zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-05-15 13:23:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: salvage focused skill curation updates (#1723)

Browse Source 
Port the safe, narrow pieces from contributor PR #1694 without taking the broad 11-skill rewrite.

- add drift-prone warnings to external research/media/API skills

- make search-first verify tool availability and use current agent naming

- remove unsafe in-memory rate limiter example from backend patterns

- tighten the CSP example in security-review

Validation: node scripts/ci/validate-skills.js --strict; npx markdownlint targeted skill files; node tests/ci/validators.test.js && node tests/ci/catalog.test.js; npm run lint; node tests/run-all.js
This commit is contained in:
Affaan Mustafa
2026-05-11 05:03:34 -04:00
committed by GitHub
parent d352270b9a
commit d8f879e671
7 changed files with 56 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
skills/backend-patterns/SKILL.md
View File

@@ -430,51 +430,14 @@ export const DELETE = requirePermission('delete')(
## Rate Limiting
### Simple In-Memory Rate Limiter
Rate limiting must use a shared store such as Redis, a gateway, or the
platform's native limiter. Do not use per-process in-memory counters for
production APIs: they reset on deploy, split across replicas, and fail open in
serverless or multi-instance environments.
```typescript
class RateLimiter {
private requests = new Map<string, number[]>()
async checkLimit(
identifier: string,
maxRequests: number,
windowMs: number
): Promise<boolean> {
const now = Date.now()
const requests = this.requests.get(identifier) || []
// Remove old requests outside window
const recentRequests = requests.filter(time => now - time < windowMs)
if (recentRequests.length >= maxRequests) {
return false // Rate limit exceeded
}
// Add current request
recentRequests.push(now)
this.requests.set(identifier, recentRequests)
return true
}
}
const limiter = new RateLimiter()
export async function GET(request: Request) {
const ip = request.headers.get('x-forwarded-for') || 'unknown'
const allowed = await limiter.checkLimit(ip, 100, 60000) // 100 req/min
if (!allowed) {
return NextResponse.json({
error: 'Rate limit exceeded'
}, { status: 429 })
}
// Continue with request
}
```
Keep the backend layer responsible for choosing the integration point and error
shape; use `api-design` for the HTTP contract and `security-review` for abuse
case review.
## Background Jobs & Queues