base/typescript-engineering

Use this skill whenever the user asks you to write, edit, review, refactor, debug, or design TypeScript or TSX code. It is especially relevant for application code, backend routes, React/UI work, schemas, runtime boundaries, persistence, async workflows, API contracts, tests, lint/typecheck fixes, and code review. Apply it even when the user does not explicitly mention "TypeScript" if the files or project are TypeScript-based.

1.26x

Quality

85%

Does it follow best practices?

Impact

95%

1.26x

Average score across 5 eval scenarios

Securityby

Passed

No known issues

Harden The Order Webhook

Name: base/typescript-engineering
Rating: 89 (1 reviews)
Author: base

Problem/Feature Description

The commerce team is seeing intermittent production failures when an order webhook arrives with optional fields omitted, repeated event delivery, or a malformed line item. Security also flagged that the route is too trusting of request data. The team wants the webhook route made production-ready without turning this into a broad rewrite.

The repository is small but has some conventions already. Keep the change focused on the order webhook path and leave behind enough evidence for the next engineer to understand what changed and how you checked it.

Output Specification

Produce a working TypeScript project in the current directory. Include the updated source files, focused tests, and a brief CHANGE_NOTE.md that summarizes the behavior changed and the checks performed.

Input Files

The following files are provided as inputs. Extract them before beginning.

=============== FILE: AGENTS.md ===============

Project Instructions

Application modules use named exports.
Runtime validation in this app uses Zod.
Keep feature behavior under src/features/<feature-name>/.
Tests use Vitest.
Prefer the local database client in src/db/client.ts.

=============== FILE: package.json =============== { "type": "module", "scripts": { "test": "vitest run", "typecheck": "tsc --noEmit" }, "dependencies": { "zod": "^3.23.8" }, "devDependencies": { "@types/node": "^20.14.10", "typescript": "^5.5.3", "vitest": "^2.0.4" } }

=============== FILE: tsconfig.json =============== { "compilerOptions": { "target": "ES2022", "module": "NodeNext", "moduleResolution": "NodeNext", "strict": true, "exactOptionalPropertyTypes": true, "noUncheckedIndexedAccess": true, "skipLibCheck": true }, "include": ["src/**/*.ts"] }

=============== FILE: src/db/client.ts =============== export type QueryResult<T> = { rows: T[]; };

export type DbClient = { query<T>(sql: string, params?: readonly unknown[]): Promise<QueryResult<T>>; };

export const db: DbClient = { async query() { return { rows: [] }; } };

=============== FILE: src/features/orders/webhook.ts =============== import { db } from "../../db/client.js";

type OrderWebhook = any;

export default async function handleOrderWebhook(req: { body: unknown; headers: Record<string, string | undefined> }) { const body = req.body as OrderWebhook; if (!req.headers["x-shop-signature"]) { return { ok: false, status: 401 }; }

const orderId = body.order.id; const tenantId = body.tenantId; const coupon = body.order.couponCode || null; const note = body.order.customerNote || null;

const existing = await db.query<{ id: string }>( "select id from orders where external_id = '" + orderId + "' and tenant_id = '" + tenantId + "'" );

if (existing.rows.length) { return null; }

for (const item of body.order.items) { await db.query( "insert into order_items(order_id, sku, quantity) values ('" + orderId + "', '" + item.sku + "', " + item.qty + ")" ); }

await db.query("insert into webhook_events(event_id, payload) values ('" + body.eventId + "', '" + JSON.stringify(body) + "')");

return { ok: true, status: 200, orderId, coupon, note }; }