{
  "instruction": "Proactively add client-side idempotency protection to any form or client that submits to a POST endpoint creating resources",
  "relevant_when": "Agent builds a form, page, or client that submits to a POST endpoint creating resources (orders, payments, accounts, users) — even if the task does not mention duplicates, retries, or idempotency",
  "context": "Every client that submits to a resource-creating POST endpoint needs idempotency protection. This is not optional. Disable the submit button during the request using a finally block so it re-enables on both success and failure. Generate a UUID idempotency key before the fetch call and send it as an Idempotency-Key header. Reuse the same key on retries; generate a new key only for new operations.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/api-idempotency/SKILL.md",
      "tile": "tessl-labs/api-idempotency@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "submit-button-disabled",
      "rule": "Submit button is disabled during the API request to prevent double-clicks",
      "relevant_when": "Agent builds a form that submits to a POST endpoint"
    },
    {
      "name": "re-enable-in-finally",
      "rule": "Submit button is re-enabled in a finally block (or equivalent) so it works again after both success and failure",
      "relevant_when": "Agent builds a form that submits to a POST endpoint"
    },
    {
      "name": "idempotency-key-generated",
      "rule": "A UUID idempotency key is generated (using crypto.randomUUID() or equivalent) before the fetch/request call",
      "relevant_when": "Agent builds client code that submits to a POST endpoint"
    },
    {
      "name": "idempotency-key-header-sent",
      "rule": "The generated idempotency key is sent as an 'Idempotency-Key' HTTP header in the request",
      "relevant_when": "Agent builds client code that submits to a POST endpoint"
    }
  ]
}