contentstack · aniket-shikhare-cstk · Oct 29, 2025 · Jan 12, 2026 · Jan 12, 2026 · Jan 22, 2026
@@ -0,0 +1,49 @@
+# Cursor Rules Documentation
+
+This directory contains **Cursor AI rules** that provide context-aware guidance for the **Contentstack Management JavaScript SDK** (`@contentstack/management`) — CMA client development, not a separate CLI repo.
+
+## Rules overview
+
+| Rule | Role |
+|------|------|
+| [`dev-workflow.md`](dev-workflow.md) | Branches, lint/tests before PR (unit + optional sanity), version bump guidance, links to skills |
+| [`javascript.mdc`](javascript.mdc) | JavaScript / TypeScript declaration style: `lib/`, `webpack/`, `types/`, root `*.mjs` |
+| [`contentstack-javascript-cma.mdc`](contentstack-javascript-cma.mdc) | CMA SDK patterns in `lib/`: client, stack, auth, host/region, HTTP/error handling |
+| [`testing.mdc`](testing.mdc) | Mocha unit suite, sanity/API tests, Jest + `test/typescript`; env and mocks |
+| [`code-review.mdc`](code-review.mdc) | PR checklist: JSDoc, compat, errors, SCA, unit + sanity tests, CMA semantics (**always applied**) |
+
+## Rule application
+
+Rules load from **globs** and **`alwaysApply`** in each file’s frontmatter (not every rule runs for every file).
+
+| Context | Typical rules |
+|---------|----------------|
+| **Every chat / session** | [`code-review.mdc`](code-review.mdc) (`alwaysApply: true`) |
+| **Most project files** | [`dev-workflow.md`](dev-workflow.md) — `**/*.js`, `**/*.ts`, `**/*.json`, `**/*.mjs` |
+| **SDK implementation** | [`javascript.mdc`](javascript.mdc) + [`contentstack-javascript-cma.mdc`](contentstack-javascript-cma.mdc) for `lib/**/*.js` |
+| **Build config** | [`javascript.mdc`](javascript.mdc) for `webpack/**/*.js` |
+| **Public types** | [`javascript.mdc`](javascript.mdc) for `types/**` |
+| **Tests** | [`testing.mdc`](testing.mdc) for `test/unit/**`, `test/sanity-check/**`, `test/typescript/**`, `test/**/index.js` |
+
+Overlaps are expected (e.g. editing `lib/foo.js` can match `dev-workflow`, `javascript`, and `contentstack-javascript-cma`).
+
+## Usage
+
+- Rules are **loaded automatically** when opened files match their globs (and `code-review` is always in context).
+- You can **@ mention** rule files in chat when your Cursor build supports file references, e.g. `@dev-workflow`, `@javascript`, `@contentstack-javascript-cma`, `@testing`, `@code-review` (exact names depend on how Cursor labels `.md` / `.mdc` rules in your project).
+
+## Quick reference table
+
+| File | `alwaysApply` | Globs (summary) |
+|------|---------------|-----------------|
+| `dev-workflow.md` | no | `**/*.js`, `**/*.ts`, `**/*.json`, `**/*.mjs` |
+| `javascript.mdc` | no | `lib/**/*.js`, `webpack/**/*.js`, `types/**/*.ts`, `types/**/*.d.ts`, `*.mjs` |
+| `contentstack-javascript-cma.mdc` | no | `lib/**/*.js` |
+| `testing.mdc` | no | `test/unit/**`, `test/sanity-check/**`, `test/typescript/**`, `test/**/index.js` |
+| `code-review.mdc` | **yes** | — |
+
+## Skills & maintenance
+
+- Deeper playbooks: [`skills/README.md`](../../skills/README.md).
+- Repo agent entry: [`AGENTS.md`](../../AGENTS.md).
+- When directories change, update **globs** in rule frontmatter; keep rules short and put detail in `skills/*/SKILL.md`.
@@ -0,0 +1,39 @@
+---
+description: "PR review themes — API docs, compatibility, errors, security, tests"
+alwaysApply: true
+---
+
+# Code review checklist (CMA JavaScript SDK)
+
+Apply when reviewing changes to `@contentstack/management`.
+
+## Public API & documentation
+
+- **JSDoc** updated for new or changed public methods/classes (params, return shape, examples), matching style in `lib/contentstack.js` / `lib/contentstackClient.js`.
+- **`types/**`** updated when TypeScript consumers would see different signatures or new exports.
+
+## Backward compatibility
+
+- Avoid breaking changes to exported function signatures, option objects, or default behavior without a major version rationale.
+- If behavior changes, ensure **callers inside `lib/`** and tests reflect the new contract.
+
+## Errors & safety
+
+- HTTP failures should flow through **`lib/core/contentstackError.js`** (or equivalent existing error path), preserving **status** and safe **request** metadata.
+- Do not log or stringify full **authtoken**, **authorization**, or **management_token** values; follow existing redaction patterns in `contentstackError.js`.
+- Respect **null/undefined** edge cases for optional API fields; avoid assuming nested objects always exist.
+
+## Dependencies & supply chain
+
+- New **dependencies** should be justified (size, maintenance, license); prefer existing `lodash` / `axios` patterns.
+- Lockfile and **`package.json`** version bumps should be minimal and reviewable.
+
+## Tests
+
+- **Unit tests** for new logic or regressions (`test/unit/`), with HTTP **mocked** (Nock, axios-mock-adapter, Sinon, etc.).
+- **Sanity / API tests** (`test/sanity-check/api/`) when change affects live CMA behavior, request shape, or end-to-end flows: add or update the relevant `*-test.js` suite and ensure **`sanity.js`** still wires it; run against **`dist/node/contentstack-management.js`** after **`npm run build`**. Do not commit secrets; env vars belong in `test/sanity-check/utility/testSetup.js` documentation only.
+- Document any new env requirements for sanity in **`test/sanity-check/utility/testSetup.js`** header comments.
+
+## Security & privacy
+
+- No hardcoded credentials; no accidental exposure of customer content in logs or error messages.
@@ -0,0 +1,40 @@
+---
+description: "Contentstack CMA SDK patterns for lib/ (Management API client)"
+globs: ["lib/**/*.js"]
+alwaysApply: false
+---
+# Contentstack CMA SDK (`lib/`)
+
+This package implements the **Content Management API (CMA)** client, not the read-only Content Delivery API.
+
+## Client
+
+- Entry: **`contentstack.client(params)`** in `lib/contentstack.js` — wires HTTP client, region/host/endpoint, **timeout**, **retryOnError**, **retryLimit**, **retryDelay**, **maxRequests**, **early_access**, optional **proxy**, **plugins**, etc.
+- Endpoint resolution uses **`getContentstackEndpoint`** from `@contentstack/utils` where applicable (see `contentstack.js`).
+
+## Authentication & stack scoping
+
+- **User/session**: `authtoken` or `authorization` header patterns set on the axios instance after `login` (`lib/contentstackClient.js`).
+- **Stack**: `client.stack({ api_key, management_token, ... })` — management token is stack-scoped.
+- **Organization**: `client.organization()` for org-level operations.
+- **Branch**: pass branch options where the Stack/entity factory methods accept them (match existing callers in `lib/stack/`).
+
+## HTTP & errors
+
+- All requests go through the **axios** instance created in **`lib/core/contentstackHTTPClient.js`** (concurrency queue, interceptors, retries on e.g. **429** per `retryCondition`).
+- Failures should continue to use **`lib/core/contentstackError.js`** in promise rejection chains (e.g. `.then(success, error)`), producing errors with **status**, **request** metadata, and **`error_message` / `error_code`** from CMA JSON when present.
+
+## Resource modules
+
+- **Entity** helpers and collection patterns: `lib/entity.js`, `lib/contentstackCollection.js`, `lib/query/index.js`.
+- New resources should follow existing **constructor(http, data)** + **`urlPath`** + **`stackHeaders`** patterns in sibling modules under `lib/stack/`.
+
+## Callbacks vs async
+
+- Prefer **Promises** (`async`/`await` or `.then`) consistent with surrounding code; avoid introducing callback-style APIs unless matching an existing public surface.
+
+## CMA concepts
+
+This SDK targets the **Content Management API (CMA)**, not the Content Delivery API.
+
+- **Entry, Query, Asset, Content type, Taxonomy (terms, etc.), Stack, Branch, Locale, Webhooks,** and related resources — follow existing **class/module names and method names** in `lib/stack/` (and siblings) and **Management API** semantics (paths, query/body shapes, response parsing). When adding or changing CMA features, align with the official [Content Management API](https://www.contentstack.com/docs/developers/apis/content-management-api/) documentation.
@@ -0,0 +1,32 @@
+---
+description: "Branches, tests, and PR expectations for contentstack-management-javascript"
+globs: ["**/*.js", "**/*.ts", "**/*.json", "**/*.mjs"]
+alwaysApply: false
+---
+
+# Development workflow - Contentstack javascript CMA SDK
+
+## Branches
+
+- Follow team Git conventions (e.g. feature branches off `development` / default integration branch as used in this repo).
+- Keep commits focused; do not commit with `test.only`, `it.only`, `describe.only`, or skipped tests meant to be permanent.
+
+## Before opening a PR
+
+1. **`npm run lint`** — ESLint must pass on `lib` and `test`.
+2. **Unit tests** — `npm run test:unit` (default `npm test` also invokes `test:api` first — ensure that script exists in `package.json` on your branch).
+3. **Sanity / API tests** — only when explicitly validating against live CMA: run `npm run test:sanity-nocov` or `test:sanity-test` after **`npm run build`**, with env vars documented in `test/sanity-check/utility/testSetup.js` (`EMAIL`, `PASSWORD`, `HOST`, `ORGANIZATION`, etc.). Never commit secrets.
+4. **Version bump** — When the PR introduces **user-visible or release-worthy** `lib/` behavior (new API, bug fix shipped to npm, or a **breaking** change), update **`version`** in `package.json` per **semver**: **patch** (fixes, internal-compatible tweaks), **minor** (backward-compatible features or additive API), **major** (breaking public contract). Docs-only, tests-only, or chore-only changes often **omit** a bump if your team bumps only at release; follow team practice (some repos bump only on `main`/`release`). If unsure, ask the reviewer or match sibling PRs.
+
+## PR expectations (summary)
+
+- **User-facing changes** — JSDoc on public methods; update `types/**` when the public surface changes.
+- **Behavior** — Preserve backward compatibility unless the change is explicitly breaking and documented.
+- **Errors** — Route HTTP failures through existing patterns (`lib/core/contentstackError.js`-style handling); avoid leaking full tokens in logs (existing code redacts authtoken/authorization in error paths).
+- **Tests** — Add or adjust unit tests under `test/unit/` for new behavior; use mocks (Sinon / Nock / axios-mock-adapter) rather than live API in unit tests.
+
+## Quick links
+
+- Agent overview: repo root `AGENTS.md`
+- CMA SDK patterns: `skills/contentstack-javascript-cma/SKILL.md`
+- HTTP / retry layer: `skills/framework/SKILL.md`
@@ -0,0 +1,33 @@
+---
+description: "JavaScript/TypeScript conventions for lib, types, and webpack"
+globs:
+  - "lib/**/*.js"
+  - "webpack/**/*.js"
+  - "types/**/*.ts"
+  - "types/**/*.d.ts"
+  - "*.mjs"
+alwaysApply: false
+---
+
+# JavaScript & types (this repo)
+
+## Runtime & modules
+
+- **Source** is **ES modules** under `lib/` (`import` / `export`). Builds target Node and browsers via Babel + Webpack (see `package.json` scripts).
+- **`types/`** holds public TypeScript declarations consumed from npm; keep them aligned with `lib/` JSDoc and exports.
+
+## Style & tooling
+
+- **ESLint** uses **`eslint-config-standard`** and **`@babel/eslint-parser`**; match existing **semicolon-free** standard style and two-space indentation seen in `lib/`.
+- **Environment**: ESLint `es2020`; tests may relax rules via `overrides` in `.eslintrc.js` for `test/**/*.js`.
+
+## Patterns
+
+- Prefer **named exports** from feature modules where the codebase already does; default exports are used for factory-style modules (e.g. `contentstackClient`, HTTP client factory).
+- Use **JSDoc** (`@memberof`, `@func`, `@param`, `@returns`, `@example`) on **public** package API consistent with `lib/contentstack.js` and `lib/contentstackClient.js`.
+- **Dependencies**: `lodash` (e.g. `cloneDeep`), `axios`, `qs`, `@contentstack/utils` — follow existing import paths (`.js` suffixes in imports where used).
+
+## Logging
+
+- Do not add noisy `console.log` in library code except where aligned with existing `logHandler` / error reporting in `lib/core/contentstackHTTPClient.js`.
+- Never log full **authtoken**, **management tokens**, or raw **passwords**.
@@ -0,0 +1,43 @@
+---
+description: "Mocha, Jest, and sanity-check tests for this SDK"
+globs:
+  - "test/unit/**/*.js"
+  - "test/sanity-check/**/*.js"
+  - "test/typescript/**/*.ts"
+  - "test/**/index.js"
+alwaysApply: false
+---
+
+# Testing — `@contentstack/management`
+
+## Frameworks
+
+| Suite | Runner | Assertion / mocks | Notes |
+|-------|--------|-------------------|--------|
+| **Unit** | **Mocha** + `@babel/register` | **Chai**, **Sinon**, **Nock**, **axios-mock-adapter** | Entry: `test/unit/index.js`; **30s** timeout in npm script |
+| **Sanity / API** | Mocha | Chai; **live HTTP** | Entry: `test/sanity-check/sanity.js`; imports **`dist/node/contentstack-management.js`** — run **`npm run build`** first |
+| **TypeScript** | **Jest** + **ts-jest** | Jest mocks | `jest.config.js`; `npm run test:typescript` |
+
+## Naming & layout
+
+- **Unit**: `test/unit/*-test.js` (required from `test/unit/index.js`).
+- **Sanity**: `test/sanity-check/api/*-test.js` (orchestrated via `sanity.js`); shared setup in `test/sanity-check/utility/testSetup.js` and helpers.
+- **TS**: `test/typescript/**/*.test.ts` per Jest config.
+
+## Credentials & env (sanity only)
+
+- Canonical env documentation: **`test/sanity-check/utility/testSetup.js`** (see also `sanity.js`).
+- **Required for setup:** `EMAIL`, `PASSWORD`, `HOST`, `ORGANIZATION`.
+- **Suite-specific (tests skip when unset):** OAuth — `CLIENT_ID`, `APP_ID`, `REDIRECT_URI`; 2FA — `TFA_EMAIL`, `TFA_PASSWORD`; MFA — `MFA_SECRET`; team/stack share — `MEMBER_EMAIL`; DAM 2.0 — `DAM_2_0_ENABLED=true`.
+- **Optional / defaults:** `PERSONALIZE_HOST`, `DELETE_DYNAMIC_RESOURCES`. Use `HOST` for the target CMA API host / region.
+- Setup **writes** `API_KEY`, `AUTHTOKEN`, `MANAGEMENT_TOKEN`, `PERSONALIZE_PROJECT_UID` at runtime — never commit those.
+- Unit tests must **not** rely on real API keys; mock HTTP.
+
+## Coverage
+
+- **nyc** is used with `npm run test:unit` / `test:sanity-test`; exclusions are configured under `package.json` → `nyc`.
+
+## Hygiene
+
+- No committed **`only`** / **`skip`** for tests that should run in CI.
+- Prefer existing **`test/unit/mock/`** and sanity **`mock/`** patterns for fixtures.
@@ -20,5 +20,14 @@ module.exports = {
     'promise'
   ],
   rules: {
-  }
+  },
+  overrides: [
+    {
+      files: ['test/**/*.js'],
+      rules: {
+        'no-unused-expressions': 'off',
+        'no-useless-escape': 'off'
+      }
+    }
+  ]
 }
@@ -41,6 +41,9 @@ coverage/
 test/utility/dataFiles/
 test/sanity-check/utility/dataFiles/
 report.json
+sanity-check-backup/
+.vscode/
+.claude/
 
 # TypeScript v1 declaration files
 typings/
@@ -62,13 +65,15 @@ tsconfig.json
 
 # dotenv environment variables file
 .env
+test-curls.txt
 
 # next.js build output
 .next
 .dccache
 dist
 jsdocs
 .early.coverage
+docs/
 # Snyk Security Extension - AI Rules (auto-generated)
 .cursor/rules/snyk_rules.mdc
-.vscode/settings.json
+.vscode/settings.json