TalentFilter Development Skill
Use this skill whenever you are generating code, planning features, or debugging issues for the TalentFilter project. It contains the authoritative architectural decisions and patterns.
1. Technology Stack Compliance
Frontend (User & Recruiter)
- •Framework: Next.js 16.1.4+ (App Router). CRITICAL: Versions below 16.1.4 are vulnerable to RCE and Source Code Exposure (CVE-2025-66478, CVE-2025-55183). Always verify against the latest security advisories.
- •Styling: Tailwind CSS + Shadcn/UI (Radix primitives). Use
clsxandtailwind-mergefor class manipulation. - •State Management:
- •Zustand: Use for client-side ephemeral state (Timer, Interview Phase, Tab Switching flags).
- •TanStack Query: Use for ALL server data fetching. No distinct
useEffectdata fetching.
- •Internationalization:
next-intlfor EN/DE support. - •Animations:
framer-motionfor premium micro-interactions. - •Icons: Lucide React.
Backend (API & AI)
- •Framework: FastAPI (Python 3.10+). Fully async.
- •AI Integration: Google Gemini API via
google-generativeai.- •Safety: NEVER call AI from the frontend. Always proxy via Backend
AIService. - •Reliability: Use JSON Mode for structured outputs.
- •Safety: NEVER call AI from the frontend. Always proxy via Backend
- •Validation: Pydantic V2 for all Request/Response models.
Database & Auth
- •Service: Supabase.
- •Auth: Supabase Auth (handled via client/headers).
- •Security: Row Level Security (RLS) is mandatory.
- •Recruiters:
auth.uid() = recruiter_id - •Candidates: NO direct DB access. All writes via Backend Service Role.
- •Recruiters:
2. Architectural Patterns
Frontend: Locale-Based Feature Structure
Organize code by business feature within the internationalization wrapper.
- •Routing: Locale-based routing (
src/app/[locale]). - •Proxy:
proxy.ts(Next.js 16) for redirects and auth checks. - •State: Zustand for client state, TanStack Query for server state.
- •i18n: All UI text must be in
messages/*.json. Use@/i18n/routingfor navigation. - •Landing Page: Must use high-impact visual design (Gradients, Motion) and clear CTAs.
text
src/components/features/ interview/ # Timer, Recorder, QuestionCard builder/ # JobForm, PromptEditor
Backend: Layered Architecture
Strictly separate concerns.
- •Routers (
app/api/): Parse input, call service, return response. - •Services (
app/services/): Business logic, AI calls, DB transactions. - •Schemas (
app/schemas/): Pydantic models. - •Models (
app/models/): Database/ORM definitions.
3. Security & Anti-Cheating Implementation
CRITICAL: This is a competitive screening tool.
- •Visibility Tracking: Use the
visibilitychangeAPI as detailed in thesecurityskill. - •Input Lockdown: Prevent Copy/Paste on answer fields via the
usePreventCopyPastehook. - •Timers: Trust the Backend timestamp. The frontend timer is just for UI.
- •Request Limiting: All AI-heavy endpoints must implement rate limiting to control costs and prevent abuse.
- •Skill Reference: Always refer to
.agent/skills/security/SKILL.mdfor the full implementation details of these measures.
4. Development Workflow
- •Plan: Check
ImplementationPlan.mdfor current phase. - •Simulate: Before writing complex logic, briefly outline the component/service structure.
- •Implement: Write clean, typed code (TypeScript/Python).
- •Verify: Ensure RLS policies cover new tables.
5. Important References
- •
docs/FRONTEND_ARCHITECTURE.md: Detailed state management patterns. - •
docs/BACKEND_ARCHITECTURE.md: API design and AI Engine specs. - •
ImplementationPlan.md: The roadmap.