7.7 KiB
7.7 KiB
AGENTS.md
Repository-specific instructions for coding agents working on blog-frontend.
Project Overview
- This is the frontend for WYPark Blog, built with Next.js 16 App Router, React 19, TypeScript, Tailwind CSS 4, TanStack React Query, Zustand, and Axios.
- The app talks to a backend API through
NEXT_PUBLIC_API_URL.- Local default:
http://localhost:8080 - Production API used by deploy:
https://blogserver.wypark.me - Public site metadata uses:
https://blog.wypark.me
- Local default:
- Node 20 is the production baseline. The Docker build uses
node:20-alpine.
Repository Layout
src/app/: Next.js App Router routes, root layout, providers, metadata, sitemap, and robots.src/components/layout/: persistent layout components such asSidebarandTopHeader.src/components/post/: post listing, detail, Markdown rendering, search, and TOC components.src/components/comment/: comment form, list, and item components.src/api/: API client wrappers. Use these instead of calling backend endpoints directly from components.src/api/http.ts: shared Axios instance, auth header injection, and token refresh handling.src/store/authStore.ts: persisted auth state with Zustand.src/types/index.ts: shared API and domain types.public/: static assets..gitea/workflows/deploy.yml: Gitea deployment pipeline.DockerFile: production Docker image definition. Keep the current filename casing unless changing the deploy workflow too.
Package Manager And Commands
- Prefer
npmfor scripts and dependency work becausepackage-lock.json, Docker, and CI use npm. - Do not update both
package-lock.jsonandyarn.lockfor routine changes. If dependencies must change, update the npm lockfile and leave a note about the lockfile decision. - Common commands:
npm cito install dependencies from the lockfile.npm run devto start local development on port 3000.npm run lintfor ESLint.npm run buildfor production build validation.npm run startafter a successful build.
Environment
- Use
NEXT_PUBLIC_API_URLwhen testing against a non-local backend. - Features that fetch categories, posts, profile, comments, auth, or uploads require the backend API to be reachable.
- If the backend is not running, prefer validating static rendering, linting, and isolated UI logic instead of inventing mock API behavior.
Coding Conventions
- Keep TypeScript strict. Add or refine shared types in
src/types/index.tsinstead of spreading untypedanythrough components. - Use the
@/*alias for imports fromsrc. - Prefer existing local patterns over new abstractions.
- Keep components focused and colocate small UI-only helpers near the component that uses them.
- Preserve the existing Tailwind-first styling approach. Use global CSS only for app-wide behavior or third-party component overrides.
- Prefer icons from the existing icon libraries (
lucide-react,@heroicons/react) instead of custom inline SVGs. - User-facing copy is Korean-first. When editing Korean text, save files as UTF-8 and verify the rendered text or diff so strings do not become mojibake.
- Some existing files contain Korean comments and UI strings. Do not mass-rewrite text while making unrelated changes; fix only the text needed for the task.
Next.js App Router Rules
- Use Server Components by default.
- Add
'use client'only when a component uses hooks, browser APIs, localStorage, React Query hooks, Zustand hooks, events, or client-only libraries. - Components that use
useSearchParamsshould remain under aSuspenseboundary. - Dynamic route params follow the current Next.js 16 style in this repo, where route components may receive
paramsas aPromise. - Keep metadata, sitemap, and robots changes aligned with the production domain
blog.wypark.me.
Data Fetching And API Rules
- Use
src/api/*functions from UI code. Add new backend calls there before consuming them in components. - Use
httpfromsrc/api/http.tsfor authenticated JSON API calls so auth headers, credentials, and refresh behavior stay consistent. - Direct
axioscalls should be limited to token refresh paths or cases where the shared interceptor would recurse. - API responses generally follow
ApiResponse<T>with useful data underresponse.data.data. - Keep React Query keys stable and descriptive, following existing patterns such as
['posts', ...],['post', slug],['categories'],['profile'], and['comments', postSlug]. - After mutations, invalidate or reset the related queries rather than relying on stale cache state.
Auth And Permissions
- Auth state lives in
useAuthStoreand is persisted underauth-storage. - Admin-only UI checks generally use
_hasHydratedplusrole?.includes('ADMIN'). - Avoid reading localStorage during server rendering. Gate browser-only auth logic behind client components and effects.
- Be careful around token refresh. There is queueing and Web Locks logic in
src/api/http.ts; do not simplify it without testing concurrent 401 behavior. - Do not expose refresh tokens or auth tokens in logs, UI, or error messages.
Markdown And Content Rendering
- Render post content through
src/components/post/MarkdownRenderer.tsx. - Keep
rehype-sanitizein the Markdown pipeline unless there is a deliberate, reviewed security change. - When adding Markdown features, consider XSS, external links, image behavior, syntax highlighting, TOC generation, and SSR/client compatibility.
- Uploaded images are inserted as Markdown image syntax by the write page. Preserve that convention unless changing backend upload semantics too.
UI And UX Guidelines
- Preserve the main layout: fixed sidebar on larger screens, mobile sidebar toggle, top-right auth/write controls, content area with responsive widths.
- Keep blog reading surfaces calm and content-focused. Avoid large decorative sections unless the user explicitly asks for a redesign.
- Ensure text fits on mobile and desktop, especially Korean labels in buttons, cards, modals, and sidebar items.
- For admin flows, keep destructive actions confirmed and visually distinct.
- For forms, preserve loading, disabled, error, and success states with
react-hot-toastor the existing local patterns.
Validation Expectations
- For most code changes, run
npm run lint. - Run
npm run buildwhen changing routing, layout, metadata, data fetching, auth, Markdown rendering, or build/deploy config. - For visible UI changes, start
npm run devand verify the affected route in a browser when feasible. - If validation cannot run because dependencies or the backend are unavailable, state that clearly and explain what was checked instead.
Deployment Notes
- The production Docker image uses standalone Next output. Keep
next.config.tsoutput: 'standalone'unless the deployment strategy changes. - The Gitea workflow builds on pushes to
main, passesNEXT_PUBLIC_API_URL=https://blogserver.wypark.me, runs the container asblog-frontend, and maps host port3005to container port3000. - Keep Docker, Gitea workflow, and Next config changes synchronized.
Change Discipline
- Keep edits scoped to the requested task.
- Record completed work in
LOG.mdas part of each task. Include the date, a brief summary of changes, and any validation performed or skipped. - When finishing a task and updating
LOG.md, also leave a concise note about the recommended next task so future agents can continue smoothly. - Do not rewrite generated files,
.next,node_modules, build output, or unrelated lockfiles. - Do not silently change public URLs, analytics IDs, SEO behavior, auth storage keys, or backend endpoint paths.
- When touching fragile areas such as auth refresh, Markdown sanitization, deployment, or route params, include a short explanation and stronger validation.