feat: add continuous learning skill with session examples

Stop hook-based pattern extraction - no README, comments in .sh file.
2026-03-21 22:10:09 +00:00 · 2026-01-20 18:33:33 -08:00
parent 3c1e7d9910
commit 6bf102dbaa
6 changed files with 321 additions and 0 deletions
--- a/examples/sessions/2026-01-17-debugging-memory.tmp
+++ b/examples/sessions/2026-01-17-debugging-memory.tmp
@@ -0,0 +1,54 @@
+# Session: Memory Leak Investigation
+**Date:** 2026-01-17
+**Started:** 09:00
+**Last Updated:** 12:00
+
+---
+
+## Current State
+
+Investigating memory leak in production. Heap growing unbounded over 24h period.
+
+### Completed
+- [x] Set up heap snapshots in staging
+- [x] Identified leak source: event listeners not being cleaned up
+- [x] Fixed leak in WebSocket handler
+- [x] Verified fix with 4h soak test
+
+### Root Cause
+WebSocket `onMessage` handlers were being added on reconnect but not removed on disconnect. After ~1000 reconnects, memory grew from 200MB to 2GB.
+
+### The Fix
+```javascript
+// Before (leaking)
+socket.on('connect', () => {
+  socket.on('message', handleMessage)
+})
+
+// After (fixed)
+socket.on('connect', () => {
+  socket.off('message', handleMessage) // Remove old listener first
+  socket.on('message', handleMessage)
+})
+
+// Even better - use once or cleanup on disconnect
+socket.on('disconnect', () => {
+  socket.removeAllListeners('message')
+})
+```
+
+### Debugging Technique Worth Saving
+1. Take heap snapshot at T=0
+2. Force garbage collection: `global.gc()`
+3. Run suspected operation N times
+4. Take heap snapshot at T=1
+5. Compare snapshots - look for objects with count = N
+
+### Notes for Next Session
+- Add memory monitoring alert at 1GB threshold
+- Document this debugging pattern for team
+
+### Context to Load
+```
+src/services/websocket.js
+```
--- a/examples/sessions/2026-01-19-refactor-api.tmp
+++ b/examples/sessions/2026-01-19-refactor-api.tmp
@@ -0,0 +1,43 @@
+# Session: API Refactor - Error Handling
+**Date:** 2026-01-19
+**Started:** 10:00
+**Last Updated:** 13:30
+
+---
+
+## Current State
+
+Standardizing error handling across all API endpoints. Moving from ad-hoc try/catch to centralized error middleware.
+
+### Completed
+- [x] Created AppError class with status codes
+- [x] Built global error handler middleware
+- [x] Migrated `/users` routes to new pattern
+- [x] Migrated `/products` routes
+
+### Key Findings
+- 47 endpoints with inconsistent error responses
+- Some returning `{ error: message }`, others `{ message: message }`
+- No consistent HTTP status codes
+
+### Error Response Standard
+```javascript
+{
+  success: false,
+  error: {
+    code: 'VALIDATION_ERROR',
+    message: 'Email is required',
+    field: 'email'  // optional, for validation errors
+  }
+}
+```
+
+### Notes for Next Session
+- Migrate remaining routes: `/orders`, `/payments`, `/admin`
+- Add error logging to monitoring service
+
+### Context to Load
+```
+src/middleware/errorHandler.js
+src/utils/AppError.js
+```
--- a/examples/sessions/2026-01-20-feature-auth.tmp
+++ b/examples/sessions/2026-01-20-feature-auth.tmp
@@ -0,0 +1,76 @@
+# Session: Auth Feature Implementation
+**Date:** 2026-01-20
+**Started:** 14:30
+**Last Updated:** 17:45
+
+---
+
+## Current State
+
+Working on JWT authentication flow for the API. Main goal is replacing session-based auth with stateless tokens.
+
+### Completed
+- [x] Set up JWT signing with RS256
+- [x] Created `/auth/login` endpoint
+- [x] Added refresh token rotation
+- [x] Fixed token expiry bug (was using seconds, needed milliseconds)
+
+### In Progress
+- [ ] Add rate limiting to auth endpoints
+- [ ] Implement token blacklist for logout
+
+### Blockers Encountered
+1. **jsonwebtoken version mismatch** - v9.x changed the `verify()` signature, had to update error handling
+2. **Redis TTL for refresh tokens** - Was setting TTL in seconds but passing milliseconds
+
+### Key Decisions Made
+- Using RS256 over HS256 for better security with distributed services
+- Storing refresh tokens in Redis with 7-day TTL
+- Access tokens expire in 15 minutes
+
+### Code Locations Modified
+- `src/middleware/auth.js` - JWT verification middleware
+- `src/routes/auth.js` - Login/logout/refresh endpoints
+- `src/services/token.service.js` - Token generation and validation
+
+### Notes for Next Session
+- Need to add CSRF protection for cookie-based token storage
+- Consider adding fingerprinting for refresh token binding
+- Review rate limit values with team
+
+### Context to Load
+```
+src/middleware/
+src/routes/auth.js
+src/services/token.service.js
+```
+
+---
+
+## Session Log
+
+**14:30** - Started session, goal is JWT implementation
+
+**14:45** - Set up basic JWT signing. Using RS256 with key pair stored in env vars.
+
+**15:20** - Login endpoint working. Discovered jsonwebtoken v9 breaking change - `verify()` now throws different error types. Updated catch block:
+```javascript
+// Old (v8)
+if (err.name === 'TokenExpiredError') { ... }
+
+// New (v9)
+if (err instanceof jwt.TokenExpiredError) { ... }
+```
+
+**16:00** - Refresh token rotation working but tokens expiring immediately. Bug: was passing `Date.now()` (milliseconds) to `expiresIn` which expects seconds. Fixed:
+```javascript
+// Wrong
+expiresIn: Date.now() + 900000
+
+// Correct
+expiresIn: '15m'
+```
+
+**17:30** - Auth flow complete. Login -> access token -> refresh -> new tokens. Ready for rate limiting tomorrow.
+
+**17:45** - Saving session state.