contentstack · sunil-lakshman · Mar 25, 2026 · Mar 24, 2026
@@ -0,0 +1,49 @@
+# Cursor Rules Documentation
+
+This directory contains **Cursor AI rules** for the **Contentstack JavaScript Content Delivery SDK** (`contentstack` on npm) — CDA client development in this repository.
+
+## Rules overview
+
+| Rule | Role |
+|------|------|
+| [`dev-workflow.md`](dev-workflow.md) | Branches, lint/tests before PR, build + version bump guidance, links to skills |
+| [`javascript.mdc`](javascript.mdc) | JavaScript / TypeScript declaration style: `src/`, `webpack/`, root `index.d.ts` |
+| [`contentstack-javascript-cda.mdc`](contentstack-javascript-cda.mdc) | CDA SDK patterns: `Stack`, delivery token, host/region, request/cache/live preview |
+| [`testing.mdc`](testing.mdc) | Jest e2e (`test/**/*.js`) and TypeScript tests; `test/config.js` env |
+| [`code-review.mdc`](code-review.mdc) | PR checklist: JSDoc, `index.d.ts`, compat, errors, tests, CDA semantics (**always applied**) |
+
+## Rule application
+
+Rules load from **globs** and **`alwaysApply`** in each file’s frontmatter.
+
+| Context | Typical rules |
+|---------|----------------|
+| **Every chat / session** | [`code-review.mdc`](code-review.mdc) (`alwaysApply: true`) |
+| **Most project files** | [`dev-workflow.md`](dev-workflow.md) — `**/*.js`, `**/*.ts`, `**/*.json` |
+| **SDK implementation** | [`javascript.mdc`](javascript.mdc) + [`contentstack-javascript-cda.mdc`](contentstack-javascript-cda.mdc) for `src/**/*.js` |
+| **Build config** | [`javascript.mdc`](javascript.mdc) for `webpack/**/*.js` |
+| **Public types** | [`javascript.mdc`](javascript.mdc) for `index.d.ts` |
+| **Tests** | [`testing.mdc`](testing.mdc) for `test/**/*.js`, `test/**/*.ts` |
+
+Overlaps are expected (e.g. editing `src/core/stack.js` can match `dev-workflow`, `javascript`, and `contentstack-javascript-cda`).
+
+## Usage
+
+- Rules load automatically when opened files match their globs (`code-review` is always in context).
+- You can **@ mention** rule files in chat when supported.
+
+## Quick reference table
+
+| File | `alwaysApply` | Globs (summary) |
+|------|---------------|-----------------|
+| `dev-workflow.md` | no | `**/*.js`, `**/*.ts`, `**/*.json` |
+| `javascript.mdc` | no | `src/**/*.js`, `webpack/**/*.js`, `index.d.ts` |
+| `contentstack-javascript-cda.mdc` | no | `src/**/*.js` |
+| `testing.mdc` | no | `test/**/*.js`, `test/**/*.ts` |
+| `code-review.mdc` | **yes** | — |
+
+## Skills & maintenance
+
+- Deeper playbooks: [`skills/README.md`](../../skills/README.md).
+- Repo agent entry: [`AGENTS.md`](../../AGENTS.md).
+- When directories change, update **globs** in rule frontmatter; keep rules short and put detail in `skills/*/SKILL.md`.
@@ -0,0 +1,38 @@
+---
+description: "PR review themes — API docs, compatibility, errors, security, tests (CDA SDK)"
+alwaysApply: true
+---
+
+# Code review checklist (CDA JavaScript SDK)
+
+Apply when reviewing changes to the **`contentstack`** npm package (Content Delivery API client).
+
+## Public API & documentation
+
+- **JSDoc** updated for new or changed public methods/classes (params, return shape, examples), matching style in `src/core/contentstack.js` / `src/core/stack.js`.
+- **`index.d.ts`** updated when TypeScript consumers would see different signatures or new exports.
+
+## Backward compatibility
+
+- Avoid breaking changes to exported function signatures, option objects, or default behavior without a major version rationale.
+- If behavior changes, ensure **callers inside `src/`** and tests reflect the new contract.
+
+## Errors & safety
+
+- HTTP failures should continue to reject with a predictable shape from **`src/core/lib/request.js`** where applicable (**`error_message`**, **`error_code`**, **`errors`**, **`status`**, **`statusText`**).
+- Do not log full **delivery_token**, **preview_token**, **management_token**, or **api_key** values.
+- Respect **null/undefined** edge cases for optional API fields.
+
+## Dependencies & supply chain
+
+- New **dependencies** should be justified (size, maintenance, license).
+- Lockfile and **`package.json`** version bumps should be minimal and reviewable.
+
+## Tests
+
+- **Jest** tests for new logic or regressions under **`test/`** (JS and/or **`test/typescript/`** as appropriate).
+- Live stack tests must remain compatible with **`test/config.js`** env requirements; document new env needs in **`test/README.md`** or comments near the harness — never commit credentials.
+
+## Security & privacy
+
+- No hardcoded credentials; no accidental exposure of customer content in logs or error messages.
@@ -0,0 +1,36 @@
+---
+description: "Contentstack CDA SDK patterns in src/core (Content Delivery API)"
+globs: ["src/**/*.js"]
+alwaysApply: false
+---
+
+# Contentstack CDA SDK (`src/core/`)
+
+This package implements the **Content Delivery API (CDA)** read client, not the Content Management API (CMA).
+
+## Stack & config
+
+- **`Contentstack.Stack(options)`** (`src/core/stack.js`) — **`api_key`**, **`delivery_token`**, **`environment`**; optional **`region`**, **`branch`**, **`host`**, **`live_preview`**, **`plugins`**, **`fetchOptions`** (timeout, retries, `retryCondition`, `logHandler`, etc.).
+- Default CDN paths and version come from **`config.js`** at the repo root; regional hosts follow existing `stack.js` logic (e.g. `{region}-cdn.contentstack.com`).
+
+## HTTP & errors
+
+- Requests are built in **`src/core/lib/request.js`**: query serialization, **`fetch`**, default retries on **408** / **429** (configurable), plugin hooks **`onRequest`** / **`onResponse`**.
+- Failed responses reject with objects carrying **`error_message`**, **`error_code`**, **`errors`**, **`status`**, **`statusText`** when JSON parsing succeeds — keep new code compatible with this shape.
+
+## Modules
+
+- **Entry, Query, Assets, Taxonomy, Result**, etc. live under **`src/core/modules/`** — follow neighboring patterns for chaining, parameters, and URL assembly.
+- **Cache**: policies and providers under **`src/core/cache.js`** and **`src/core/cache-provider/`**.
+
+## Live preview
+
+- When **`live_preview.enable`** is true, **`management_token`** vs **`preview_token`** affect host selection — mirror existing `stack.js` behavior and tests under **`test/live-preview/`**.
+
+## Runtime targets
+
+- **`src/runtime/node|web|react-native|nativescript/`** supply **`http`** and **`localstorage`** — changes that affect networking or storage must consider **all** bundled targets.
+
+## Docs
+
+- Align behavior with the official [Content Delivery API](https://www.contentstack.com/docs/developers/apis/content-delivery-api/) documentation.
@@ -0,0 +1,31 @@
+---
+description: "Branches, tests, and PR expectations for contentstack-javascript (CDA SDK)"
+globs: ["**/*.js", "**/*.ts", "**/*.json"]
+alwaysApply: false
+---
+
+# Development workflow — Contentstack JavaScript CDA SDK
+
+## Branches
+
+- Follow team Git conventions (e.g. feature branches off the repo’s default integration branch).
+- Do not commit permanent `test.only`, `it.only`, `describe.only`, or skipped tests meant for CI.
+
+## Before opening a PR
+
+1. **`npm run lint`** — ESLint must pass on `src` and `test`.
+2. **`npm test`** — Runs **`pretest`** → **`npm run build`**, then **`test:e2e`** and **`test:typescript`**. For live stack tests, set env vars (see **`test/config.js`**: `HOST`, `API_KEY`, `DELIVERY_TOKEN`, `ENVIRONMENT`). Never commit secrets or `.env` with real tokens.
+3. **Version bump** — When the PR introduces **user-visible or release-worthy** SDK behavior (new API, bug fix shipped to npm, or a **breaking** change), update **`version`** in `package.json` per **semver** (patch / minor / major). Docs-only or test-only changes may omit a bump per team practice; match sibling PRs when unsure.
+
+## PR expectations (summary)
+
+- **User-facing changes** — JSDoc on public methods; update **`index.d.ts`** when the public TypeScript surface changes.
+- **Behavior** — Preserve backward compatibility unless the change is explicitly breaking and documented.
+- **Errors** — Keep rejection shapes consistent with **`src/core/lib/request.js`** (`error_message`, `error_code`, `errors`, `status`, `statusText` where applicable). Do not log full **delivery_token** or **management_token** / **preview_token** values in new code.
+- **Tests** — Add or adjust Jest tests under **`test/`** for new behavior; live tests require the env contract in **`test/config.js`**.
+
+## Quick links
+
+- Agent overview: repo root `AGENTS.md`
+- CDA patterns: `skills/contentstack-javascript-cda/SKILL.md`
+- HTTP / retries / plugins: `skills/framework/SKILL.md`
@@ -0,0 +1,30 @@
+---
+description: "JavaScript/TypeScript conventions for src, webpack, and index.d.ts"
+globs:
+  - "src/**/*.js"
+  - "webpack/**/*.js"
+  - "index.d.ts"
+alwaysApply: false
+---
+
+# JavaScript & types (this repo)
+
+## Runtime & modules
+
+- **Source** is **ES modules** under `src/` (`import` / `export`). Webpack resolves aliases such as **`runtime/http.js`** per target (`webpack/webpack.*.js`).
+- **`index.d.ts`** is the public TypeScript surface for npm consumers; keep it aligned with `src/core/` JSDoc and exports.
+
+## Style & tooling
+
+- **ESLint** uses **`eslint-config-standard`** and **`@babel/eslint-parser`**. This repo **requires semicolons** and related rules in **`.eslintrc.js`** — match existing `src/core/` style rather than semicolon-free Standard.
+- **Environment**: ESLint `es2020`, `node`, `browser`, `jest`.
+
+## Patterns
+
+- Use **JSDoc** (`@description`, `@param`, `@returns`, `@example`) on **public** API consistent with `src/core/contentstack.js` and `src/core/stack.js`.
+- **Dependencies**: **`@contentstack/utils`** is exposed on the main class; follow existing import paths (including `.js` suffixes where the codebase uses them in ESM files).
+
+## Logging
+
+- Avoid noisy logging in library code except via existing **`fetchOptions.logHandler`** / **`fetchOptions.debug`** patterns in `src/core/lib/request.js` and `stack.js`.
+- Never log full **delivery_token**, **preview_token**, **management_token**, or API keys.
@@ -0,0 +1,36 @@
+---
+description: "Jest e2e and TypeScript tests for the CDA SDK"
+globs:
+  - "test/**/*.js"
+  - "test/**/*.ts"
+alwaysApply: false
+---
+
+# Testing — `contentstack` (CDA)
+
+## Frameworks
+
+| Suite | Runner | Notes |
+|-------|--------|--------|
+| **JS e2e / integration-style** | **Jest** (`jest.js.config.js`) | `testMatch`: `**/test/**/*.js`; ignores `test/index.js`, `test/config.js`, `test/sync_config.js`, some `utils.js` paths |
+| **TypeScript** | **Jest** + **ts-jest** (`jest.config.js`) | `npm run test:typescript`; `test/typescript/**/*.test.ts` |
+
+## Env & live stack
+
+- **Canonical required vars** for suites that `require('./config')` or `require('../config.js')`: **`HOST`**, **`API_KEY`**, **`DELIVERY_TOKEN`**, **`ENVIRONMENT`** — validated in **`test/config.js`** (loads **dotenv**). Missing any variable throws on import.
+- Use a **`.env`** file locally; do not commit secrets. **`HOST`** should match the delivery API host for your stack/region.
+- Built SDK: many tests **`require('../../dist/node/contentstack.js')`**. **`npm test`** runs **`pretest`** → **`npm run build`** first.
+
+## Layout
+
+- **Suite entry (JS):** `test/index.js` `require`s individual test files.
+- **TypeScript:** colocate under **`test/typescript/`** with `*.test.ts` naming.
+
+## Hygiene
+
+- No committed **`only`** / **`skip`** for tests that must run in CI.
+- Prefer deterministic assertions; mock or scope live tests when adding new cases so CI behavior stays predictable if env is absent.
+
+## Coverage
+
+- Jest / reporter config is in **`jest.js.config.js`** and **`jest.config.js`**; HTML reports paths are configured there.
@@ -0,0 +1,61 @@
+# AGENTS.md — AI / automation context
+
+## Project
+
+| | |
+|---|---|
+| **Name** | **`contentstack`** (npm) — **Contentstack JavaScript Content Delivery SDK** |
+| **Purpose** | Client for the **Content Delivery API (CDA)**: read published content, assets, taxonomies, sync, and live preview from a stack. *(This is not the Content Management API / CMA client — see `@contentstack/management`.)* |
+| **Repository** | [contentstack/contentstack-javascript](https://github.com/contentstack/contentstack-javascript.git) |
+
+## Tech stack
+
+| Area | Details |
+|------|---------|
+| **Language** | JavaScript **ES modules** in `src/core/` and `src/runtime/`; public types in root **`index.d.ts`** |
+| **Runtime** | Node `>= 10.14.2` per `package.json` `engines` |
+| **Build** | **Webpack** bundles for `node`, `web`, `react-native`, `nativescript` → `dist/` (`npm run build`) |
+| **Lint / style** | **ESLint** with `eslint-config-standard`, **`@babel/eslint-parser`**; **semicolons required** (see `.eslintrc.js`) |
+| **Tests** | **Jest**: JS e2e-style suite (`jest.js.config.js`, `test/**/*.js`) and **TypeScript** tests (`jest.config.js`, `test/typescript/**/*.test.ts`) |
+| **HTTP** | Platform **`fetch`** via webpack alias `runtime/http.js` and `runtime/localstorage.js` (Node / web / React Native / NativeScript) |
+| **Helpers** | **`@contentstack/utils`** re-exported on the `Contentstack` instance |
+
+## Source layout & public entrypoints
+
+| Path | Role |
+|------|------|
+| `src/core/contentstack.js` | Package facade: `Stack()`, `CachePolicy`, `Region`, `Utils` |
+| `src/core/stack.js` | `Stack` class: delivery config, queries, sync, plugins, `fetchOptions` |
+| `src/core/lib/request.js` | CDA requests: query serialization, retries, plugins `onRequest` / `onResponse` |
+| `src/core/lib/utils.js` | Shared helpers |
+| `src/core/modules/*` | Entry, Query, Assets, Taxonomy, Result, etc. |
+| `src/core/cache*.js`, `src/core/cache-provider/` | Cache policies and providers |
+| `src/runtime/**` | Per-platform `http` and `localstorage` implementations |
+| `config.js` | Default CDN host, API version, URL paths (imported by `stack.js`) |
+| `webpack/` | Build configs per target |
+| `dist/**` | Built artifacts (`package.json` `main` / `browser` / `react-native`) |
+
+## Common commands
+
+```bash
+npm install
+npm run build          # all webpack targets (also runs on prepare / pretest)
+npm run lint           # eslint src test
+npm run format         # eslint src test --fix
+npm run test           # test:e2e + test:typescript (pretest runs build)
+npm run test:e2e       # Jest JS tests under test/ (see jest.js.config.js)
+npm run test:typescript # Jest + ts-jest for test/typescript
+npm run generate-docs  # JSDoc (docs-config.json)
+```
+
+**Live API tests**
+
+- **`test/config.js`** loads **`.env`** and **requires** `HOST`, `API_KEY`, `DELIVERY_TOKEN`, `ENVIRONMENT`. Without them, importing `test/config.js` throws.
+- Jest e2e tests use **`dist/node/contentstack.js`** (built output). Run **`npm run build`** (or `npm test`, which runs `pretest`) before relying on fresh `src/` changes.
+
+## Further guidance
+
+- **Cursor rules:** [`.cursor/rules/README.md`](.cursor/rules/README.md)
+- **Deeper playbooks:** [`skills/README.md`](skills/README.md)
+
+When unsure about API behavior, prefer the official [Content Delivery API](https://www.contentstack.com/docs/developers/apis/content-delivery-api/) documentation and existing JSDoc in `src/core/`.
@@ -0,0 +1,12 @@
+# Project skills
+
+Short playbooks for agents and maintainers. Prefer these when you need depth beyond `.cursor/rules/*.mdc`.
+
+| Skill | When to use |
+|-------|-------------|
+| [`code-review/`](code-review/SKILL.md) | Structured PR review, release readiness, API/doc alignment |
+| [`testing/`](testing/SKILL.md) | Jest e2e vs TypeScript tests, `test/config.js` env, dist build |
+| [`contentstack-javascript-cda/`](contentstack-javascript-cda/SKILL.md) | CDA usage: `Stack`, delivery token, regions, queries, sync, live preview |
+| [`framework/`](framework/SKILL.md) | Request layer: `fetch`, retries, plugins, runtime adapters |
+
+**Repo overview:** see root [`AGENTS.md`](../AGENTS.md). **Rule index:** [`.cursor/rules/README.md`](../.cursor/rules/README.md).
@@ -0,0 +1,62 @@
+---
+name: code-review
+description: Use when reviewing PRs or before opening a PR — API design, errors, backward compatibility, dependencies, security, and test quality for the CDA SDK.
+---
+
+# Code review — Contentstack JavaScript CDA SDK
+
+Use this skill for pull request review or self-review of the **`contentstack`** package (**Content Delivery API** client — not `@contentstack/management` / CMA).
+
+## When to use
+
+- Reviewing someone else’s PR.
+- Self-reviewing before submission.
+- Checking API, error, compatibility, tests, and security expectations.
+
+## Instructions
+
+Work through the checklist. Optionally tag severity: **Blocker**, **Major**, **Minor**.
+
+### 1. API design and stability
+
+- [ ] **Public API:** New or changed exports are documented with **JSDoc**, consistent with `src/core/contentstack.js` and `src/core/stack.js`.
+- [ ] **TypeScript surface:** **`index.d.ts`** updated when consumers would see new or changed signatures.
+- [ ] **Backward compatibility:** No breaking changes to public signatures, option objects, or defaults without an agreed major bump.
+- [ ] **Naming:** Consistent with **CDA** concepts (stack, entry, query, asset, taxonomy, sync, environment).
+
+**Severity:** Breaking public API without approval = **Blocker**. Missing JSDoc or types on new public API = **Major**.
+
+### 2. Error handling and robustness
+
+- [ ] **Errors:** Rejections align with **`src/core/lib/request.js`** patterns (`error_message`, `error_code`, `errors`, `status`, `statusText` when JSON is available).
+- [ ] **Null safety:** Guard optional nested fields from API responses.
+- [ ] **Secrets:** No logging of full **delivery_token**, **preview_token**, **management_token**, or **api_key**.
+
+**Severity:** Missing or inconsistent error handling on new paths = **Major**.
+
+### 3. Dependencies and security
+
+- [ ] **Dependencies:** New or upgraded packages are justified; lockfile changes are intentional.
+- [ ] **SCA:** Address or explicitly track security findings from org tooling (Snyk, Dependabot, etc.).
+
+**Severity:** Unaddressed critical/high issues in scope = **Blocker**.
+
+### 4. Testing
+
+- [ ] **Jest:** New or changed behavior has coverage under **`test/`** (JS and/or **`test/typescript/`**).
+- [ ] **Live tests:** If tests hit the network, they respect **`test/config.js`** (`HOST`, `API_KEY`, `DELIVERY_TOKEN`, `ENVIRONMENT`); no committed secrets.
+- [ ] **Build:** Fresh `src/` changes are validated against **`dist/node/contentstack.js`** after **`npm run build`** when tests import dist.
+
+**Severity:** No tests for new behavior = **Blocker** (unless truly docs-only). Flaky tests = **Major**.
+
+### 5. Optional severity summary
+
+- **Blocker:** Must fix before merge.
+- **Major:** Should fix before or soon after merge.
+- **Minor:** Nice to fix.
+
+## References
+
+- `.cursor/rules/code-review.mdc`
+- `.cursor/rules/dev-workflow.md`
+- `skills/testing/SKILL.md`