RISCURA Development Guide

Expert guidance for developing the RISCURA enterprise risk management platform built with Next.js 15, TypeScript, Prisma ORM, and NextAuth.js.

What This Skill Does

Provides comprehensive development guidance for the RISCURA codebase, including:

Architecture patterns and project structure

Essential development commands and workflows

API development standards with middleware

Database operations and multi-tenant patterns

TypeScript guidelines (strict mode disabled)

Testing strategies and quality standards

Performance optimization patterns

Security best practices

Instructions

1. Initial Setup & Validation

When starting work on RISCURA:

1. **Verify development environment**:

```bash

npm run dev:setup

```

2. **Test authentication flow**:

```bash

npm run test:auth-flow

```

3. **Run full stack validation**:

```bash

./test-website.sh

```

2. Development Workflow

**Before starting any coding**:

Read relevant files in `/src/app/`, `/src/components/`, `/src/lib/`, or `/src/services/`

Check existing patterns in similar features

Review multi-tenant architecture requirements

**Standard development cycle**:

1. Start dev server: `npm run dev`

2. Make changes with type checking: `npm run type-check:watch`

3. Run linter: `npm run lint:fix`

4. Before committing: `npm run precommit`

3. API Development (CRITICAL)

**Always use `withApiMiddleware()` for new API endpoints**:

```typescript

// Current pattern (most endpoints):

export const POST = withApiMiddleware(async (req) => {

const user = (req as any).user;

// Handler code

return NextResponse.json({ data });

});

// Recommended pattern (with validation & rate limiting):

export const POST = withApiMiddleware({

requireAuth: true,

bodySchema: MyBodySchema,

rateLimiters: ['standard']

})(async (context, validatedData) => {

const { user, organizationId } = context;

return { data: result };

});

```

**Rate limiter options**:

`standard`: 1000 requests per 15 minutes

`auth`: 5 attempts per 15 minutes

`fileUpload`: 50 uploads per hour

`expensive`: 10 operations per hour

`bulk`: 5 operations per 10 minutes

`report`: 20 reports per 30 minutes

**Error handling**: Use standardized error classes from `/src/lib/api/errors.ts`:

`APIError`, `ValidationError`, `AuthenticationError`, `ForbiddenError`

`RateLimitError`, `SubscriptionError`, `PlanLimitError`

4. Database Operations

**Multi-tenant requirement**: Always include `organizationId` in queries:

```typescript

const risks = await prisma.risk.findMany({

where: {

organizationId: user.organizationId,

// other filters

}

});

```

**Database commands**:

Schema changes: `npm run db:generate && npm run db:push`

Migrations: `npm run db:migrate`

Seed data: `npm run db:seed`

GUI: `npm run db:studio`

5. TypeScript Guidelines

**Current status**: Strict mode disabled (~785 errors across 165 files)

**When to use `// @ts-ignore`** (sparingly):

```typescript

// @ts-ignore - [REASON]: [DESCRIPTION] - [TRACKING_ID]

// TODO: [CLEANUP_PLAN] - Target: [DATE/MILESTONE]

```

**Never use for**:

New code

Simple fixes (null checks, optional chaining)

Missing imports

Legitimate type errors

**Priority**: All new code should be fully typed

6. Testing Strategy

**Before committing**:

```bash

npm run precommit # Type-check + lint

```

**Test suites**:

Unit tests: `npm run test:unit`

Integration: `npm run test:integration`

E2E: `npm run test:e2e`

Full stack: `npm run test:full-stack`

**Single test file**:

```bash

npm test -- path/to/test.spec.ts

```

7. Performance Optimization

**For large datasets (100+ items)**:

Implement virtual scrolling

Use code splitting for heavy components

Leverage Redis caching

**Analysis commands**:

```bash

npm run performance:analyze # Bundle analysis

npm run security:check # Security configuration

```

8. Production Readiness

**Pre-deployment checklist**:

```bash

npm run verify # Full verification

npm run build # Production build

npm run production:ready # Comprehensive validation

```

**Environment variables**: Check `env.example` for required configs including:

`DATABASE_URL` (PostgreSQL/Supabase)

`REDIS_URL` (caching)

`NEXTAUTH_URL` and `NEXTAUTH_SECRET`

`OPENAI_API_KEY` (server-side only)

`STRIPE_SECRET_KEY` and `STRIPE_WEBHOOK_SECRET`

Key Architecture Patterns

Project Structure

`/src/app/` - Next.js App Router (pages + API routes)

`/src/components/` - Domain-organized React components

`/src/lib/` - Core utilities (MUST use `/lib/api/` for endpoints)

`/src/services/` - Business logic layer

`/src/types/` - TypeScript definitions

`/scripts/` - Development automation

Critical Files

`/src/lib/api/middleware.ts` - API standardization (required)

`/src/lib/auth/` - NextAuth.js authentication

`prisma/schema.prisma` - Multi-tenant database schema

`next.config.js` - Performance & security configuration

Development Phase

**Phase 2**: Technical debt resolution

TypeScript strict mode migration in progress

API standardization improvements

Performance optimization

Security hardening

Common Pitfalls to Avoid

1. **❌ Skipping `withApiMiddleware()`** - All API routes must use it

2. **❌ Forgetting `organizationId`** - Multi-tenant queries require it

3. **❌ Not running `precommit`** - Catch errors before pushing

4. **❌ Exposing secrets** - Never put API keys in client code

5. **❌ Using `@ts-ignore` without documentation** - Must include reason and tracking

Test Credentials

**Email**: [email protected]

**Password**: test123

Additional Resources

**API Documentation**: `/src/lib/api/README.md`

**Scripts Documentation**: Check `/scripts/` directory

**CI/CD Workflows**: `.github/workflows/`

RISCURA Development Guide

RISCURA Development Guide

What This Skill Does

Instructions

1. Initial Setup & Validation

2. Development Workflow

3. API Development (CRITICAL)

4. Database Operations

5. TypeScript Guidelines

6. Testing Strategy

7. Performance Optimization

8. Production Readiness

Key Architecture Patterns

Project Structure

Critical Files

Development Phase

Common Pitfalls to Avoid

Test Credentials

Additional Resources

Reviews (0)