Tony's World of Chips Development Assistant

Expert guidance for working with the Tony's World of Chips e-commerce application codebase.

What This Skill Does

This skill provides comprehensive guidance for developing, testing, deploying, and maintaining Tony's World of Chips—a demonstration e-commerce application built as a TypeScript monorepo with Docker containerization. It covers API development, web frontend, database management, E2E testing, CI/CD orchestration, and System Initiative policy compliance checking.

Project Context

Tony's World of Chips is a full-stack e-commerce storefront application that sells potato chips. It demonstrates modern web application architecture with:

**Monorepo structure** using npm workspaces

**Two main packages**: API (Express + Prisma) and Web (Express + EJS templates)

**Docker Compose orchestration** for local and production deployments

**PostgreSQL database** with Prisma ORM and AWS RDS IAM authentication support

**Valkey session store** (Redis-compatible) for multi-instance session management

**Playwright E2E tests** running in Docker containers

**CI/CD automation** via TypeScript orchestration scripts

**System Initiative integration** for infrastructure policy compliance

Instructions for AI Agent

When working with this codebase, follow these guidelines:

1. Understanding the Monorepo Structure

Root directory contains shared `tsconfig.json` and E2E tests

`packages/api/` - Express REST API with Prisma ORM

`packages/web/` - Server-side rendered web frontend with EJS

`e2e/` - Playwright end-to-end tests

`ci/` - TypeScript-based CI/CD orchestration scripts

`policy/` - Infrastructure compliance policy definitions

**Key principle**: Both packages extend the root TypeScript config. When working with Docker builds, ensure root `tsconfig.json` is copied to resolve extends paths.

2. Development Workflow

**Running services locally:**

```bash

API development (from packages/api/)

npm run dev # Port 3000

npm test # Jest tests

npm run test:watch # Watch mode

npx prisma studio # Database GUI

Web development (from packages/web/)

npm run dev # Port 3001

npm run lint # ESLint

E2E tests (from root)

npm run test:e2e # Run all Playwright tests

npm run test:e2e:ui # Interactive UI mode

```

**Using Docker Compose:**

```bash

Build and start all services

npm run build:local # Build images with latest tag

npm run docker:up # Start services

npm run docker:logs # View logs

Run E2E tests against Docker services

npm run docker:test:e2e

Cleanup

npm run docker:down

```

3. Database Operations

**All database commands run from `packages/api/`:**

```bash

Create and apply migration

npx prisma migrate dev --name descriptive_name

Generate Prisma Client (after schema changes)

npx prisma generate

Seed database with sample data

npx prisma db seed

Open Prisma Studio GUI

npx prisma studio

Production migration deployment

npx prisma migrate deploy

```

**Schema location**: `packages/api/prisma/schema.prisma`

**Models**: Product, CartItem, Order

**Authentication modes**:

Password-based (default for local dev)

AWS RDS IAM authentication (production)

- Controlled by `DB_USE_IAM_AUTH` environment variable

- Tokens auto-refresh every 14 minutes via `src/config/secrets.ts`

4. Docker Architecture

**Image Tags**:

`latest` - Local development (built via `npm run build:local`)

`YYYYMMDDHHMMSS-{git-sha}` - CI/CD versioned builds

**Building specific images:**

```bash

All images

npx tsx ci/main.ts build-local all

Individual images

npx tsx ci/main.ts build-local api

npx tsx ci/main.ts build-local web

npx tsx ci/main.ts build-local e2e

```

**Using versioned tags:**

```bash

IMAGE_TAG=20250115120000-abc123 docker-compose up

```

**Important Docker considerations**:

Root `tsconfig.json` must be copied into each package's build context

Containers mimic monorepo structure internally (`/app/packages/{api|web}/`)

API runs migrations and seeds on startup

Web depends on healthy Valkey and API services

5. API Architecture (`packages/api/`)

**Entry point**: `src/index.ts`

**Routes** (all under `/api/*` prefix):

`/api/products` - Product catalog

`/api/cart` - Shopping cart CRUD

`/api/orders` - Order creation (checkout)

`/health` and `/health/db` - Health checks

**Database client**: `src/config/database.ts`

Singleton Prisma instance

IAM token refresh logic for AWS RDS

Connection pooling and error handling

**Testing**: Jest with supertest in `src/__tests__/`

**AWS Integration**:

RDS IAM authentication support

Secrets Manager integration for password fallback

Token refresh ensures long-running connections remain valid

6. Web Architecture (`packages/web/`)

**Entry point**: `src/index.ts`

**Routes**:

`/` - Home page (product grid)

`/products/:id` - Product detail

`/cart` - Shopping cart

`/orders/checkout` - Checkout confirmation

`/health` - Health check

**Session Management**:

Express-session with Valkey store (Redis-compatible)

Persistent across restarts and instances

30-day TTL

Session ID injected into all views via `res.locals`

**Views**: EJS templates in `views/` directory

`home.ejs`, `product-detail.ejs`, `cart.ejs`, `checkout.ejs`

`partials/` for reusable components (header, footer)

**Service Layer**: `src/services/` contains Axios-based API clients

**Environment Variables**:

`API_URL` - Backend API URL

`SESSION_SECRET` - Session encryption key

`REDIS_URL` - Valkey connection (default: redis://localhost:6379)

`PORT` - Server port (default: 3001)

7. E2E Testing with Playwright

**Test files**:

`e2e/api.spec.ts` - API endpoint tests

`e2e/web.spec.ts` - UI interaction tests

**Configuration**: `playwright.config.ts` at root level

**Environment Variables**:

`API_URL` - API base URL (default: http://localhost:3000)

`WEB_URL` - Web base URL (default: http://localhost:8080)

`CI` - Enable CI mode (default: true in container)

**Running tests**:

```bash

Locally (requires running services)

npm run test:e2e

In Docker container

npm run docker:test:e2e

Against remote environments

API_URL=https://api.example.com WEB_URL=https://www.example.com npm run docker:test:e2e

With custom options and result persistence

docker run --rm \

-e API_URL=https://api.example.com \

-e WEB_URL=https://www.example.com \

-v $(pwd)/test-results:/app/test-results \

-v $(pwd)/playwright-report:/app/playwright-report \

tonys-chips/e2e:latest

```

8. CI/CD Orchestration

**Entry point**: `ci/main.ts` - TypeScript CLI for all CI/CD operations

**Available commands**:

`calver` - Generate CALVER timestamp tags from git commit

`check-postgres` - Verify PostgreSQL readiness with timeout

`check-infraflags` - Check infrastructure flags deployment status

`check-policy` - Run compliance policy checks against System Initiative

`build-local` - Build Docker images with `latest` tag

`test-e2e` - Run E2E tests in Docker

`manage-image-lifecycle` - Unified image lifecycle (build/publish/deploy)

`manage-stack-lifecycle` - System Initiative stack operations

`post-to-pr` - Post content to GitHub pull requests

**Usage pattern**:

```bash

npx tsx ci/main.ts <command> [args]

Or via npm scripts:

npm run ci:<command>

```

9. System Initiative Policy Compliance

**Policy structure**: Markdown files in `policy/` directory with YAML frontmatter

**Policy file format**:

```markdown

Policy Title

Policy

Policy description and requirements...

Exceptions

Any exceptions to the policy...

Source Data

System Initiative

```yaml

query-name: "schema:AWS*"

another-query: "schema:AWS::EC2::*"

```

Output Tags

```yaml

tags:

- tag1

- tag2

```

**Running policy checks**:

```bash

Single policy

npx tsx ci/main.ts check-policy policy/my-policy.md

With custom output path

npx tsx ci/main.ts check-policy policy/my-policy.md --output ./reports/report.md

Or via npm script

npm run ci:check-policy policy/my-policy.md

```

**Required environment variables**:

`SI_API_TOKEN` - System Initiative API token

`SI_WORKSPACE_ID` - System Initiative workspace ID

`ANTHROPIC_API_KEY` - Anthropic API key for Claude agent

`GITHUB_TOKEN` - GitHub token (optional, for posting issues)

`GITHUB_REPOSITORY` - GitHub repository (optional, for CI)

**Policy check pipeline**:

1. Extract Policy - Claude parses markdown to structured data

2. Collect Source Data - Query System Initiative API

3. Evaluate Policy - Claude evaluates components against requirements

4. Generate Report - Markdown report with deep links to SI components

**GitHub Actions**: `policy-check.yml` workflow runs all policies on manual trigger, posts results to issues, and uploads reports as artifacts.

10. Code Modification Guidelines

When making changes to this codebase:

**API changes**:

Update Prisma schema if database changes needed

Run `npx prisma generate` after schema changes

Create migration: `npx prisma migrate dev --name descriptive_name`

Add/update tests in `src/__tests__/`

Consider IAM authentication implications for RDS connections

**Web changes**:

Update EJS templates for UI changes

Modify service layer in `src/services/` for API client changes

Test session management behavior with Valkey store

Ensure static assets are properly served from `public/`

**Docker changes**:

Update relevant Dockerfile in `docker/` directory

Ensure root `tsconfig.json` copying is maintained

Test with `npm run build:local` followed by `npm run docker:up`

Verify health checks and dependency waiting logic

**E2E test changes**:

Add new test files to `e2e/` directory

Update `playwright.config.ts` if new test projects needed

Test both locally and in Docker container

Ensure tests work with configurable URLs

**CI/CD changes**:

Modify `ci/main.ts` for orchestration logic

Update GitHub Actions workflows in `.github/workflows/`

Test commands locally with `npx tsx ci/main.ts <command>`

11. Common Tasks

**Add a new API endpoint**:

1. Define route handler in appropriate file under `packages/api/src/routes/`

2. Mount route in `src/index.ts`

3. Add service method in web package if needed

4. Write integration tests

5. Update E2E tests if user-facing

**Add a new database table**:

1. Update `packages/api/prisma/schema.prisma`

2. Run `npx prisma generate`

3. Create migration: `npx prisma migrate dev --name add_table_name`

4. Update seed data in `prisma/seed.ts` if needed

5. Update TypeScript types and API routes

**Add a new web page**:

1. Create EJS template in `packages/web/views/`

2. Add route handler in `packages/web/src/index.ts`

3. Create service methods for API calls

4. Add static assets if needed

5. Write E2E tests for the page

**Debug session issues**:

1. Check Valkey connectivity: `docker-compose logs valkey`

2. Verify `REDIS_URL` environment variable

3. Check session secret configuration

4. Test session persistence across requests

5. Review `express-session` middleware configuration

**Troubleshoot database connections**:

1. Check PostgreSQL health: `docker-compose logs postgres`

2. Verify `DATABASE_URL` format

3. For IAM auth issues, check token refresh logic in `src/config/secrets.ts`

4. Test connection with `npx prisma db pull`

5. Review Prisma connection pooling settings

Examples

Example 1: Adding a New Product Category Field

```bash

1. Update Prisma schema

Edit packages/api/prisma/schema.prisma, add category field to Product model

2. Generate Prisma Client

cd packages/api

npx prisma generate

3. Create migration

npx prisma migrate dev --name add_product_category

4. Update seed data

Edit prisma/seed.ts to include category values

5. Run seed

npx prisma db seed

6. Update API routes if needed

Edit src/routes/products.ts to handle category filtering

7. Run tests

npm test

```

Example 2: Running E2E Tests Against Staging Environment

```bash

Build E2E image with specific tag

npx tsx ci/main.ts build sandbox e2e 20250115120000-abc123

Run tests against staging URLs

API_URL=https://staging-api.example.com \

WEB_URL=https://staging-web.example.com \

docker run --rm \

-e API_URL=https://staging-api.example.com \

-e WEB_URL=https://staging-web.example.com \

-v $(pwd)/test-results:/app/test-results \

-v $(pwd)/playwright-report:/app/playwright-report \

tonys-chips/e2e:20250115120000-abc123

View report

npm run test:e2e:report

```

Example 3: Checking Infrastructure Policy Compliance

```bash

Set required environment variables

export SI_API_TOKEN="your-si-token"

export SI_WORKSPACE_ID="your-workspace-id"

export ANTHROPIC_API_KEY="your-anthropic-key"

Run single policy check

npx tsx ci/main.ts check-policy policy/security-groups.md

Run check with custom output

npx tsx ci/main.ts check-policy policy/security-groups.md \

--output ./reports/security-groups-$(date +%Y%m%d).md

View generated report

cat ./reports/security-groups-*.md

```

Important Notes

**TypeScript Config Inheritance**: Both API and web packages extend root `tsconfig.json`. Docker builds must copy this file to resolve the extends path.

**Database Authentication**: The API supports both password-based (local) and AWS RDS IAM authentication (production). IAM tokens auto-refresh every 14 minutes.

**Session Persistence**: Web sessions use Valkey (Redis-compatible) for multi-instance support. Ensure `REDIS_URL` is correctly configured.

**E2E Test Isolation**: Playwright tests run in separate projects for API vs web. Use environment variables to configure target URLs.

**Image Versioning**: Local development uses `latest` tag. CI/CD uses CALVER timestamps with git SHA (e.g., `20250115120000-abc123`).

**Health Checks**: Both API and web expose `/health` endpoints. API also has `/health/db` for database connectivity checks.

**Policy Compliance**: System Initiative policy checks use Claude AI for evaluation. Reports include deep links to infrastructure components.

Tony's World of Chips Development Assistant

Safety Concern

Tony's World of Chips Development Assistant

What This Skill Does

Project Context

Instructions for AI Agent

1. Understanding the Monorepo Structure

2. Development Workflow

API development (from packages/api/)

Web development (from packages/web/)

E2E tests (from root)

Build and start all services

Run E2E tests against Docker services

Cleanup

3. Database Operations

Create and apply migration

Generate Prisma Client (after schema changes)

Seed database with sample data

Open Prisma Studio GUI

Production migration deployment

4. Docker Architecture

All images

Individual images

5. API Architecture (`packages/api/`)

6. Web Architecture (`packages/web/`)

7. E2E Testing with Playwright

Locally (requires running services)

In Docker container

Against remote environments

With custom options and result persistence

8. CI/CD Orchestration

Or via npm scripts:

9. System Initiative Policy Compliance

Policy Title

Policy

Exceptions

Source Data

System Initiative

Output Tags

Single policy

With custom output path

Or via npm script

10. Code Modification Guidelines

11. Common Tasks

Examples

Example 1: Adding a New Product Category Field

1. Update Prisma schema

Edit packages/api/prisma/schema.prisma, add category field to Product model

2. Generate Prisma Client

3. Create migration

4. Update seed data

Edit prisma/seed.ts to include category values

5. Run seed

6. Update API routes if needed

Edit src/routes/products.ts to handle category filtering

7. Run tests

Example 2: Running E2E Tests Against Staging Environment

Build E2E image with specific tag

Run tests against staging URLs

View report

Example 3: Checking Infrastructure Policy Compliance

Set required environment variables

Run single policy check

Run check with custom output

View generated report

Important Notes

Reviews (0)