references/workflows.md for sequential workflows and conditional logic
 - **Specific output formats or quality standards**: See references/output-patterns.md for template and example patterns
 These files contain established best practices for effective skill design.
 #### Start with Reusable Skill Contents
 To begin implementation, start with the reusable resources identified above: `scripts/`, `references/`, and `assets/` files. Note that this step may require user input. For example, when implementing a `brand-guidelines` skill, the user may need to provide brand assets or templates to store in `assets/`, or documentation to store in `references/`.
 Added scripts must be tested by actually running them to ensure there are no bugs and that the output matches what is expected. If there are many similar scripts, only a representative sample needs to be tested to ensure confidence that they all work while balancing time to completion.
 Any example files and directories not needed for the skill should be deleted. The initialization script creates example files in `scripts/`, `references/`, and `assets/` to demonstrate structure, but most skills won't need all of them.
 #### Update SKILL.md
 **Writing Guidelines:** Always use imperative/infinitive form.
 ##### Frontmatter
 Write the YAML frontmatter with `name` and `description`:
 - `name`: The skill name
 - `description`: This is the primary triggering mechanism for your skill, and helps Claude understand when to use the skill.
  - Include both what the Skill does and specific triggers/contexts for when to use it.
  - Include all "when to use" information here - Not in the body. The body is only loaded after triggering, so "When to Use This Skill" sections in the body are not helpful to Claude.
  - Example description for a `docx` skill: "Comprehensive document creation, editing, and analysis with support for tracked changes, comments, formatting preservation, and text extraction. Use when Claude needs to work with professional documents (.docx files) for: (1) Creating new documents, (2) Modifying or editing content, (3) Working with tracked changes, (4) Adding comments, or any other document tasks"
 Do not include any other fields in YAML frontmatter.
 ##### Body
 Write instructions for using the skill and its bundled resources.
 ### Step 5: Packaging a Skill
 Once development of the skill is complete, it must be packaged into a distributable .skill file that gets shared with the user. The packaging process automatically validates the skill first to ensure it meets all requirements:
 ```bash
 scripts/package_skill.py <path/to/skill-folder>
 ```
 Optional output directory specification:
 ```bash
 scripts/package_skill.py <path/to/skill-folder> ./dist
 ```
 The packaging script will:
 1. **Validate** the skill automatically, checking:
   - YAML frontmatter format and required fields
   - Skill naming conventions and directory structure
   - Description completeness and quality
   - File organization and resource references
 2. **Package** the skill if validation passes, creating a .skill file named after the skill (e.g., `my-skill.skill`) that includes all files and maintains the proper directory structure for distribution. The .skill file is a zip file with a .skill extension.
 If validation fails, the script will report the errors and exit without creating a package. Fix any validation errors and run the packaging command again.
 ### Step 6: Iterate
 After testing the skill, users may request improvements. Often this happens right after using the skill, with fresh context of how the skill performed.
 **Iteration workflow:**
 1. Use the skill on real tasks
 2. Notice struggles or inefficiencies
 3. Identify how SKILL.md or bundled resources should be updated
 4. Implement changes and test again
--- a/.agents/skills/skill-creator/references/output-patterns.md
+++ b/.agents/skills/skill-creator/references/output-patterns.md
@ -0,0 +1,86 @@
 # Output Patterns
 Use these patterns when skills need to produce consistent, high-quality output.
 ## Template Pattern
 Provide templates for output format. Match the level of strictness to your needs.
 **For strict requirements (like API responses or data formats):**
 ```markdown
 ## Report structure
 ALWAYS use this exact template structure:
 # [Analysis Title]
 ## Executive summary
 [One-paragraph overview of key findings]
 ## Key findings
 - Finding 1 with supporting data
 - Finding 2 with supporting data
 - Finding 3 with supporting data
 ## Recommendations
 1. Specific actionable recommendation
 2. Specific actionable recommendation
 ```
 **For flexible guidance (when adaptation is useful):**
 ```markdown
 ## Report structure
 Here is a sensible default format, but use your best judgment:
 # [Analysis Title]
 ## Executive summary
 [Overview]
 ## Key findings
 [Adapt sections based on what you discover]
 ## Recommendations
 [Tailor to the specific context]
 Adjust sections as needed for the specific analysis type.
 ```
 ## Examples Pattern
 For skills where output quality depends on seeing examples, provide input/output pairs:
 ```markdown
 ## Commit message format
 Generate commit messages following these examples:
 **Example 1:**
 Input: Added user authentication with JWT tokens
 Output:
 ```
 feat(auth): implement JWT-based authentication
 Add login endpoint and token validation middleware
 ```
 **Example 2:**
 Input: Fixed bug where dates displayed incorrectly in reports
 Output:
 ```
 fix(reports): correct date formatting in timezone conversion
 Use UTC timestamps consistently across report generation
 ```
 Follow this style: type(scope): brief description, then detailed explanation.
 ```
 Examples help Claude understand the desired style and level of detail more clearly than descriptions alone.
--- a/.agents/skills/skill-creator/references/workflows.md
+++ b/.agents/skills/skill-creator/references/workflows.md
@ -0,0 +1,28 @@
 # Workflow Patterns
 ## Sequential Workflows
 For complex tasks, break operations into clear, sequential steps. It is often helpful to give Claude an overview of the process towards the beginning of SKILL.md:
 ```markdown
 Filling a PDF form involves these steps:
 1. Analyze the form (run analyze_form.py)
 2. Create field mapping (edit fields.json)
 3. Validate mapping (run validate_fields.py)
 4. Fill the form (run fill_form.py)
 5. Verify output (run verify_output.py)
 ```
 ## Conditional Workflows
 For tasks with branching logic, guide Claude through decision points:
 ```markdown
 1. Determine the modification type:
   **Creating new content?** → Follow "Creation workflow" below
   **Editing existing content?** → Follow "Editing workflow" below
 2. Creation workflow: [steps]
 3. Editing workflow: [steps]
 ```
--- a/.agents/skills/skill-creator/scripts/init_skill.py
+++ b/.agents/skills/skill-creator/scripts/init_skill.py
@ -0,0 +1,300 @@
 #!/usr/bin/env python3
 """
 Skill Initializer - Creates a new skill from template
 Usage:
    init_skill.py <skill-name> --path <path>
 Examples:
    init_skill.py my-new-skill --path skills/public
    init_skill.py my-api-helper --path skills/private
    init_skill.py custom-skill --path /custom/location
 """
 import sys
 from pathlib import Path
 SKILL_TEMPLATE = """---
 name: {skill_name}
 description: [TODO: Complete and informative explanation of what the skill does and when to use it. Include WHEN to use this skill - specific scenarios, file types, or tasks that trigger it.]
 ---
 # {skill_title}
 ## Overview
 [TODO: 1-2 sentences explaining what this skill enables]
 ## Structuring This Skill
 [TODO: Choose the structure that best fits this skill's purpose. Common patterns:
 **1. Workflow-Based** (best for sequential processes)
 - Works well when there are clear step-by-step procedures
 - Example: DOCX skill with "Workflow Decision Tree" → "Reading" → "Creating" → "Editing"
 - Structure: ## Overview → ## Workflow Decision Tree → ## Step 1 → ## Step 2...
 **2. Task-Based** (best for tool collections)
 - Works well when the skill offers different operations/capabilities
 - Example: PDF skill with "Quick Start" → "Merge PDFs" → "Split PDFs" → "Extract Text"
 - Structure: ## Overview → ## Quick Start → ## Task Category 1 → ## Task Category 2...
 **3. Reference/Guidelines** (best for standards or specifications)
 - Works well for brand guidelines, coding standards, or requirements
 - Example: Brand styling with "Brand Guidelines" → "Colors" → "Typography" → "Features"
 - Structure: ## Overview → ## Guidelines → ## Specifications → ## Usage...
 **4. Capabilities-Based** (best for integrated systems)
 - Works well when the skill provides multiple interrelated features
 - Example: Product Management with "Core Capabilities" → numbered capability list
 - Structure: ## Overview → ## Core Capabilities → ### 1. Feature → ### 2. Feature...
 Patterns can be mixed and matched as needed. Most skills combine patterns (e.g., start with task-based, add workflow for complex operations).
 Delete this entire "Structuring This Skill" section when done - it's just guidance.]
 ## [TODO: Replace with the first main section based on chosen structure]
 [TODO: Add content here. See examples in existing skills:
 - Code samples for technical skills
 - Decision trees for complex workflows
 - Concrete examples with realistic user requests
 - References to scripts/templates/references as needed]
 ## Resources
 This skill includes example resource directories that demonstrate how to organize different types of bundled resources:
 ### scripts/
 Executable code (Python/Bash/etc.) that can be run directly to perform specific operations.
 **Examples from other skills:**
 - PDF skill: `fill_fillable_fields.py`, `extract_form_field_info.py` - utilities for PDF manipulation
 - DOCX skill: `document.py`, `utilities.py` - Python modules for document processing
 **Appropriate for:** Python scripts, shell scripts, or any executable code that performs automation, data processing, or specific operations.
 **Note:** Scripts may be executed without loading into context, but can still be read by Claude for patching or environment adjustments.
 ### references/
 Documentation and reference material intended to be loaded into context to inform Claude's process and thinking.
 **Examples from other skills:**
 - Product management: `communication.md`, `context_building.md` - detailed workflow guides
 - BigQuery: API reference documentation and query examples
 - Finance: Schema documentation, company policies
 **Appropriate for:** In-depth documentation, API references, database schemas, comprehensive guides, or any detailed information that Claude should reference while working.
 ### assets/
 Files not intended to be loaded into context, but rather used within the output Claude produces.
 **Examples from other skills:**
 - Brand styling: PowerPoint template files (.pptx), logo files
 - Frontend builder: HTML/React boilerplate project directories
 - Typography: Font files (.ttf, .woff2)
 **Appropriate for:** Templates, boilerplate code, document templates, images, icons, fonts, or any files meant to be copied or used in the final output.
 ---
 **Any unneeded directories can be deleted.** Not every skill requires all three types of resources.
 """
 EXAMPLE_SCRIPT = '''#!/usr/bin/env python3
 """
 Example helper script for {skill_name}
 This is a placeholder script that can be executed directly.
 Replace with actual implementation or delete if not needed.
 Example real scripts from other skills:
 - pdf/scripts/fill_fillable_fields.py - Fills PDF form fields
 - pdf/scripts/convert_pdf_to_images.py - Converts PDF pages to images
 """
 def main():
    print("This is an example script for {skill_name}")
    # TODO: Add actual script logic here
    # This could be data processing, file conversion, API calls, etc.
 if __name__ == "__main__":
    main()
 '''
 EXAMPLE_REFERENCE = """# Reference Documentation for {skill_title}
 This is a placeholder for detailed reference documentation.
 Replace with actual reference content or delete if not needed.
 Example real reference docs from other skills:
 - product-management/references/communication.md - Comprehensive guide for status updates
 - product-management/references/context_building.md - Deep-dive on gathering context
 - bigquery/references/ - API references and query examples
 ## When Reference Docs Are Useful
 Reference docs are ideal for:
 - Comprehensive API documentation
 - Detailed workflow guides
 - Complex multi-step processes
 - Information too lengthy for main SKILL.md
 - Content that's only needed for specific use cases
 ## Structure Suggestions
 ### API Reference Example
 - Overview
 - Authentication
 - Endpoints with examples
 - Error codes
 - Rate limits
 ### Workflow Guide Example
 - Prerequisites
 - Step-by-step instructions
 - Common patterns
 - Troubleshooting
 - Best practices
 """
 EXAMPLE_ASSET = """# Example Asset File
 This placeholder represents where asset files would be stored.
 Replace with actual asset files (templates, images, fonts, etc.) or delete if not needed.
 Asset files are NOT intended to be loaded into context, but rather used within
 the output Claude produces.
 Example asset files from other skills:
 - Brand guidelines: logo.png, slides_template.pptx
 - Frontend builder: hello-world/ directory with HTML/React boilerplate
 - Typography: custom-font.ttf, font-family.woff2
 - Data: sample_data.csv, test_dataset.json
 ## Common Asset Types
 - Templates: .pptx, .docx, boilerplate directories
 - Images: .png, .jpg, .svg, .gif
 - Fonts: .ttf, .otf, .woff, .woff2
 - Boilerplate code: Project directories, starter files
 - Icons: .ico, .svg
 - Data files: .csv, .json, .xml, .yaml
 Note: This is a text placeholder. Actual assets can be any file type.
 """
 def title_case_skill_name(skill_name):
    """Convert hyphenated skill name to Title Case for display."""
    return " ".join(word.capitalize() for word in skill_name.split("-"))
 def init_skill(skill_name, path):
    """
    Initialize a new skill directory with template SKILL.md.
    Args:
        skill_name: Name of the skill
        path: Path where the skill directory should be created
    Returns:
        Path to created skill directory, or None if error
    """
    # Determine skill directory path
    skill_dir = Path(path).resolve() / skill_name
    # Check if directory already exists
    if skill_dir.exists():
        print(f"❌ Error: Skill directory already exists: {skill_dir}")
        return None
    # Create skill directory
    try:
        skill_dir.mkdir(parents=True, exist_ok=False)
        print(f"✅ Created skill directory: {skill_dir}")
    except Exception as e:
        print(f"❌ Error creating directory: {e}")
        return None
    # Create SKILL.md from template
    skill_title = title_case_skill_name(skill_name)
    skill_content = SKILL_TEMPLATE.format(skill_name=skill_name, skill_title=skill_title)
    skill_md_path = skill_dir / "SKILL.md"
    try:
        skill_md_path.write_text(skill_content)
        print("✅ Created SKILL.md")
    except Exception as e:
        print(f"❌ Error creating SKILL.md: {e}")
        return None
    # Create resource directories with example files
    try:
        # Create scripts/ directory with example script
        scripts_dir = skill_dir / "scripts"
        scripts_dir.mkdir(exist_ok=True)
        example_script = scripts_dir / "example.py"
        example_script.write_text(EXAMPLE_SCRIPT.format(skill_name=skill_name))
        example_script.chmod(0o755)
        print("✅ Created scripts/example.py")
        # Create references/ directory with example reference doc
        references_dir = skill_dir / "references"
        references_dir.mkdir(exist_ok=True)
        example_reference = references_dir / "api_reference.md"
        example_reference.write_text(EXAMPLE_REFERENCE.format(skill_title=skill_title))
        print("✅ Created references/api_reference.md")
        # Create assets/ directory with example asset placeholder
        assets_dir = skill_dir / "assets"
        assets_dir.mkdir(exist_ok=True)
        example_asset = assets_dir / "example_asset.txt"
        example_asset.write_text(EXAMPLE_ASSET)
        print("✅ Created assets/example_asset.txt")
    except Exception as e:
        print(f"❌ Error creating resource directories: {e}")
        return None
    # Print next steps
    print(f"\n✅ Skill '{skill_name}' initialized successfully at {skill_dir}")
    print("\nNext steps:")
    print("1. Edit SKILL.md to complete the TODO items and update the description")
    print("2. Customize or delete the example files in scripts/, references/, and assets/")
    print("3. Run the validator when ready to check the skill structure")
    return skill_dir
 def main():
    if len(sys.argv) < 4 or sys.argv[2] != "--path":
        print("Usage: init_skill.py <skill-name> --path <path>")
        print("\nSkill name requirements:")
        print("  - Hyphen-case identifier (e.g., 'data-analyzer')")
        print("  - Lowercase letters, digits, and hyphens only")
        print("  - Max 40 characters")
        print("  - Must match directory name exactly")
        print("\nExamples:")
        print("  init_skill.py my-new-skill --path skills/public")
        print("  init_skill.py my-api-helper --path skills/private")
        print("  init_skill.py custom-skill --path /custom/location")
        sys.exit(1)
    skill_name = sys.argv[1]
    path = sys.argv[3]
    print(f"🚀 Initializing skill: {skill_name}")
    print(f"   Location: {path}")
    print()
    result = init_skill(skill_name, path)
    if result:
        sys.exit(0)
    else:
        sys.exit(1)
 if __name__ == "__main__":
    main()
--- a/.agents/skills/skill-creator/scripts/package_skill.py
+++ b/.agents/skills/skill-creator/scripts/package_skill.py
@ -0,0 +1,110 @@
 #!/usr/bin/env python3
 """
 Skill Packager - Creates a distributable .skill file of a skill folder
 Usage:
    python utils/package_skill.py <path/to/skill-folder> [output-directory]
 Example:
    python utils/package_skill.py skills/public/my-skill
    python utils/package_skill.py skills/public/my-skill ./dist
 """
 import sys
 import zipfile
 from pathlib import Path
 from quick_validate import validate_skill
 def package_skill(skill_path, output_dir=None):
    """
    Package a skill folder into a .skill file.
    Args:
        skill_path: Path to the skill folder
        output_dir: Optional output directory for the .skill file (defaults to current directory)
    Returns:
        Path to the created .skill file, or None if error
    """
    skill_path = Path(skill_path).resolve()
    # Validate skill folder exists
    if not skill_path.exists():
        print(f"❌ Error: Skill folder not found: {skill_path}")
        return None
    if not skill_path.is_dir():
        print(f"❌ Error: Path is not a directory: {skill_path}")
        return None
    # Validate SKILL.md exists
    skill_md = skill_path / "SKILL.md"
    if not skill_md.exists():
        print(f"❌ Error: SKILL.md not found in {skill_path}")
        return None
    # Run validation before packaging
    print("🔍 Validating skill...")
    valid, message = validate_skill(skill_path)
    if not valid:
        print(f"❌ Validation failed: {message}")
        print("   Please fix the validation errors before packaging.")
        return None
    print(f"✅ {message}\n")
    # Determine output location
    skill_name = skill_path.name
    if output_dir:
        output_path = Path(output_dir).resolve()
        output_path.mkdir(parents=True, exist_ok=True)
    else:
        output_path = Path.cwd()
    skill_filename = output_path / f"{skill_name}.skill"
    # Create the .skill file (zip format)
    try:
        with zipfile.ZipFile(skill_filename, "w", zipfile.ZIP_DEFLATED) as zipf:
            # Walk through the skill directory
            for file_path in skill_path.rglob("*"):
                if file_path.is_file():
                    # Calculate the relative path within the zip
                    arcname = file_path.relative_to(skill_path.parent)
                    zipf.write(file_path, arcname)
                    print(f"  Added: {arcname}")
        print(f"\n✅ Successfully packaged skill to: {skill_filename}")
        return skill_filename
    except Exception as e:
        print(f"❌ Error creating .skill file: {e}")
        return None
 def main():
    if len(sys.argv) < 2:
        print("Usage: python utils/package_skill.py <path/to/skill-folder> [output-directory]")
        print("\nExample:")
        print("  python utils/package_skill.py skills/public/my-skill")
        print("  python utils/package_skill.py skills/public/my-skill ./dist")
        sys.exit(1)
    skill_path = sys.argv[1]
    output_dir = sys.argv[2] if len(sys.argv) > 2 else None
    print(f"📦 Packaging skill: {skill_path}")
    if output_dir:
        print(f"   Output directory: {output_dir}")
    print()
    result = package_skill(skill_path, output_dir)
    if result:
        sys.exit(0)
    else:
        sys.exit(1)
 if __name__ == "__main__":
    main()
--- a/.agents/skills/skill-creator/scripts/quick_validate.py
+++ b/.agents/skills/skill-creator/scripts/quick_validate.py
@ -0,0 +1,97 @@
 #!/usr/bin/env python3
 """
 Quick validation script for skills - minimal version
 """
 import sys
 import os
 import re
 import yaml
 from pathlib import Path
 def validate_skill(skill_path):
    """Basic validation of a skill"""
    skill_path = Path(skill_path)
    # Check SKILL.md exists
    skill_md = skill_path / "SKILL.md"
    if not skill_md.exists():
        return False, "SKILL.md not found"
    # Read and validate frontmatter
    content = skill_md.read_text()
    if not content.startswith("---"):
        return False, "No YAML frontmatter found"
    # Extract frontmatter
    match = re.match(r"^---\n(.*?)\n---", content, re.DOTALL)
    if not match:
        return False, "Invalid frontmatter format"
    frontmatter_text = match.group(1)
    # Parse YAML frontmatter
    try:
        frontmatter = yaml.safe_load(frontmatter_text)
        if not isinstance(frontmatter, dict):
            return False, "Frontmatter must be a YAML dictionary"
    except yaml.YAMLError as e:
        return False, f"Invalid YAML in frontmatter: {e}"
    # Define allowed properties
    ALLOWED_PROPERTIES = {"name", "description", "license", "allowed-tools", "metadata"}
    # Check for unexpected properties (excluding nested keys under metadata)
    unexpected_keys = set(frontmatter.keys()) - ALLOWED_PROPERTIES
    if unexpected_keys:
        return False, (
            f"Unexpected key(s) in SKILL.md frontmatter: {', '.join(sorted(unexpected_keys))}. "
            f"Allowed properties are: {', '.join(sorted(ALLOWED_PROPERTIES))}"
        )
    # Check required fields
    if "name" not in frontmatter:
        return False, "Missing 'name' in frontmatter"
    if "description" not in frontmatter:
        return False, "Missing 'description' in frontmatter"
    # Extract name for validation
    name = frontmatter.get("name", "")
    if not isinstance(name, str):
        return False, f"Name must be a string, got {type(name).__name__}"
    name = name.strip()
    if name:
        # Check naming convention (hyphen-case: lowercase with hyphens)
        if not re.match(r"^[a-z0-9-]+$", name):
            return False, f"Name '{name}' should be hyphen-case (lowercase letters, digits, and hyphens only)"
        if name.startswith("-") or name.endswith("-") or "--" in name:
            return False, f"Name '{name}' cannot start/end with hyphen or contain consecutive hyphens"
        # Check name length (max 64 characters per spec)
        if len(name) > 64:
            return False, f"Name is too long ({len(name)} characters). Maximum is 64 characters."
    # Extract and validate description
    description = frontmatter.get("description", "")
    if not isinstance(description, str):
        return False, f"Description must be a string, got {type(description).__name__}"
    description = description.strip()
    if description:
        # Check for angle brackets
        if "<" in description or ">" in description:
            return False, "Description cannot contain angle brackets (< or >)"
        # Check description length (max 1024 characters per spec)
        if len(description) > 1024:
            return False, f"Description is too long ({len(description)} characters). Maximum is 1024 characters."
    return True, "Skill is valid!"
 if __name__ == "__main__":
    if len(sys.argv) != 2:
        print("Usage: python quick_validate.py <skill_directory>")
        sys.exit(1)
    valid, message = validate_skill(sys.argv[1])
    print(message)
    sys.exit(0 if valid else 1)
--- a/.agents/skills/vercel-react-best-practices/AGENTS.md
+++ b/.agents/skills/vercel-react-best-practices/AGENTS.md
--- a/.agents/skills/vercel-react-best-practices/SKILL.md
+++ b/.agents/skills/vercel-react-best-practices/SKILL.md
@ -0,0 +1,125 @@
 ---
 name: vercel-react-best-practices
 description: React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
 license: MIT
 metadata:
  author: vercel
  version: "1.0.0"
 ---
 # Vercel React Best Practices
 Comprehensive performance optimization guide for React and Next.js applications, maintained by Vercel. Contains 45 rules across 8 categories, prioritized by impact to guide automated refactoring and code generation.
 ## When to Apply
 Reference these guidelines when:
 - Writing new React components or Next.js pages
 - Implementing data fetching (client or server-side)
 - Reviewing code for performance issues
 - Refactoring existing React/Next.js code
 - Optimizing bundle size or load times
 ## Rule Categories by Priority
 | Priority | Category | Impact | Prefix |
 |----------|----------|--------|--------|
 | 1 | Eliminating Waterfalls | CRITICAL | `async-` |
 | 2 | Bundle Size Optimization | CRITICAL | `bundle-` |
 | 3 | Server-Side Performance | HIGH | `server-` |
 | 4 | Client-Side Data Fetching | MEDIUM-HIGH | `client-` |
 | 5 | Re-render Optimization | MEDIUM | `rerender-` |
 | 6 | Rendering Performance | MEDIUM | `rendering-` |
 | 7 | JavaScript Performance | LOW-MEDIUM | `js-` |
 | 8 | Advanced Patterns | LOW | `advanced-` |
 ## Quick Reference
 ### 1. Eliminating Waterfalls (CRITICAL)
 - `async-defer-await` - Move await into branches where actually used
 - `async-parallel` - Use Promise.all() for independent operations
 - `async-dependencies` - Use better-all for partial dependencies
 - `async-api-routes` - Start promises early, await late in API routes
 - `async-suspense-boundaries` - Use Suspense to stream content
 ### 2. Bundle Size Optimization (CRITICAL)
 - `bundle-barrel-imports` - Import directly, avoid barrel files
 - `bundle-dynamic-imports` - Use next/dynamic for heavy components
 - `bundle-defer-third-party` - Load analytics/logging after hydration
 - `bundle-conditional` - Load modules only when feature is activated
 - `bundle-preload` - Preload on hover/focus for perceived speed
 ### 3. Server-Side Performance (HIGH)
 - `server-cache-react` - Use React.cache() for per-request deduplication
 - `server-cache-lru` - Use LRU cache for cross-request caching
 - `server-serialization` - Minimize data passed to client components
 - `server-parallel-fetching` - Restructure components to parallelize fetches
 - `server-after-nonblocking` - Use after() for non-blocking operations
 ### 4. Client-Side Data Fetching (MEDIUM-HIGH)
 - `client-swr-dedup` - Use SWR for automatic request deduplication
 - `client-event-listeners` - Deduplicate global event listeners
 ### 5. Re-render Optimization (MEDIUM)
 - `rerender-defer-reads` - Don't subscribe to state only used in callbacks
 - `rerender-memo` - Extract expensive work into memoized components
 - `rerender-dependencies` - Use primitive dependencies in effects
 - `rerender-derived-state` - Subscribe to derived booleans, not raw values
 - `rerender-functional-setstate` - Use functional setState for stable callbacks
 - `rerender-lazy-state-init` - Pass function to useState for expensive values
 - `rerender-transitions` - Use startTransition for non-urgent updates
 ### 6. Rendering Performance (MEDIUM)
 - `rendering-animate-svg-wrapper` - Animate div wrapper, not SVG element
 - `rendering-content-visibility` - Use content-visibility for long lists
 - `rendering-hoist-jsx` - Extract static JSX outside components
 - `rendering-svg-precision` - Reduce SVG coordinate precision
 - `rendering-hydration-no-flicker` - Use inline script for client-only data
 - `rendering-activity` - Use Activity component for show/hide
 - `rendering-conditional-render` - Use ternary, not && for conditionals
 ### 7. JavaScript Performance (LOW-MEDIUM)
 - `js-batch-dom-css` - Group CSS changes via classes or cssText
 - `js-index-maps` - Build Map for repeated lookups
 - `js-cache-property-access` - Cache object properties in loops
 - `js-cache-function-results` - Cache function results in module-level Map
 - `js-cache-storage` - Cache localStorage/sessionStorage reads
 - `js-combine-iterations` - Combine multiple filter/map into one loop
 - `js-length-check-first` - Check array length before expensive comparison
 - `js-early-exit` - Return early from functions
 - `js-hoist-regexp` - Hoist RegExp creation outside loops
 - `js-min-max-loop` - Use loop for min/max instead of sort
 - `js-set-map-lookups` - Use Set/Map for O(1) lookups
 - `js-tosorted-immutable` - Use toSorted() for immutability
 ### 8. Advanced Patterns (LOW)
 - `advanced-event-handler-refs` - Store event handlers in refs
 - `advanced-use-latest` - useLatest for stable callback refs
 ## How to Use
 Read individual rule files for detailed explanations and code examples:
 ```
 rules/async-parallel.md
 rules/bundle-barrel-imports.md
 rules/_sections.md
 ```
 Each rule file contains:
 - Brief explanation of why it matters
 - Incorrect code example with explanation
 - Correct code example with explanation
 - Additional context and references
 ## Full Compiled Document
 For the complete guide with all rules expanded: `AGENTS.md`
--- a/.agents/skills/vercel-react-best-practices/rules/advanced-event-handler-refs.md
+++ b/.agents/skills/vercel-react-best-practices/rules/advanced-event-handler-refs.md
@ -0,0 +1,55 @@
 ---
 title: Store Event Handlers in Refs
 impact: LOW
 impactDescription: stable subscriptions
 tags: advanced, hooks, refs, event-handlers, optimization
 ---
 ## Store Event Handlers in Refs
 Store callbacks in refs when used in effects that shouldn't re-subscribe on callback changes.
 **Incorrect (re-subscribes on every render):**
 ```tsx
 function useWindowEvent(event: string, handler: (e) => void) {
  useEffect(() => {
    window.addEventListener(event, handler)
    return () => window.removeEventListener(event, handler)
  }, [event, handler])
 }
 ```
 **Correct (stable subscription):**
 ```tsx
 function useWindowEvent(event: string, handler: (e) => void) {
  const handlerRef = useRef(handler)
  useEffect(() => {
    handlerRef.current = handler
  }, [handler])
  useEffect(() => {
    const listener = (e) => handlerRef.current(e)
    window.addEventListener(event, listener)
    return () => window.removeEventListener(event, listener)
  }, [event])
 }
 ```
 **Alternative: use `useEffectEvent` if you're on latest React:**
 ```tsx
 import { useEffectEvent } from 'react'
 function useWindowEvent(event: string, handler: (e) => void) {
  const onEvent = useEffectEvent(handler)
  useEffect(() => {
    window.addEventListener(event, onEvent)
    return () => window.removeEventListener(event, onEvent)
  }, [event])
 }
 ```
 `useEffectEvent` provides a cleaner API for the same pattern: it creates a stable function reference that always calls the latest version of the handler.
--- a/.agents/skills/vercel-react-best-practices/rules/advanced-use-latest.md
+++ b/.agents/skills/vercel-react-best-practices/rules/advanced-use-latest.md
@ -0,0 +1,49 @@
 ---
 title: useLatest for Stable Callback Refs
 impact: LOW
 impactDescription: prevents effect re-runs
 tags: advanced, hooks, useLatest, refs, optimization
 ---
 ## useLatest for Stable Callback Refs
 Access latest values in callbacks without adding them to dependency arrays. Prevents effect re-runs while avoiding stale closures.
 **Implementation:**
 ```typescript
 function useLatest<T>(value: T) {
  const ref = useRef(value)
  useLayoutEffect(() => {
    ref.current = value
  }, [value])
  return ref
 }
 ```
 **Incorrect (effect re-runs on every callback change):**
 ```tsx
 function SearchInput({ onSearch }: { onSearch: (q: string) => void }) {
  const [query, setQuery] = useState('')
  useEffect(() => {
    const timeout = setTimeout(() => onSearch(query), 300)
    return () => clearTimeout(timeout)
  }, [query, onSearch])
 }
 ```
 **Correct (stable effect, fresh callback):**
 ```tsx
 function SearchInput({ onSearch }: { onSearch: (q: string) => void }) {
  const [query, setQuery] = useState('')
  const onSearchRef = useLatest(onSearch)
  useEffect(() => {
    const timeout = setTimeout(() => onSearchRef.current(query), 300)
    return () => clearTimeout(timeout)
  }, [query])
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/async-api-routes.md
+++ b/.agents/skills/vercel-react-best-practices/rules/async-api-routes.md
@ -0,0 +1,38 @@
 ---
 title: Prevent Waterfall Chains in API Routes
 impact: CRITICAL
 impactDescription: 2-10× improvement
 tags: api-routes, server-actions, waterfalls, parallelization
 ---
 ## Prevent Waterfall Chains in API Routes
 In API routes and Server Actions, start independent operations immediately, even if you don't await them yet.
 **Incorrect (config waits for auth, data waits for both):**
 ```typescript
 export async function GET(request: Request) {
  const session = await auth()
  const config = await fetchConfig()
  const data = await fetchData(session.user.id)
  return Response.json({ data, config })
 }
 ```
 **Correct (auth and config start immediately):**
 ```typescript
 export async function GET(request: Request) {
  const sessionPromise = auth()
  const configPromise = fetchConfig()
  const session = await sessionPromise
  const [config, data] = await Promise.all([
    configPromise,
    fetchData(session.user.id)
  ])
  return Response.json({ data, config })
 }
 ```
 For operations with more complex dependency chains, use `better-all` to automatically maximize parallelism (see Dependency-Based Parallelization).
--- a/.agents/skills/vercel-react-best-practices/rules/async-defer-await.md
+++ b/.agents/skills/vercel-react-best-practices/rules/async-defer-await.md
@ -0,0 +1,80 @@
 ---
 title: Defer Await Until Needed
 impact: HIGH
 impactDescription: avoids blocking unused code paths
 tags: async, await, conditional, optimization
 ---
 ## Defer Await Until Needed
 Move `await` operations into the branches where they're actually used to avoid blocking code paths that don't need them.
 **Incorrect (blocks both branches):**
 ```typescript
 async function handleRequest(userId: string, skipProcessing: boolean) {
  const userData = await fetchUserData(userId)
  if (skipProcessing) {
    // Returns immediately but still waited for userData
    return { skipped: true }
  }
  // Only this branch uses userData
  return processUserData(userData)
 }
 ```
 **Correct (only blocks when needed):**
 ```typescript
 async function handleRequest(userId: string, skipProcessing: boolean) {
  if (skipProcessing) {
    // Returns immediately without waiting
    return { skipped: true }
  }
  // Fetch only when needed
  const userData = await fetchUserData(userId)
  return processUserData(userData)
 }
 ```
 **Another example (early return optimization):**
 ```typescript
 // Incorrect: always fetches permissions
 async function updateResource(resourceId: string, userId: string) {
  const permissions = await fetchPermissions(userId)
  const resource = await getResource(resourceId)
  if (!resource) {
    return { error: 'Not found' }
  }
  if (!permissions.canEdit) {
    return { error: 'Forbidden' }
  }
  return await updateResourceData(resource, permissions)
 }
 // Correct: fetches only when needed
 async function updateResource(resourceId: string, userId: string) {
  const resource = await getResource(resourceId)
  if (!resource) {
    return { error: 'Not found' }
  }
  const permissions = await fetchPermissions(userId)
  if (!permissions.canEdit) {
    return { error: 'Forbidden' }
  }
  return await updateResourceData(resource, permissions)
 }
 ```
 This optimization is especially valuable when the skipped branch is frequently taken, or when the deferred operation is expensive.
--- a/.agents/skills/vercel-react-best-practices/rules/async-dependencies.md
+++ b/.agents/skills/vercel-react-best-practices/rules/async-dependencies.md
@ -0,0 +1,36 @@
 ---
 title: Dependency-Based Parallelization
 impact: CRITICAL
 impactDescription: 2-10× improvement
 tags: async, parallelization, dependencies, better-all
 ---
 ## Dependency-Based Parallelization
 For operations with partial dependencies, use `better-all` to maximize parallelism. It automatically starts each task at the earliest possible moment.
 **Incorrect (profile waits for config unnecessarily):**
 ```typescript
 const [user, config] = await Promise.all([
  fetchUser(),
  fetchConfig()
 ])
 const profile = await fetchProfile(user.id)
 ```
 **Correct (config and profile run in parallel):**
 ```typescript
 import { all } from 'better-all'
 const { user, config, profile } = await all({
  async user() { return fetchUser() },
  async config() { return fetchConfig() },
  async profile() {
    return fetchProfile((await this.$.user).id)
  }
 })
 ```
 Reference: [https://github.com/shuding/better-all](https://github.com/shuding/better-all)
--- a/.agents/skills/vercel-react-best-practices/rules/async-parallel.md
+++ b/.agents/skills/vercel-react-best-practices/rules/async-parallel.md
@ -0,0 +1,28 @@
 ---
 title: Promise.all() for Independent Operations
 impact: CRITICAL
 impactDescription: 2-10× improvement
 tags: async, parallelization, promises, waterfalls
 ---
 ## Promise.all() for Independent Operations
 When async operations have no interdependencies, execute them concurrently using `Promise.all()`.
 **Incorrect (sequential execution, 3 round trips):**
 ```typescript
 const user = await fetchUser()
 const posts = await fetchPosts()
 const comments = await fetchComments()
 ```
 **Correct (parallel execution, 1 round trip):**
 ```typescript
 const [user, posts, comments] = await Promise.all([
  fetchUser(),
  fetchPosts(),
  fetchComments()
 ])
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/async-suspense-boundaries.md
+++ b/.agents/skills/vercel-react-best-practices/rules/async-suspense-boundaries.md
@ -0,0 +1,99 @@
 ---
 title: Strategic Suspense Boundaries
 impact: HIGH
 impactDescription: faster initial paint
 tags: async, suspense, streaming, layout-shift
 ---
 ## Strategic Suspense Boundaries
 Instead of awaiting data in async components before returning JSX, use Suspense boundaries to show the wrapper UI faster while data loads.
 **Incorrect (wrapper blocked by data fetching):**
 ```tsx
 async function Page() {
  const data = await fetchData() // Blocks entire page
  return (
    <div>
      <div>Sidebar</div>
      <div>Header</div>
      <div>
        <DataDisplay data={data} />
      </div>
      <div>Footer</div>
    </div>
  )
 }
 ```
 The entire layout waits for data even though only the middle section needs it.
 **Correct (wrapper shows immediately, data streams in):**
 ```tsx
 function Page() {
  return (
    <div>
      <div>Sidebar</div>
      <div>Header</div>
      <div>
        <Suspense fallback={<Skeleton />}>
          <DataDisplay />
        </Suspense>
      </div>
      <div>Footer</div>
    </div>
  )
 }
 async function DataDisplay() {
  const data = await fetchData() // Only blocks this component
  return <div>{data.content}</div>
 }
 ```
 Sidebar, Header, and Footer render immediately. Only DataDisplay waits for data.
 **Alternative (share promise across components):**
 ```tsx
 function Page() {
  // Start fetch immediately, but don't await
  const dataPromise = fetchData()
  return (
    <div>
      <div>Sidebar</div>
      <div>Header</div>
      <Suspense fallback={<Skeleton />}>
        <DataDisplay dataPromise={dataPromise} />
        <DataSummary dataPromise={dataPromise} />
      </Suspense>
      <div>Footer</div>
    </div>
  )
 }
 function DataDisplay({ dataPromise }: { dataPromise: Promise<Data> }) {
  const data = use(dataPromise) // Unwraps the promise
  return <div>{data.content}</div>
 }
 function DataSummary({ dataPromise }: { dataPromise: Promise<Data> }) {
  const data = use(dataPromise) // Reuses the same promise
  return <div>{data.summary}</div>
 }
 ```
 Both components share the same promise, so only one fetch occurs. Layout renders immediately while both components wait together.
 **When NOT to use this pattern:**
 - Critical data needed for layout decisions (affects positioning)
 - SEO-critical content above the fold
 - Small, fast queries where suspense overhead isn't worth it
 - When you want to avoid layout shift (loading → content jump)
 **Trade-off:** Faster initial paint vs potential layout shift. Choose based on your UX priorities.
--- a/.agents/skills/vercel-react-best-practices/rules/bundle-barrel-imports.md
+++ b/.agents/skills/vercel-react-best-practices/rules/bundle-barrel-imports.md
@ -0,0 +1,59 @@
 ---
 title: Avoid Barrel File Imports
 impact: CRITICAL
 impactDescription: 200-800ms import cost, slow builds
 tags: bundle, imports, tree-shaking, barrel-files, performance
 ---
 ## Avoid Barrel File Imports
 Import directly from source files instead of barrel files to avoid loading thousands of unused modules. **Barrel files** are entry points that re-export multiple modules (e.g., `index.js` that does `export * from './module'`).
 Popular icon and component libraries can have **up to 10,000 re-exports** in their entry file. For many React packages, **it takes 200-800ms just to import them**, affecting both development speed and production cold starts.
 **Why tree-shaking doesn't help:** When a library is marked as external (not bundled), the bundler can't optimize it. If you bundle it to enable tree-shaking, builds become substantially slower analyzing the entire module graph.
 **Incorrect (imports entire library):**
 ```tsx
 import { Check, X, Menu } from 'lucide-react'
 // Loads 1,583 modules, takes ~2.8s extra in dev
 // Runtime cost: 200-800ms on every cold start
 import { Button, TextField } from '@mui/material'
 // Loads 2,225 modules, takes ~4.2s extra in dev
 ```
 **Correct (imports only what you need):**
 ```tsx
 import Check from 'lucide-react/dist/esm/icons/check'
 import X from 'lucide-react/dist/esm/icons/x'
 import Menu from 'lucide-react/dist/esm/icons/menu'
 // Loads only 3 modules (~2KB vs ~1MB)
 import Button from '@mui/material/Button'
 import TextField from '@mui/material/TextField'
 // Loads only what you use
 ```
 **Alternative (Next.js 13.5+):**
 ```js
 // next.config.js - use optimizePackageImports
 module.exports = {
  experimental: {
    optimizePackageImports: ['lucide-react', '@mui/material']
  }
 }
 // Then you can keep the ergonomic barrel imports:
 import { Check, X, Menu } from 'lucide-react'
 // Automatically transformed to direct imports at build time
 ```
 Direct imports provide 15-70% faster dev boot, 28% faster builds, 40% faster cold starts, and significantly faster HMR.
 Libraries commonly affected: `lucide-react`, `@mui/material`, `@mui/icons-material`, `@tabler/icons-react`, `react-icons`, `@headlessui/react`, `@radix-ui/react-*`, `lodash`, `ramda`, `date-fns`, `rxjs`, `react-use`.
 Reference: [How we optimized package imports in Next.js](https://vercel.com/blog/how-we-optimized-package-imports-in-next-js)
--- a/.agents/skills/vercel-react-best-practices/rules/bundle-conditional.md
+++ b/.agents/skills/vercel-react-best-practices/rules/bundle-conditional.md
@ -0,0 +1,31 @@
 ---
 title: Conditional Module Loading
 impact: HIGH
 impactDescription: loads large data only when needed
 tags: bundle, conditional-loading, lazy-loading
 ---
 ## Conditional Module Loading
 Load large data or modules only when a feature is activated.
 **Example (lazy-load animation frames):**
 ```tsx
 function AnimationPlayer({ enabled, setEnabled }: { enabled: boolean; setEnabled: React.Dispatch<React.SetStateAction<boolean>> }) {
  const [frames, setFrames] = useState<Frame[] | null>(null)
  useEffect(() => {
    if (enabled && !frames && typeof window !== 'undefined') {
      import('./animation-frames.js')
        .then(mod => setFrames(mod.frames))
        .catch(() => setEnabled(false))
    }
  }, [enabled, frames, setEnabled])
  if (!frames) return <Skeleton />
  return <Canvas frames={frames} />
 }
 ```
 The `typeof window !== 'undefined'` check prevents bundling this module for SSR, optimizing server bundle size and build speed.
--- a/.agents/skills/vercel-react-best-practices/rules/bundle-defer-third-party.md
+++ b/.agents/skills/vercel-react-best-practices/rules/bundle-defer-third-party.md
@ -0,0 +1,49 @@
 ---
 title: Defer Non-Critical Third-Party Libraries
 impact: MEDIUM
 impactDescription: loads after hydration
 tags: bundle, third-party, analytics, defer
 ---
 ## Defer Non-Critical Third-Party Libraries
 Analytics, logging, and error tracking don't block user interaction. Load them after hydration.
 **Incorrect (blocks initial bundle):**
 ```tsx
 import { Analytics } from '@vercel/analytics/react'
 export default function RootLayout({ children }) {
  return (
    <html>
      <body>
        {children}
        <Analytics />
      </body>
    </html>
  )
 }
 ```
 **Correct (loads after hydration):**
 ```tsx
 import dynamic from 'next/dynamic'
 const Analytics = dynamic(
  () => import('@vercel/analytics/react').then(m => m.Analytics),
  { ssr: false }
 )
 export default function RootLayout({ children }) {
  return (
    <html>
      <body>
        {children}
        <Analytics />
      </body>
    </html>
  )
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/bundle-dynamic-imports.md
+++ b/.agents/skills/vercel-react-best-practices/rules/bundle-dynamic-imports.md
@ -0,0 +1,35 @@
 ---
 title: Dynamic Imports for Heavy Components
 impact: CRITICAL
 impactDescription: directly affects TTI and LCP
 tags: bundle, dynamic-import, code-splitting, next-dynamic
 ---
 ## Dynamic Imports for Heavy Components
 Use `next/dynamic` to lazy-load large components not needed on initial render.
 **Incorrect (Monaco bundles with main chunk ~300KB):**
 ```tsx
 import { MonacoEditor } from './monaco-editor'
 function CodePanel({ code }: { code: string }) {
  return <MonacoEditor value={code} />
 }
 ```
 **Correct (Monaco loads on demand):**
 ```tsx
 import dynamic from 'next/dynamic'
 const MonacoEditor = dynamic(
  () => import('./monaco-editor').then(m => m.MonacoEditor),
  { ssr: false }
 )
 function CodePanel({ code }: { code: string }) {
  return <MonacoEditor value={code} />
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/bundle-preload.md
+++ b/.agents/skills/vercel-react-best-practices/rules/bundle-preload.md
@ -0,0 +1,50 @@
 ---
 title: Preload Based on User Intent
 impact: MEDIUM
 impactDescription: reduces perceived latency
 tags: bundle, preload, user-intent, hover
 ---
 ## Preload Based on User Intent
 Preload heavy bundles before they're needed to reduce perceived latency.
 **Example (preload on hover/focus):**
 ```tsx
 function EditorButton({ onClick }: { onClick: () => void }) {
  const preload = () => {
    if (typeof window !== 'undefined') {
      void import('./monaco-editor')
    }
  }
  return (
    <button
      onMouseEnter={preload}
      onFocus={preload}
      onClick={onClick}
    >
      Open Editor
    </button>
  )
 }
 ```
 **Example (preload when feature flag is enabled):**
 ```tsx
 function FlagsProvider({ children, flags }: Props) {
  useEffect(() => {
    if (flags.editorEnabled && typeof window !== 'undefined') {
      void import('./monaco-editor').then(mod => mod.init())
    }
  }, [flags.editorEnabled])
  return <FlagsContext.Provider value={flags}>
    {children}
  </FlagsContext.Provider>
 }
 ```
 The `typeof window !== 'undefined'` check prevents bundling preloaded modules for SSR, optimizing server bundle size and build speed.
--- a/.agents/skills/vercel-react-best-practices/rules/client-event-listeners.md
+++ b/.agents/skills/vercel-react-best-practices/rules/client-event-listeners.md
@ -0,0 +1,74 @@
 ---
 title: Deduplicate Global Event Listeners
 impact: LOW
 impactDescription: single listener for N components
 tags: client, swr, event-listeners, subscription
 ---
 ## Deduplicate Global Event Listeners
 Use `useSWRSubscription()` to share global event listeners across component instances.
 **Incorrect (N instances = N listeners):**
 ```tsx
 function useKeyboardShortcut(key: string, callback: () => void) {
  useEffect(() => {
    const handler = (e: KeyboardEvent) => {
      if (e.metaKey && e.key === key) {
        callback()
      }
    }
    window.addEventListener('keydown', handler)
    return () => window.removeEventListener('keydown', handler)
  }, [key, callback])
 }
 ```
 When using the `useKeyboardShortcut` hook multiple times, each instance will register a new listener.
 **Correct (N instances = 1 listener):**
 ```tsx
 import useSWRSubscription from 'swr/subscription'
 // Module-level Map to track callbacks per key
 const keyCallbacks = new Map<string, Set<() => void>>()
 function useKeyboardShortcut(key: string, callback: () => void) {
  // Register this callback in the Map
  useEffect(() => {
    if (!keyCallbacks.has(key)) {
      keyCallbacks.set(key, new Set())
    }
    keyCallbacks.get(key)!.add(callback)
    return () => {
      const set = keyCallbacks.get(key)
      if (set) {
        set.delete(callback)
        if (set.size === 0) {
          keyCallbacks.delete(key)
        }
      }
    }
  }, [key, callback])
  useSWRSubscription('global-keydown', () => {
    const handler = (e: KeyboardEvent) => {
      if (e.metaKey && keyCallbacks.has(e.key)) {
        keyCallbacks.get(e.key)!.forEach(cb => cb())
      }
    }
    window.addEventListener('keydown', handler)
    return () => window.removeEventListener('keydown', handler)
  })
 }
 function Profile() {
  // Multiple shortcuts will share the same listener
  useKeyboardShortcut('p', () => { /* ... */ }) 
  useKeyboardShortcut('k', () => { /* ... */ })
  // ...
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/client-localstorage-schema.md
+++ b/.agents/skills/vercel-react-best-practices/rules/client-localstorage-schema.md
@ -0,0 +1,71 @@
 ---
 title: Version and Minimize localStorage Data
 impact: MEDIUM
 impactDescription: prevents schema conflicts, reduces storage size
 tags: client, localStorage, storage, versioning, data-minimization
 ---
 ## Version and Minimize localStorage Data
 Add version prefix to keys and store only needed fields. Prevents schema conflicts and accidental storage of sensitive data.
 **Incorrect:**
 ```typescript
 // No version, stores everything, no error handling
 localStorage.setItem('userConfig', JSON.stringify(fullUserObject))
 const data = localStorage.getItem('userConfig')
 ```
 **Correct:**
 ```typescript
 const VERSION = 'v2'
 function saveConfig(config: { theme: string; language: string }) {
  try {
    localStorage.setItem(`userConfig:${VERSION}`, JSON.stringify(config))
  } catch {
    // Throws in incognito/private browsing, quota exceeded, or disabled
  }
 }
 function loadConfig() {
  try {
    const data = localStorage.getItem(`userConfig:${VERSION}`)
    return data ? JSON.parse(data) : null
  } catch {
    return null
  }
 }
 // Migration from v1 to v2
 function migrate() {
  try {
    const v1 = localStorage.getItem('userConfig:v1')
    if (v1) {
      const old = JSON.parse(v1)
      saveConfig({ theme: old.darkMode ? 'dark' : 'light', language: old.lang })
      localStorage.removeItem('userConfig:v1')
    }
  } catch {}
 }
 ```
 **Store minimal fields from server responses:**
 ```typescript
 // User object has 20+ fields, only store what UI needs
 function cachePrefs(user: FullUser) {
  try {
    localStorage.setItem('prefs:v1', JSON.stringify({
      theme: user.preferences.theme,
      notifications: user.preferences.notifications
    }))
  } catch {}
 }
 ```
 **Always wrap in try-catch:** `getItem()` and `setItem()` throw in incognito/private browsing (Safari, Firefox), when quota exceeded, or when disabled.
 **Benefits:** Schema evolution via versioning, reduced storage size, prevents storing tokens/PII/internal flags.
--- a/.agents/skills/vercel-react-best-practices/rules/client-passive-event-listeners.md
+++ b/.agents/skills/vercel-react-best-practices/rules/client-passive-event-listeners.md
@ -0,0 +1,48 @@
 ---
 title: Use Passive Event Listeners for Scrolling Performance
 impact: MEDIUM
 impactDescription: eliminates scroll delay caused by event listeners
 tags: client, event-listeners, scrolling, performance, touch, wheel
 ---
 ## Use Passive Event Listeners for Scrolling Performance
 Add `{ passive: true }` to touch and wheel event listeners to enable immediate scrolling. Browsers normally wait for listeners to finish to check if `preventDefault()` is called, causing scroll delay.
 **Incorrect:**
 ```typescript
 useEffect(() => {
  const handleTouch = (e: TouchEvent) => console.log(e.touches[0].clientX)
  const handleWheel = (e: WheelEvent) => console.log(e.deltaY)
  document.addEventListener('touchstart', handleTouch)
  document.addEventListener('wheel', handleWheel)
  return () => {
    document.removeEventListener('touchstart', handleTouch)
    document.removeEventListener('wheel', handleWheel)
  }
 }, [])
 ```
 **Correct:**
 ```typescript
 useEffect(() => {
  const handleTouch = (e: TouchEvent) => console.log(e.touches[0].clientX)
  const handleWheel = (e: WheelEvent) => console.log(e.deltaY)
  document.addEventListener('touchstart', handleTouch, { passive: true })
  document.addEventListener('wheel', handleWheel, { passive: true })
  return () => {
    document.removeEventListener('touchstart', handleTouch)
    document.removeEventListener('wheel', handleWheel)
  }
 }, [])
 ```
 **Use passive when:** tracking/analytics, logging, any listener that doesn't call `preventDefault()`.
 **Don't use passive when:** implementing custom swipe gestures, custom zoom controls, or any listener that needs `preventDefault()`.
--- a/.agents/skills/vercel-react-best-practices/rules/client-swr-dedup.md
+++ b/.agents/skills/vercel-react-best-practices/rules/client-swr-dedup.md
@ -0,0 +1,56 @@
 ---
 title: Use SWR for Automatic Deduplication
 impact: MEDIUM-HIGH
 impactDescription: automatic deduplication
 tags: client, swr, deduplication, data-fetching
 ---
 ## Use SWR for Automatic Deduplication
 SWR enables request deduplication, caching, and revalidation across component instances.
 **Incorrect (no deduplication, each instance fetches):**
 ```tsx
 function UserList() {
  const [users, setUsers] = useState([])
  useEffect(() => {
    fetch('/api/users')
      .then(r => r.json())
      .then(setUsers)
  }, [])
 }
 ```
 **Correct (multiple instances share one request):**
 ```tsx
 import useSWR from 'swr'
 function UserList() {
  const { data: users } = useSWR('/api/users', fetcher)
 }
 ```
 **For immutable data:**
 ```tsx
 import { useImmutableSWR } from '@/lib/swr'
 function StaticContent() {
  const { data } = useImmutableSWR('/api/config', fetcher)
 }
 ```
 **For mutations:**
 ```tsx
 import { useSWRMutation } from 'swr/mutation'
 function UpdateButton() {
  const { trigger } = useSWRMutation('/api/user', updateUser)
  return <button onClick={() => trigger()}>Update</button>
 }
 ```
 Reference: [https://swr.vercel.app](https://swr.vercel.app)
--- a/.agents/skills/vercel-react-best-practices/rules/js-batch-dom-css.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-batch-dom-css.md
@ -0,0 +1,57 @@
 ---
 title: Batch DOM CSS Changes
 impact: MEDIUM
 impactDescription: reduces reflows/repaints
 tags: javascript, dom, css, performance, reflow
 ---
 ## Batch DOM CSS Changes
 Avoid interleaving style writes with layout reads. When you read a layout property (like `offsetWidth`, `getBoundingClientRect()`, or `getComputedStyle()`) between style changes, the browser is forced to trigger a synchronous reflow.
 **Incorrect (interleaved reads and writes force reflows):**
 ```typescript
 function updateElementStyles(element: HTMLElement) {
  element.style.width = '100px'
  const width = element.offsetWidth  // Forces reflow
  element.style.height = '200px'
  const height = element.offsetHeight  // Forces another reflow
 }
 ```
 **Correct (batch writes, then read once):**
 ```typescript
 function updateElementStyles(element: HTMLElement) {
  // Batch all writes together
  element.style.width = '100px'
  element.style.height = '200px'
  element.style.backgroundColor = 'blue'
  element.style.border = '1px solid black'
  // Read after all writes are done (single reflow)
  const { width, height } = element.getBoundingClientRect()
 }
 ```
 **Better: use CSS classes**
 ```css
 .highlighted-box {
  width: 100px;
  height: 200px;
  background-color: blue;
  border: 1px solid black;
 }
 ```
 ```typescript
 function updateElementStyles(element: HTMLElement) {
  element.classList.add('highlighted-box')
  const { width, height } = element.getBoundingClientRect()
 }
 ```
 Prefer CSS classes over inline styles when possible. CSS files are cached by the browser, and classes provide better separation of concerns and are easier to maintain.
--- a/.agents/skills/vercel-react-best-practices/rules/js-cache-function-results.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-cache-function-results.md
@ -0,0 +1,80 @@
 ---
 title: Cache Repeated Function Calls
 impact: MEDIUM
 impactDescription: avoid redundant computation
 tags: javascript, cache, memoization, performance
 ---
 ## Cache Repeated Function Calls
 Use a module-level Map to cache function results when the same function is called repeatedly with the same inputs during render.
 **Incorrect (redundant computation):**
 ```typescript
 function ProjectList({ projects }: { projects: Project[] }) {
  return (
    <div>
      {projects.map(project => {
        // slugify() called 100+ times for same project names
        const slug = slugify(project.name)
        return <ProjectCard key={project.id} slug={slug} />
      })}
    </div>
  )
 }
 ```
 **Correct (cached results):**
 ```typescript
 // Module-level cache
 const slugifyCache = new Map<string, string>()
 function cachedSlugify(text: string): string {
  if (slugifyCache.has(text)) {
    return slugifyCache.get(text)!
  }
  const result = slugify(text)
  slugifyCache.set(text, result)
  return result
 }
 function ProjectList({ projects }: { projects: Project[] }) {
  return (
    <div>
      {projects.map(project => {
        // Computed only once per unique project name
        const slug = cachedSlugify(project.name)
        return <ProjectCard key={project.id} slug={slug} />
      })}
    </div>
  )
 }
 ```
 **Simpler pattern for single-value functions:**
 ```typescript
 let isLoggedInCache: boolean | null = null
 function isLoggedIn(): boolean {
  if (isLoggedInCache !== null) {
    return isLoggedInCache
  }
  isLoggedInCache = document.cookie.includes('auth=')
  return isLoggedInCache
 }
 // Clear cache when auth changes
 function onAuthChange() {
  isLoggedInCache = null
 }
 ```
 Use a Map (not a hook) so it works everywhere: utilities, event handlers, not just React components.
 Reference: [How we made the Vercel Dashboard twice as fast](https://vercel.com/blog/how-we-made-the-vercel-dashboard-twice-as-fast)
--- a/.agents/skills/vercel-react-best-practices/rules/js-cache-property-access.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-cache-property-access.md
@ -0,0 +1,28 @@
 ---
 title: Cache Property Access in Loops
 impact: LOW-MEDIUM
 impactDescription: reduces lookups
 tags: javascript, loops, optimization, caching
 ---
 ## Cache Property Access in Loops
 Cache object property lookups in hot paths.
 **Incorrect (3 lookups × N iterations):**
 ```typescript
 for (let i = 0; i < arr.length; i++) {
  process(obj.config.settings.value)
 }
 ```
 **Correct (1 lookup total):**
 ```typescript
 const value = obj.config.settings.value
 const len = arr.length
 for (let i = 0; i < len; i++) {
  process(value)
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/js-cache-storage.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-cache-storage.md
@ -0,0 +1,70 @@
 ---
 title: Cache Storage API Calls
 impact: LOW-MEDIUM
 impactDescription: reduces expensive I/O
 tags: javascript, localStorage, storage, caching, performance
 ---
 ## Cache Storage API Calls
 `localStorage`, `sessionStorage`, and `document.cookie` are synchronous and expensive. Cache reads in memory.
 **Incorrect (reads storage on every call):**
 ```typescript
 function getTheme() {
  return localStorage.getItem('theme') ?? 'light'
 }
 // Called 10 times = 10 storage reads
 ```
 **Correct (Map cache):**
 ```typescript
 const storageCache = new Map<string, string | null>()
 function getLocalStorage(key: string) {
  if (!storageCache.has(key)) {
    storageCache.set(key, localStorage.getItem(key))
  }
  return storageCache.get(key)
 }
 function setLocalStorage(key: string, value: string) {
  localStorage.setItem(key, value)
  storageCache.set(key, value)  // keep cache in sync
 }
 ```
 Use a Map (not a hook) so it works everywhere: utilities, event handlers, not just React components.
 **Cookie caching:**
 ```typescript
 let cookieCache: Record<string, string> | null = null
 function getCookie(name: string) {
  if (!cookieCache) {
    cookieCache = Object.fromEntries(
      document.cookie.split('; ').map(c => c.split('='))
    )
  }
  return cookieCache[name]
 }
 ```
 **Important (invalidate on external changes):**
 If storage can change externally (another tab, server-set cookies), invalidate cache:
 ```typescript
 window.addEventListener('storage', (e) => {
  if (e.key) storageCache.delete(e.key)
 })
 document.addEventListener('visibilitychange', () => {
  if (document.visibilityState === 'visible') {
    storageCache.clear()
  }
 })
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/js-combine-iterations.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-combine-iterations.md
@ -0,0 +1,32 @@
 ---
 title: Combine Multiple Array Iterations
 impact: LOW-MEDIUM
 impactDescription: reduces iterations
 tags: javascript, arrays, loops, performance
 ---
 ## Combine Multiple Array Iterations
 Multiple `.filter()` or `.map()` calls iterate the array multiple times. Combine into one loop.
 **Incorrect (3 iterations):**
 ```typescript
 const admins = users.filter(u => u.isAdmin)
 const testers = users.filter(u => u.isTester)
 const inactive = users.filter(u => !u.isActive)
 ```
 **Correct (1 iteration):**
 ```typescript
 const admins: User[] = []
 const testers: User[] = []
 const inactive: User[] = []
 for (const user of users) {
  if (user.isAdmin) admins.push(user)
  if (user.isTester) testers.push(user)
  if (!user.isActive) inactive.push(user)
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/js-early-exit.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-early-exit.md
@ -0,0 +1,50 @@
 ---
 title: Early Return from Functions
 impact: LOW-MEDIUM
 impactDescription: avoids unnecessary computation
 tags: javascript, functions, optimization, early-return
 ---
 ## Early Return from Functions
 Return early when result is determined to skip unnecessary processing.
 **Incorrect (processes all items even after finding answer):**
 ```typescript
 function validateUsers(users: User[]) {
  let hasError = false
  let errorMessage = ''
  for (const user of users) {
    if (!user.email) {
      hasError = true
      errorMessage = 'Email required'
    }
    if (!user.name) {
      hasError = true
      errorMessage = 'Name required'
    }
    // Continues checking all users even after error found
  }
  return hasError ? { valid: false, error: errorMessage } : { valid: true }
 }
 ```
 **Correct (returns immediately on first error):**
 ```typescript
 function validateUsers(users: User[]) {
  for (const user of users) {
    if (!user.email) {
      return { valid: false, error: 'Email required' }
    }
    if (!user.name) {
      return { valid: false, error: 'Name required' }
    }
  }
  return { valid: true }
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/js-hoist-regexp.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-hoist-regexp.md
@ -0,0 +1,45 @@
 ---
 title: Hoist RegExp Creation
 impact: LOW-MEDIUM
 impactDescription: avoids recreation
 tags: javascript, regexp, optimization, memoization
 ---
 ## Hoist RegExp Creation
 Don't create RegExp inside render. Hoist to module scope or memoize with `useMemo()`.
 **Incorrect (new RegExp every render):**
 ```tsx
 function Highlighter({ text, query }: Props) {
  const regex = new RegExp(`(${query})`, 'gi')
  const parts = text.split(regex)
  return <>{parts.map((part, i) => ...)}</>
 }
 ```
 **Correct (memoize or hoist):**
 ```tsx
 const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
 function Highlighter({ text, query }: Props) {
  const regex = useMemo(
    () => new RegExp(`(${escapeRegex(query)})`, 'gi'),
    [query]
  )
  const parts = text.split(regex)
  return <>{parts.map((part, i) => ...)}</>
 }
 ```
 **Warning (global regex has mutable state):**
 Global regex (`/g`) has mutable `lastIndex` state:
 ```typescript
 const regex = /foo/g
 regex.test('foo')  // true, lastIndex = 3
 regex.test('foo')  // false, lastIndex = 0
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/js-index-maps.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-index-maps.md
@ -0,0 +1,37 @@
 ---
 title: Build Index Maps for Repeated Lookups
 impact: LOW-MEDIUM
 impactDescription: 1M ops to 2K ops
 tags: javascript, map, indexing, optimization, performance
 ---
 ## Build Index Maps for Repeated Lookups
 Multiple `.find()` calls by the same key should use a Map.
 **Incorrect (O(n) per lookup):**
 ```typescript
 function processOrders(orders: Order[], users: User[]) {
  return orders.map(order => ({
    ...order,
    user: users.find(u => u.id === order.userId)
  }))
 }
 ```
 **Correct (O(1) per lookup):**
 ```typescript
 function processOrders(orders: Order[], users: User[]) {
  const userById = new Map(users.map(u => [u.id, u]))
  return orders.map(order => ({
    ...order,
    user: userById.get(order.userId)
  }))
 }
 ```
 Build map once (O(n)), then all lookups are O(1).
 For 1000 orders × 1000 users: 1M ops → 2K ops.
--- a/.agents/skills/vercel-react-best-practices/rules/js-length-check-first.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-length-check-first.md
@ -0,0 +1,49 @@
 ---
 title: Early Length Check for Array Comparisons
 impact: MEDIUM-HIGH
 impactDescription: avoids expensive operations when lengths differ
 tags: javascript, arrays, performance, optimization, comparison
 ---
 ## Early Length Check for Array Comparisons
 When comparing arrays with expensive operations (sorting, deep equality, serialization), check lengths first. If lengths differ, the arrays cannot be equal.
 In real-world applications, this optimization is especially valuable when the comparison runs in hot paths (event handlers, render loops).
 **Incorrect (always runs expensive comparison):**
 ```typescript
 function hasChanges(current: string[], original: string[]) {
  // Always sorts and joins, even when lengths differ
  return current.sort().join() !== original.sort().join()
 }
 ```
 Two O(n log n) sorts run even when `current.length` is 5 and `original.length` is 100. There is also overhead of joining the arrays and comparing the strings.
 **Correct (O(1) length check first):**
 ```typescript
 function hasChanges(current: string[], original: string[]) {
  // Early return if lengths differ
  if (current.length !== original.length) {
    return true
  }
  // Only sort when lengths match
  const currentSorted = current.toSorted()
  const originalSorted = original.toSorted()
  for (let i = 0; i < currentSorted.length; i++) {
    if (currentSorted[i] !== originalSorted[i]) {
      return true
    }
  }
  return false
 }
 ```
 This new approach is more efficient because:
 - It avoids the overhead of sorting and joining the arrays when lengths differ
 - It avoids consuming memory for the joined strings (especially important for large arrays)
 - It avoids mutating the original arrays
 - It returns early when a difference is found
--- a/.agents/skills/vercel-react-best-practices/rules/js-min-max-loop.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-min-max-loop.md
@ -0,0 +1,82 @@
 ---
 title: Use Loop for Min/Max Instead of Sort
 impact: LOW
 impactDescription: O(n) instead of O(n log n)
 tags: javascript, arrays, performance, sorting, algorithms
 ---
 ## Use Loop for Min/Max Instead of Sort
 Finding the smallest or largest element only requires a single pass through the array. Sorting is wasteful and slower.
 **Incorrect (O(n log n) - sort to find latest):**
 ```typescript
 interface Project {
  id: string
  name: string
  updatedAt: number
 }
 function getLatestProject(projects: Project[]) {
  const sorted = [...projects].sort((a, b) => b.updatedAt - a.updatedAt)
  return sorted[0]
 }
 ```
 Sorts the entire array just to find the maximum value.
 **Incorrect (O(n log n) - sort for oldest and newest):**
 ```typescript
 function getOldestAndNewest(projects: Project[]) {
  const sorted = [...projects].sort((a, b) => a.updatedAt - b.updatedAt)
  return { oldest: sorted[0], newest: sorted[sorted.length - 1] }
 }
 ```
 Still sorts unnecessarily when only min/max are needed.
 **Correct (O(n) - single loop):**
 ```typescript
 function getLatestProject(projects: Project[]) {
  if (projects.length === 0) return null
  let latest = projects[0]
  for (let i = 1; i < projects.length; i++) {
    if (projects[i].updatedAt > latest.updatedAt) {
      latest = projects[i]
    }
  }
  return latest
 }
 function getOldestAndNewest(projects: Project[]) {
  if (projects.length === 0) return { oldest: null, newest: null }
  let oldest = projects[0]
  let newest = projects[0]
  for (let i = 1; i < projects.length; i++) {
    if (projects[i].updatedAt < oldest.updatedAt) oldest = projects[i]
    if (projects[i].updatedAt > newest.updatedAt) newest = projects[i]
  }
  return { oldest, newest }
 }
 ```
 Single pass through the array, no copying, no sorting.
 **Alternative (Math.min/Math.max for small arrays):**
 ```typescript
 const numbers = [5, 2, 8, 1, 9]
 const min = Math.min(...numbers)
 const max = Math.max(...numbers)
 ```
 This works for small arrays, but can be slower or just throw an error for very large arrays due to spread operator limitations. Maximal array length is approximately 124000 in Chrome 143 and 638000 in Safari 18; exact numbers may vary - see [the fiddle](https://jsfiddle.net/qw1jabsx/4/). Use the loop approach for reliability.
--- a/.agents/skills/vercel-react-best-practices/rules/js-set-map-lookups.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-set-map-lookups.md
@ -0,0 +1,24 @@
 ---
 title: Use Set/Map for O(1) Lookups
 impact: LOW-MEDIUM
 impactDescription: O(n) to O(1)
 tags: javascript, set, map, data-structures, performance
 ---
 ## Use Set/Map for O(1) Lookups
 Convert arrays to Set/Map for repeated membership checks.
 **Incorrect (O(n) per check):**
 ```typescript
 const allowedIds = ['a', 'b', 'c', ...]
 items.filter(item => allowedIds.includes(item.id))
 ```
 **Correct (O(1) per check):**
 ```typescript
 const allowedIds = new Set(['a', 'b', 'c', ...])
 items.filter(item => allowedIds.has(item.id))
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/js-tosorted-immutable.md
+++ b/.agents/skills/vercel-react-best-practices/rules/js-tosorted-immutable.md
@ -0,0 +1,57 @@
 ---
 title: Use toSorted() Instead of sort() for Immutability
 impact: MEDIUM-HIGH
 impactDescription: prevents mutation bugs in React state
 tags: javascript, arrays, immutability, react, state, mutation
 ---
 ## Use toSorted() Instead of sort() for Immutability
 `.sort()` mutates the array in place, which can cause bugs with React state and props. Use `.toSorted()` to create a new sorted array without mutation.
 **Incorrect (mutates original array):**
 ```typescript
 function UserList({ users }: { users: User[] }) {
  // Mutates the users prop array!
  const sorted = useMemo(
    () => users.sort((a, b) => a.name.localeCompare(b.name)),
    [users]
  )
  return <div>{sorted.map(renderUser)}</div>
 }
 ```
 **Correct (creates new array):**
 ```typescript
 function UserList({ users }: { users: User[] }) {
  // Creates new sorted array, original unchanged
  const sorted = useMemo(
    () => users.toSorted((a, b) => a.name.localeCompare(b.name)),
    [users]
  )
  return <div>{sorted.map(renderUser)}</div>
 }
 ```
 **Why this matters in React:**
 1. Props/state mutations break React's immutability model - React expects props and state to be treated as read-only
 2. Causes stale closure bugs - Mutating arrays inside closures (callbacks, effects) can lead to unexpected behavior
 **Browser support (fallback for older browsers):**
 `.toSorted()` is available in all modern browsers (Chrome 110+, Safari 16+, Firefox 115+, Node.js 20+). For older environments, use spread operator:
 ```typescript
 // Fallback for older browsers
 const sorted = [...items].sort((a, b) => a.value - b.value)
 ```
 **Other immutable array methods:**
 - `.toSorted()` - immutable sort
 - `.toReversed()` - immutable reverse
 - `.toSpliced()` - immutable splice
 - `.with()` - immutable element replacement
--- a/.agents/skills/vercel-react-best-practices/rules/rendering-activity.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rendering-activity.md
@ -0,0 +1,26 @@
 ---
 title: Use Activity Component for Show/Hide
 impact: MEDIUM
 impactDescription: preserves state/DOM
 tags: rendering, activity, visibility, state-preservation
 ---
 ## Use Activity Component for Show/Hide
 Use React's `<Activity>` to preserve state/DOM for expensive components that frequently toggle visibility.
 **Usage:**
 ```tsx
 import { Activity } from 'react'
 function Dropdown({ isOpen }: Props) {
  return (
    <Activity mode={isOpen ? 'visible' : 'hidden'}>
      <ExpensiveMenu />
    </Activity>
  )
 }
 ```
 Avoids expensive re-renders and state loss.
--- a/.agents/skills/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md
@ -0,0 +1,47 @@
 ---
 title: Animate SVG Wrapper Instead of SVG Element
 impact: LOW
 impactDescription: enables hardware acceleration
 tags: rendering, svg, css, animation, performance
 ---
 ## Animate SVG Wrapper Instead of SVG Element
 Many browsers don't have hardware acceleration for CSS3 animations on SVG elements. Wrap SVG in a `<div>` and animate the wrapper instead.
 **Incorrect (animating SVG directly - no hardware acceleration):**
 ```tsx
 function LoadingSpinner() {
  return (
    <svg 
      className="animate-spin"
      width="24" 
      height="24" 
      viewBox="0 0 24 24"
    >
      <circle cx="12" cy="12" r="10" stroke="currentColor" />
    </svg>
  )
 }
 ```
 **Correct (animating wrapper div - hardware accelerated):**
 ```tsx
 function LoadingSpinner() {
  return (
    <div className="animate-spin">
      <svg 
        width="24" 
        height="24" 
        viewBox="0 0 24 24"
      >
        <circle cx="12" cy="12" r="10" stroke="currentColor" />
      </svg>
    </div>
  )
 }
 ```
 This applies to all CSS transforms and transitions (`transform`, `opacity`, `translate`, `scale`, `rotate`). The wrapper div allows browsers to use GPU acceleration for smoother animations.
--- a/.agents/skills/vercel-react-best-practices/rules/rendering-conditional-render.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rendering-conditional-render.md
@ -0,0 +1,40 @@
 ---
 title: Use Explicit Conditional Rendering
 impact: LOW
 impactDescription: prevents rendering 0 or NaN
 tags: rendering, conditional, jsx, falsy-values
 ---
 ## Use Explicit Conditional Rendering
 Use explicit ternary operators (`? :`) instead of `&&` for conditional rendering when the condition can be `0`, `NaN`, or other falsy values that render.
 **Incorrect (renders "0" when count is 0):**
 ```tsx
 function Badge({ count }: { count: number }) {
  return (
    <div>
      {count && <span className="badge">{count}</span>}
    </div>
  )
 }
 // When count = 0, renders: <div>0</div>
 // When count = 5, renders: <div><span class="badge">5</span></div>
 ```
 **Correct (renders nothing when count is 0):**
 ```tsx
 function Badge({ count }: { count: number }) {
  return (
    <div>
      {count > 0 ? <span className="badge">{count}</span> : null}
    </div>
  )
 }
 // When count = 0, renders: <div></div>
 // When count = 5, renders: <div><span class="badge">5</span></div>
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/rendering-content-visibility.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rendering-content-visibility.md
@ -0,0 +1,38 @@
 ---
 title: CSS content-visibility for Long Lists
 impact: HIGH
 impactDescription: faster initial render
 tags: rendering, css, content-visibility, long-lists
 ---
 ## CSS content-visibility for Long Lists
 Apply `content-visibility: auto` to defer off-screen rendering.
 **CSS:**
 ```css
 .message-item {
  content-visibility: auto;
  contain-intrinsic-size: 0 80px;
 }
 ```
 **Example:**
 ```tsx
 function MessageList({ messages }: { messages: Message[] }) {
  return (
    <div className="overflow-y-auto h-screen">
      {messages.map(msg => (
        <div key={msg.id} className="message-item">
          <Avatar user={msg.author} />
          <div>{msg.content}</div>
        </div>
      ))}
    </div>
  )
 }
 ```
 For 1000 messages, browser skips layout/paint for ~990 off-screen items (10× faster initial render).
--- a/.agents/skills/vercel-react-best-practices/rules/rendering-hoist-jsx.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rendering-hoist-jsx.md
@ -0,0 +1,46 @@
 ---
 title: Hoist Static JSX Elements
 impact: LOW
 impactDescription: avoids re-creation
 tags: rendering, jsx, static, optimization
 ---
 ## Hoist Static JSX Elements
 Extract static JSX outside components to avoid re-creation.
 **Incorrect (recreates element every render):**
 ```tsx
 function LoadingSkeleton() {
  return <div className="animate-pulse h-20 bg-gray-200" />
 }
 function Container() {
  return (
    <div>
      {loading && <LoadingSkeleton />}
    </div>
  )
 }
 ```
 **Correct (reuses same element):**
 ```tsx
 const loadingSkeleton = (
  <div className="animate-pulse h-20 bg-gray-200" />
 )
 function Container() {
  return (
    <div>
      {loading && loadingSkeleton}
    </div>
  )
 }
 ```
 This is especially helpful for large and static SVG nodes, which can be expensive to recreate on every render.
 **Note:** If your project has [React Compiler](https://react.dev/learn/react-compiler) enabled, the compiler automatically hoists static JSX elements and optimizes component re-renders, making manual hoisting unnecessary.
--- a/.agents/skills/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rendering-hydration-no-flicker.md
@ -0,0 +1,82 @@
 ---
 title: Prevent Hydration Mismatch Without Flickering
 impact: MEDIUM
 impactDescription: avoids visual flicker and hydration errors
 tags: rendering, ssr, hydration, localStorage, flicker
 ---
 ## Prevent Hydration Mismatch Without Flickering
 When rendering content that depends on client-side storage (localStorage, cookies), avoid both SSR breakage and post-hydration flickering by injecting a synchronous script that updates the DOM before React hydrates.
 **Incorrect (breaks SSR):**
 ```tsx
 function ThemeWrapper({ children }: { children: ReactNode }) {
  // localStorage is not available on server - throws error
  const theme = localStorage.getItem('theme') || 'light'
  return (
    <div className={theme}>
      {children}
    </div>
  )
 }
 ```
 Server-side rendering will fail because `localStorage` is undefined.
 **Incorrect (visual flickering):**
 ```tsx
 function ThemeWrapper({ children }: { children: ReactNode }) {
  const [theme, setTheme] = useState('light')
  useEffect(() => {
    // Runs after hydration - causes visible flash
    const stored = localStorage.getItem('theme')
    if (stored) {
      setTheme(stored)
    }
  }, [])
  return (
    <div className={theme}>
      {children}
    </div>
  )
 }
 ```
 Component first renders with default value (`light`), then updates after hydration, causing a visible flash of incorrect content.
 **Correct (no flicker, no hydration mismatch):**
 ```tsx
 function ThemeWrapper({ children }: { children: ReactNode }) {
  return (
    <>
      <div id="theme-wrapper">
        {children}
      </div>
      <script
        dangerouslySetInnerHTML={{
          __html: `
            (function() {
              try {
                var theme = localStorage.getItem('theme') || 'light';
                var el = document.getElementById('theme-wrapper');
                if (el) el.className = theme;
              } catch (e) {}
            })();
          `,
        }}
      />
    </>
  )
 }
 ```
 The inline script executes synchronously before showing the element, ensuring the DOM already has the correct value. No flickering, no hydration mismatch.
 This pattern is especially useful for theme toggles, user preferences, authentication states, and any client-only data that should render immediately without flashing default values.
--- a/.agents/skills/vercel-react-best-practices/rules/rendering-svg-precision.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rendering-svg-precision.md
@ -0,0 +1,28 @@
 ---
 title: Optimize SVG Precision
 impact: LOW
 impactDescription: reduces file size
 tags: rendering, svg, optimization, svgo
 ---
 ## Optimize SVG Precision
 Reduce SVG coordinate precision to decrease file size. The optimal precision depends on the viewBox size, but in general reducing precision should be considered.
 **Incorrect (excessive precision):**
 ```svg
 <path d="M 10.293847 20.847362 L 30.938472 40.192837" />
 ```
 **Correct (1 decimal place):**
 ```svg
 <path d="M 10.3 20.8 L 30.9 40.2" />
 ```
 **Automate with SVGO:**
 ```bash
 npx svgo --precision=1 --multipass icon.svg
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/rerender-defer-reads.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rerender-defer-reads.md
@ -0,0 +1,39 @@
 ---
 title: Defer State Reads to Usage Point
 impact: MEDIUM
 impactDescription: avoids unnecessary subscriptions
 tags: rerender, searchParams, localStorage, optimization
 ---
 ## Defer State Reads to Usage Point
 Don't subscribe to dynamic state (searchParams, localStorage) if you only read it inside callbacks.
 **Incorrect (subscribes to all searchParams changes):**
 ```tsx
 function ShareButton({ chatId }: { chatId: string }) {
  const searchParams = useSearchParams()
  const handleShare = () => {
    const ref = searchParams.get('ref')
    shareChat(chatId, { ref })
  }
  return <button onClick={handleShare}>Share</button>
 }
 ```
 **Correct (reads on demand, no subscription):**
 ```tsx
 function ShareButton({ chatId }: { chatId: string }) {
  const handleShare = () => {
    const params = new URLSearchParams(window.location.search)
    const ref = params.get('ref')
    shareChat(chatId, { ref })
  }
  return <button onClick={handleShare}>Share</button>
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/rerender-dependencies.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rerender-dependencies.md
@ -0,0 +1,45 @@
 ---
 title: Narrow Effect Dependencies
 impact: LOW
 impactDescription: minimizes effect re-runs
 tags: rerender, useEffect, dependencies, optimization
 ---
 ## Narrow Effect Dependencies
 Specify primitive dependencies instead of objects to minimize effect re-runs.
 **Incorrect (re-runs on any user field change):**
 ```tsx
 useEffect(() => {
  console.log(user.id)
 }, [user])
 ```
 **Correct (re-runs only when id changes):**
 ```tsx
 useEffect(() => {
  console.log(user.id)
 }, [user.id])
 ```
 **For derived state, compute outside effect:**
 ```tsx
 // Incorrect: runs on width=767, 766, 765...
 useEffect(() => {
  if (width < 768) {
    enableMobileMode()
  }
 }, [width])
 // Correct: runs only on boolean transition
 const isMobile = width < 768
 useEffect(() => {
  if (isMobile) {
    enableMobileMode()
  }
 }, [isMobile])
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/rerender-derived-state.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rerender-derived-state.md
@ -0,0 +1,29 @@
 ---
 title: Subscribe to Derived State
 impact: MEDIUM
 impactDescription: reduces re-render frequency
 tags: rerender, derived-state, media-query, optimization
 ---
 ## Subscribe to Derived State
 Subscribe to derived boolean state instead of continuous values to reduce re-render frequency.
 **Incorrect (re-renders on every pixel change):**
 ```tsx
 function Sidebar() {
  const width = useWindowWidth()  // updates continuously
  const isMobile = width < 768
  return <nav className={isMobile ? 'mobile' : 'desktop'} />
 }
 ```
 **Correct (re-renders only when boolean changes):**
 ```tsx
 function Sidebar() {
  const isMobile = useMediaQuery('(max-width: 767px)')
  return <nav className={isMobile ? 'mobile' : 'desktop'} />
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/rerender-functional-setstate.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rerender-functional-setstate.md
@ -0,0 +1,74 @@
 ---
 title: Use Functional setState Updates
 impact: MEDIUM
 impactDescription: prevents stale closures and unnecessary callback recreations
 tags: react, hooks, useState, useCallback, callbacks, closures
 ---
 ## Use Functional setState Updates
 When updating state based on the current state value, use the functional update form of setState instead of directly referencing the state variable. This prevents stale closures, eliminates unnecessary dependencies, and creates stable callback references.
 **Incorrect (requires state as dependency):**
 ```tsx
 function TodoList() {
  const [items, setItems] = useState(initialItems)
  // Callback must depend on items, recreated on every items change
  const addItems = useCallback((newItems: Item[]) => {
    setItems([...items, ...newItems])
  }, [items])  // ❌ items dependency causes recreations
  // Risk of stale closure if dependency is forgotten
  const removeItem = useCallback((id: string) => {
    setItems(items.filter(item => item.id !== id))
  }, [])  // ❌ Missing items dependency - will use stale items!
  return <ItemsEditor items={items} onAdd={addItems} onRemove={removeItem} />
 }
 ```
 The first callback is recreated every time `items` changes, which can cause child components to re-render unnecessarily. The second callback has a stale closure bug—it will always reference the initial `items` value.
 **Correct (stable callbacks, no stale closures):**
 ```tsx
 function TodoList() {
  const [items, setItems] = useState(initialItems)
  // Stable callback, never recreated
  const addItems = useCallback((newItems: Item[]) => {
    setItems(curr => [...curr, ...newItems])
  }, [])  // ✅ No dependencies needed
  // Always uses latest state, no stale closure risk
  const removeItem = useCallback((id: string) => {
    setItems(curr => curr.filter(item => item.id !== id))
  }, [])  // ✅ Safe and stable
  return <ItemsEditor items={items} onAdd={addItems} onRemove={removeItem} />
 }
 ```
 **Benefits:**
 1. **Stable callback references** - Callbacks don't need to be recreated when state changes
 2. **No stale closures** - Always operates on the latest state value
 3. **Fewer dependencies** - Simplifies dependency arrays and reduces memory leaks
 4. **Prevents bugs** - Eliminates the most common source of React closure bugs
 **When to use functional updates:**
 - Any setState that depends on the current state value
 - Inside useCallback/useMemo when state is needed
 - Event handlers that reference state
 - Async operations that update state
 **When direct updates are fine:**
 - Setting state to a static value: `setCount(0)`
 - Setting state from props/arguments only: `setName(newName)`
 - State doesn't depend on previous value
 **Note:** If your project has [React Compiler](https://react.dev/learn/react-compiler) enabled, the compiler can automatically optimize some cases, but functional updates are still recommended for correctness and to prevent stale closure bugs.
--- a/.agents/skills/vercel-react-best-practices/rules/rerender-lazy-state-init.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rerender-lazy-state-init.md
@ -0,0 +1,58 @@
 ---
 title: Use Lazy State Initialization
 impact: MEDIUM
 impactDescription: wasted computation on every render
 tags: react, hooks, useState, performance, initialization
 ---
 ## Use Lazy State Initialization
 Pass a function to `useState` for expensive initial values. Without the function form, the initializer runs on every render even though the value is only used once.
 **Incorrect (runs on every render):**
 ```tsx
 function FilteredList({ items }: { items: Item[] }) {
  // buildSearchIndex() runs on EVERY render, even after initialization
  const [searchIndex, setSearchIndex] = useState(buildSearchIndex(items))
  const [query, setQuery] = useState('')
  // When query changes, buildSearchIndex runs again unnecessarily
  return <SearchResults index={searchIndex} query={query} />
 }
 function UserProfile() {
  // JSON.parse runs on every render
  const [settings, setSettings] = useState(
    JSON.parse(localStorage.getItem('settings') || '{}')
  )
  return <SettingsForm settings={settings} onChange={setSettings} />
 }
 ```
 **Correct (runs only once):**
 ```tsx
 function FilteredList({ items }: { items: Item[] }) {
  // buildSearchIndex() runs ONLY on initial render
  const [searchIndex, setSearchIndex] = useState(() => buildSearchIndex(items))
  const [query, setQuery] = useState('')
  return <SearchResults index={searchIndex} query={query} />
 }
 function UserProfile() {
  // JSON.parse runs only on initial render
  const [settings, setSettings] = useState(() => {
    const stored = localStorage.getItem('settings')
    return stored ? JSON.parse(stored) : {}
  })
  return <SettingsForm settings={settings} onChange={setSettings} />
 }
 ```
 Use lazy initialization when computing initial values from localStorage/sessionStorage, building data structures (indexes, maps), reading from the DOM, or performing heavy transformations.
 For simple primitives (`useState(0)`), direct references (`useState(props.value)`), or cheap literals (`useState({})`), the function form is unnecessary.
--- a/.agents/skills/vercel-react-best-practices/rules/rerender-memo.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rerender-memo.md
@ -0,0 +1,44 @@
 ---
 title: Extract to Memoized Components
 impact: MEDIUM
 impactDescription: enables early returns
 tags: rerender, memo, useMemo, optimization
 ---
 ## Extract to Memoized Components
 Extract expensive work into memoized components to enable early returns before computation.
 **Incorrect (computes avatar even when loading):**
 ```tsx
 function Profile({ user, loading }: Props) {
  const avatar = useMemo(() => {
    const id = computeAvatarId(user)
    return <Avatar id={id} />
  }, [user])
  if (loading) return <Skeleton />
  return <div>{avatar}</div>
 }
 ```
 **Correct (skips computation when loading):**
 ```tsx
 const UserAvatar = memo(function UserAvatar({ user }: { user: User }) {
  const id = useMemo(() => computeAvatarId(user), [user])
  return <Avatar id={id} />
 })
 function Profile({ user, loading }: Props) {
  if (loading) return <Skeleton />
  return (
    <div>
      <UserAvatar user={user} />
    </div>
  )
 }
 ```
 **Note:** If your project has [React Compiler](https://react.dev/learn/react-compiler) enabled, manual memoization with `memo()` and `useMemo()` is not necessary. The compiler automatically optimizes re-renders.
--- a/.agents/skills/vercel-react-best-practices/rules/rerender-transitions.md
+++ b/.agents/skills/vercel-react-best-practices/rules/rerender-transitions.md
@ -0,0 +1,40 @@
 ---
 title: Use Transitions for Non-Urgent Updates
 impact: MEDIUM
 impactDescription: maintains UI responsiveness
 tags: rerender, transitions, startTransition, performance
 ---
 ## Use Transitions for Non-Urgent Updates
 Mark frequent, non-urgent state updates as transitions to maintain UI responsiveness.
 **Incorrect (blocks UI on every scroll):**
 ```tsx
 function ScrollTracker() {
  const [scrollY, setScrollY] = useState(0)
  useEffect(() => {
    const handler = () => setScrollY(window.scrollY)
    window.addEventListener('scroll', handler, { passive: true })
    return () => window.removeEventListener('scroll', handler)
  }, [])
 }
 ```
 **Correct (non-blocking updates):**
 ```tsx
 import { startTransition } from 'react'
 function ScrollTracker() {
  const [scrollY, setScrollY] = useState(0)
  useEffect(() => {
    const handler = () => {
      startTransition(() => setScrollY(window.scrollY))
    }
    window.addEventListener('scroll', handler, { passive: true })
    return () => window.removeEventListener('scroll', handler)
  }, [])
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/server-after-nonblocking.md
+++ b/.agents/skills/vercel-react-best-practices/rules/server-after-nonblocking.md
@ -0,0 +1,73 @@
 ---
 title: Use after() for Non-Blocking Operations
 impact: MEDIUM
 impactDescription: faster response times
 tags: server, async, logging, analytics, side-effects
 ---
 ## Use after() for Non-Blocking Operations
 Use Next.js's `after()` to schedule work that should execute after a response is sent. This prevents logging, analytics, and other side effects from blocking the response.
 **Incorrect (blocks response):**
 ```tsx
 import { logUserAction } from '@/app/utils'
 export async function POST(request: Request) {
  // Perform mutation
  await updateDatabase(request)
  // Logging blocks the response
  const userAgent = request.headers.get('user-agent') || 'unknown'
  await logUserAction({ userAgent })
  return new Response(JSON.stringify({ status: 'success' }), {
    status: 200,
    headers: { 'Content-Type': 'application/json' }
  })
 }
 ```
 **Correct (non-blocking):**
 ```tsx
 import { after } from 'next/server'
 import { headers, cookies } from 'next/headers'
 import { logUserAction } from '@/app/utils'
 export async function POST(request: Request) {
  // Perform mutation
  await updateDatabase(request)
  // Log after response is sent
  after(async () => {
    const userAgent = (await headers()).get('user-agent') || 'unknown'
    const sessionCookie = (await cookies()).get('session-id')?.value || 'anonymous'
    logUserAction({ sessionCookie, userAgent })
  })
  return new Response(JSON.stringify({ status: 'success' }), {
    status: 200,
    headers: { 'Content-Type': 'application/json' }
  })
 }
 ```
 The response is sent immediately while logging happens in the background.
 **Common use cases:**
 - Analytics tracking
 - Audit logging
 - Sending notifications
 - Cache invalidation
 - Cleanup tasks
 **Important notes:**
 - `after()` runs even if the response fails or redirects
 - Works in Server Actions, Route Handlers, and Server Components
 Reference: [https://nextjs.org/docs/app/api-reference/functions/after](https://nextjs.org/docs/app/api-reference/functions/after)
--- a/.agents/skills/vercel-react-best-practices/rules/server-cache-lru.md
+++ b/.agents/skills/vercel-react-best-practices/rules/server-cache-lru.md
@ -0,0 +1,41 @@
 ---
 title: Cross-Request LRU Caching
 impact: HIGH
 impactDescription: caches across requests
 tags: server, cache, lru, cross-request
 ---
 ## Cross-Request LRU Caching
 `React.cache()` only works within one request. For data shared across sequential requests (user clicks button A then button B), use an LRU cache.
 **Implementation:**
 ```typescript
 import { LRUCache } from 'lru-cache'
 const cache = new LRUCache<string, any>({
  max: 1000,
  ttl: 5 * 60 * 1000  // 5 minutes
 })
 export async function getUser(id: string) {
  const cached = cache.get(id)
  if (cached) return cached
  const user = await db.user.findUnique({ where: { id } })
  cache.set(id, user)
  return user
 }
 // Request 1: DB query, result cached
 // Request 2: cache hit, no DB query
 ```
 Use when sequential user actions hit multiple endpoints needing the same data within seconds.
 **With Vercel's [Fluid Compute](https://vercel.com/docs/fluid-compute):** LRU caching is especially effective because multiple concurrent requests can share the same function instance and cache. This means the cache persists across requests without needing external storage like Redis.
 **In traditional serverless:** Each invocation runs in isolation, so consider Redis for cross-process caching.
 Reference: [https://github.com/isaacs/node-lru-cache](https://github.com/isaacs/node-lru-cache)
--- a/.agents/skills/vercel-react-best-practices/rules/server-cache-react.md
+++ b/.agents/skills/vercel-react-best-practices/rules/server-cache-react.md
@ -0,0 +1,76 @@
 ---
 title: Per-Request Deduplication with React.cache()
 impact: MEDIUM
 impactDescription: deduplicates within request
 tags: server, cache, react-cache, deduplication
 ---
 ## Per-Request Deduplication with React.cache()
 Use `React.cache()` for server-side request deduplication. Authentication and database queries benefit most.
 **Usage:**
 ```typescript
 import { cache } from 'react'
 export const getCurrentUser = cache(async () => {
  const session = await auth()
  if (!session?.user?.id) return null
  return await db.user.findUnique({
    where: { id: session.user.id }
  })
 })
 ```
 Within a single request, multiple calls to `getCurrentUser()` execute the query only once.
 **Avoid inline objects as arguments:**
 `React.cache()` uses shallow equality (`Object.is`) to determine cache hits. Inline objects create new references each call, preventing cache hits.
 **Incorrect (always cache miss):**
 ```typescript
 const getUser = cache(async (params: { uid: number }) => {
  return await db.user.findUnique({ where: { id: params.uid } })
 })
 // Each call creates new object, never hits cache
 getUser({ uid: 1 })
 getUser({ uid: 1 })  // Cache miss, runs query again
 ```
 **Correct (cache hit):**
 ```typescript
 const getUser = cache(async (uid: number) => {
  return await db.user.findUnique({ where: { id: uid } })
 })
 // Primitive args use value equality
 getUser(1)
 getUser(1)  // Cache hit, returns cached result
 ```
 If you must pass objects, pass the same reference:
 ```typescript
 const params = { uid: 1 }
 getUser(params)  // Query runs
 getUser(params)  // Cache hit (same reference)
 ```
 **Next.js-Specific Note:**
 In Next.js, the `fetch` API is automatically extended with request memoization. Requests with the same URL and options are automatically deduplicated within a single request, so you don't need `React.cache()` for `fetch` calls. However, `React.cache()` is still essential for other async tasks:
 - Database queries (Prisma, Drizzle, etc.)
 - Heavy computations
 - Authentication checks
 - File system operations
 - Any non-fetch async work
 Use `React.cache()` to deduplicate these operations across your component tree.
 Reference: [React.cache documentation](https://react.dev/reference/react/cache)
--- a/.agents/skills/vercel-react-best-practices/rules/server-parallel-fetching.md
+++ b/.agents/skills/vercel-react-best-practices/rules/server-parallel-fetching.md
@ -0,0 +1,83 @@
 ---
 title: Parallel Data Fetching with Component Composition
 impact: CRITICAL
 impactDescription: eliminates server-side waterfalls
 tags: server, rsc, parallel-fetching, composition
 ---
 ## Parallel Data Fetching with Component Composition
 React Server Components execute sequentially within a tree. Restructure with composition to parallelize data fetching.
 **Incorrect (Sidebar waits for Page's fetch to complete):**
 ```tsx
 export default async function Page() {
  const header = await fetchHeader()
  return (
    <div>
      <div>{header}</div>
      <Sidebar />
    </div>
  )
 }
 async function Sidebar() {
  const items = await fetchSidebarItems()
  return <nav>{items.map(renderItem)}</nav>
 }
 ```
 **Correct (both fetch simultaneously):**
 ```tsx
 async function Header() {
  const data = await fetchHeader()
  return <div>{data}</div>
 }
 async function Sidebar() {
  const items = await fetchSidebarItems()
  return <nav>{items.map(renderItem)}</nav>
 }
 export default function Page() {
  return (
    <div>
      <Header />
      <Sidebar />
    </div>
  )
 }
 ```
 **Alternative with children prop:**
 ```tsx
 async function Header() {
  const data = await fetchHeader()
  return <div>{data}</div>
 }
 async function Sidebar() {
  const items = await fetchSidebarItems()
  return <nav>{items.map(renderItem)}</nav>
 }
 function Layout({ children }: { children: ReactNode }) {
  return (
    <div>
      <Header />
      {children}
    </div>
  )
 }
 export default function Page() {
  return (
    <Layout>
      <Sidebar />
    </Layout>
  )
 }
 ```
--- a/.agents/skills/vercel-react-best-practices/rules/server-serialization.md
+++ b/.agents/skills/vercel-react-best-practices/rules/server-serialization.md
@ -0,0 +1,38 @@
 ---
 title: Minimize Serialization at RSC Boundaries
 impact: HIGH
 impactDescription: reduces data transfer size
 tags: server, rsc, serialization, props
 ---
 ## Minimize Serialization at RSC Boundaries
 The React Server/Client boundary serializes all object properties into strings and embeds them in the HTML response and subsequent RSC requests. This serialized data directly impacts page weight and load time, so **size matters a lot**. Only pass fields that the client actually uses.
 **Incorrect (serializes all 50 fields):**
 ```tsx
 async function Page() {
  const user = await fetchUser()  // 50 fields
  return <Profile user={user} />
 }
 'use client'
 function Profile({ user }: { user: User }) {
  return <div>{user.name}</div>  // uses 1 field
 }
 ```
 **Correct (serializes only 1 field):**
 ```tsx
 async function Page() {
  const user = await fetchUser()
  return <Profile name={user.name} />
 }
 'use client'
 function Profile({ name }: { name: string }) {
  return <div>{name}</div>
 }
 ```
--- a/.agents/skills/web-design-guidelines/SKILL.md
+++ b/.agents/skills/web-design-guidelines/SKILL.md
@ -0,0 +1,39 @@
 ---
 name: web-design-guidelines
 description: Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
 metadata:
  author: vercel
  version: "1.0.0"
  argument-hint: <file-or-pattern>
 ---
 # Web Interface Guidelines
 Review files for compliance with Web Interface Guidelines.
 ## How It Works
 1. Fetch the latest guidelines from the source URL below
 2. Read the specified files (or prompt user for files/pattern)
 3. Check against all rules in the fetched guidelines
 4. Output findings in the terse `file:line` format
 ## Guidelines Source
 Fetch fresh guidelines before each review:
 ```
 https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md
 ```
 Use WebFetch to retrieve the latest rules. The fetched content contains all the rules and output format instructions.
 ## Usage
 When a user provides a file or pattern argument:
 1. Fetch guidelines from the source URL above
 2. Read the specified files
 3. Apply all rules from the fetched guidelines
 4. Output findings using the format specified in the guidelines
 If no files specified, ask the user which files to review.
--- a/.claude/settings.json
+++ b/.claude/settings.json
@ -11,5 +11,10 @@
        ]
      }
    ]
  },
  "enabledPlugins": {
    "feature-dev@claude-plugins-official": true,
    "context7@claude-plugins-official": true,
    "ralph-loop@claude-plugins-official": true
  }
 }
--- a/.claude/skills/backend-code-review
+++ b/.claude/skills/backend-code-review
@ -1 +0,0 @@
 ../../.agents/skills/backend-code-review
--- a/.claude/skills/e2e-cucumber-playwright
+++ b/.claude/skills/e2e-cucumber-playwright
@ -1 +0,0 @@
 ../../.agents/skills/e2e-cucumber-playwright
--- a/.claude/skills/how-to-write-component
+++ b/.claude/skills/how-to-write-component
@ -1 +0,0 @@
 ../../.agents/skills/how-to-write-component
--- a/.claude/skills/orpc-contract-first
+++ b/.claude/skills/orpc-contract-first
@ -0,0 +1 @@
 ../../.agents/skills/orpc-contract-first
--- a/.claude/skills/skill-creator
+++ b/.claude/skills/skill-creator
@ -0,0 +1 @@
 ../../.agents/skills/skill-creator
--- a/.claude/skills/vercel-react-best-practices
+++ b/.claude/skills/vercel-react-best-practices
@ -0,0 +1 @@
 ../../.agents/skills/vercel-react-best-practices
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
yyh	38d68ac4e3	fix(workflow): update stop state for preview chat	2026-01-26 22:50:38 +08:00
yyh	4e48a1c4c3	fix(workflow): keep preview run state on panel close	2026-01-26 22:42:14 +08:00
yyh	fb9a6bbc9f	fix(workflow): restore fetchInspectVars and invalidAllLastRun calls lost during refactor The previous commit (`a86765e2b6`) accidentally dropped these calls when splitting useChat hook into modules. Also add race condition protection using runId to prevent stale callbacks from updating state after a new run has started.	2026-01-26 21:55:16 +08:00
yyh	a86765e2b6	refactor(workflow): split useChat hook into modular files Extract the 535-line useChat hook into 7 focused modules for better maintainability and testability. Add chat-preview-slice to Zustand store to centralize chat state management instead of local useState/useRef.	2026-01-26 21:49:10 +08:00
		`@ -0,0 +1 @@`
							`../../.agents/skills/vercel-react-best-practices`
		`@ -1 +0,0 @@`
			`../../.agents/skills/e2e-cucumber-playwright`