Forge惯用工程师指南：Rust全栈开发最佳实践与代码规范

forge-idiomatic-engineer by isala404/forge

415 周安装量

79 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/isala404/forge --skill forge-idiomatic-engineer

方法论开发 Rust

🇨🇳中文介绍

Forge 惯用工程师

像务实的维护者一样工作：阅读你面前的代码库，做出能解决用户所述问题的最小改动，用附近的测试证明其正确性，并在环境阻碍进一步进展时干净利落地停止。

除非代码库另有说明，否则默认假设为：Rust 2024 工作区，forgex 导入为 forge，PostgreSQL，生成的前端绑定，以及以 SvelteKit 或 Dioxus 为目标的前端。

操作风格

优先采纳此代码库的直接证据，而非通用的 Forge 知识。
优先进行一次良好的本地检查，而非广泛的探索。
优先进行薄垂直切片，而非大规模重写。
优先明确阻塞点，而非变通方案的叠加。
优先使用简单、邻近的测试，而非巧妙的共享抽象。

不要悄无声息地将一个小错误修复升级为重新设计、身份验证重构或环境调查。

从浅层开始

在编辑之前，只阅读定义任务范围的内容：

forge.toml
Cargo.toml
src/main.rs
你预期会触及的确切处理器/模式/前端文件
对于 SvelteKit 工作，查看 frontend/package.json；对于 Dioxus 工作，查看

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

使用真实的工具链

解析并使用实际的 Forge CLI 命令、前端包管理器、测试命令和本地数据库工作流。不要在应用二进制文件上发明子命令或猜测生成路径。

后端先于生成的前端

首先完成后端行为及其测试。然后运行 forge generate。接着将前端连接到生成的契约。切勿手动编辑生成的文件（frontend/src/lib/forge/* 或 frontend/src/forge/*）。

处理器注册很重要

仅凭宏并不能使处理器可访问。每个处理器都必须在 src/main.rs 中注册：

函数	生成的结构体	注册调用
`list_todos`	`ListTodosQuery`	`.register_query::<functions::ListTodosQuery>()`
`create_order`	`CreateOrderMutation`	`.register_mutation::<functions::CreateOrderMutation>()`
`send_email`	`SendEmailJob`	`.register_job::<functions::SendEmailJob>()`
`daily_cleanup`	`DailyCleanupCron`	`.register_cron::<functions::DailyCleanupCron>()`
`onboarding`	`OnboardingWorkflow`	`.register_workflow::<functions::OnboardingWorkflow>()`
`heartbeat`	`HeartbeatDaemon`	`.register_daemon::<functions::HeartbeatDaemon>()`
`stripe`	`StripeWebhook`	`.register_webhook::<functions::StripeWebhook>()`
`export_data`	`ExportDataMcpTool`	`.register_mcp_tool::<functions::ExportDataMcpTool>()`

命名规则：PascalCase(函数名) + 类型后缀。避免使用后缀命名函数（例如 heartbeat_daemon → HeartbeatDaemonDaemon）。

生成的结构体继承处理器函数的可见性。如果函数不是 pub，则结构体是私有的，无法通过 functions::StructName 访问。始终将处理器声明为 pub async fn。

使用 -- @up / -- @down 标记。不要直接编辑 forge_migrations。通过 docker compose exec db psql 访问数据库。

身份验证和所有权

从上下文中派生身份，切勿信任客户端提供的所有权字段。Forge 的范围强制会在运行时验证键（user_id、owner_id、subject、tenant_id 及其驼峰命名变体）。不要手动比较。

不要使用虚假输入

如果处理器没有业务输入，则省略参数。不要使用 Option<()>、() 或虚拟结构体。

关于编译或运行时失败

如果出现 cargo check、forge check 或运行时错误（SSE 故障、反序列化错误、会话不匹配），在尝试修复之前，先加载 references/troubleshooting.md。大多数失败都属于已知类别，并有直接解决方案。当故障排除指南涵盖了该错误时，不要通过试错法进行迭代。

涵盖的关键类别：sqlx 离线模式、结构体可见性、ForgeConn 借用、Docker 路径问题、SESSION_PRINCIPAL_MISMATCH（身份验证 + SSE）、由生成类型中 serde 跳过的字段引起的 DESERIALIZATION_ERROR、ForgeError 格式化。

聚焦的后端测试
如果契约发生更改，运行 forge generate
如果前端发生更改，进行前端检查
如果运行时行为重要，进行运行时验证
如果 UI 发生更改，运行 forge test
最后运行 forge check

大多数小任务只需要这个文件。在开始实现之前，始终加载 donts.md。

信号	加载
开始任何实现任务	`references/donts.md`
宏属性、上下文方法、错误类型、配置字段	`references/api.md`
身份验证、JWT、登录/注册、受保护路由	`references/auth.md`
前端模式（共享原则）	`references/frontend.md`
SvelteKit：存储、rune、生成的绑定	`references/frontend/svelte.md`
Dioxus：钩子、信号、生成的绑定	`references/frontend/dioxus.md`
测试上下文、断言、模拟、数据库测试	`references/testing.md`
作业、工作流、定时任务、守护进程、Webhook	`references/patterns.md`
文件上传、MCP 工具、外部 API、自定义路由	`references/integrations.md`
生产环境：部署、扩展、可观测性	`references/operations.md`
审查清单、反模式、安全性	`references/quality.md`
构建失败、运行时错误、Docker 问题、常见修复	`references/troubleshooting.md`

对于实现任务：更改了什么、添加了哪些测试、运行了什么、运行时成功或阻塞点、Playwright 结果、forge check 结果、风险。

对于审查任务：包含文件引用的发现、假设、简短摘要。

🇺🇸English

Forge Idiomatic Engineer

Work like a pragmatic maintainer: read the repo in front of you, make the smallest change that solves the user's stated problem, prove it with nearby tests, and stop cleanly when the environment blocks further progress.

Default assumptions unless the repo says otherwise: Rust 2024 workspace, forgex imported as forge, PostgreSQL, generated frontend bindings, and a frontend target of either SvelteKit or Dioxus.

Operating style

Prefer direct evidence from this repo over general Forge lore.
Prefer one good local check over broad exploration.
Prefer a thin vertical slice over a broad rewrite.
Prefer explicit blockers over workaround cascades.
Prefer plain, nearby tests over clever shared abstractions.

Do not quietly upgrade a small bug fix into a redesign, auth rebuild, or environment investigation.

Start shallow

Before editing, read only what defines the task surface:

forge.toml
Cargo.toml
src/main.rs
the exact handler/schema/frontend files you expect to touch
frontend/package.json for SvelteKit work or frontend/Cargo.toml for Dioxus work
migrations/ only if schema or DB work is in scope

Stop exploring once you know which files need changes and which command should verify them.

For Dioxus projects, also check frontend/Cargo.toml for correct platform feature separation (web/desktop/mobile should be separate features, not hardcoded). For projects created with forge new, check docker-compose.yml for hardcoded workspace paths that need updating.

Build order

For most work:

make the backend contract real
add tests for the changed behavior
run forge generate if the contract changed
add the thinnest frontend needed to exercise the contract
verify the requested user path
run forge check last

Do not start with the polished version.

UI default

If the user asks for UI work but not for visual exploration, default to a simple UI: clear labels, obvious states, minimal motion, no invented brand system, no dashboard complexity unless the task needs it.

Test style

Tests are part of the implementation. Keep them close to the code they prove:

handlers: same file, #[cfg(test)] mod tests at the bottom
pure helpers: same file, near the helper
test-only helpers: inside that module's test block unless multiple modules truly need them

Good test code keeps special cases visible. Name and test the weird cases directly.

For Playwright tests, always import test from the generated tests/fixtures.ts.

Minimum bar: backend behavior change => add backend tests. Bug fix => regression test. UI change => Playwright coverage.

Runtime blockers

Before runtime verification, check the configured port:

lsof -iTCP:<port> -sTCP:LISTEN -n -P

If the port is occupied: tell the user, stop runtime verification there. Do not kill the process, silently change ports, or continue against a guessed alternative. Same for missing DB access, missing package managers, missing Playwright browsers, or unresolved Forge CLI.

Forge rules

Use the real toolchain

Resolve and use the actual Forge CLI command, frontend package manager, test commands, and local database workflow. Do not invent subcommands on the app binary or guess generated paths.

Backend before generated frontend

Finish the backend behavior and its tests first. Then run forge generate. Then wire the frontend against the generated contract. Never hand-edit generated files (frontend/src/lib/forge/* or frontend/src/forge/*).

Handler registration matters

Macros alone do not make handlers reachable. Each must be registered in src/main.rs:

Function	Generated struct	Register call
`list_todos`	`ListTodosQuery`	`.register_query::<functions::ListTodosQuery>()`
`create_order`	`CreateOrderMutation`	`.register_mutation::<functions::CreateOrderMutation>()`
`send_email`

Naming: PascalCase(fn_name) + type suffix. Avoid naming functions with the suffix (e.g. heartbeat_daemon → HeartbeatDaemonDaemon).

Generated structs inherit the visibility of the handler function. If the function is not pub, the struct is private and won't be accessible via functions::StructName. Always declare handlers as pub async fn.

Migrations

Use -- @up / -- @down markers. Do not edit forge_migrations directly. Access DB via docker compose exec db psql.

Auth and ownership

Derive identity from context, never trust client-supplied ownership fields. Forge's scope enforcement validates keys (user_id, owner_id, subject, tenant_id and camelCase variants) at runtime. Do not manually compare.

No fake inputs

If a handler has no business input, omit the parameter. No Option<()>, (), or dummy structs.

On compilation or runtime failure

If cargo check, forge check, or runtime errors occur (SSE failures, deserialization errors, session mismatches), load references/troubleshooting.md before attempting fixes. Most failures fall into known categories with direct solutions. Do not iterate through trial-and-error when the troubleshooting guide covers the error.

Key categories covered: sqlx offline mode, struct visibility, ForgeConn borrowing, Docker path issues, SESSION_PRINCIPAL_MISMATCH (auth + SSE), DESERIALIZATION_ERROR from serde-skipped fields in generated types, ForgeError formatting.

Verification order

focused backend tests
forge generate if the contract changed
frontend checks if frontend changed
runtime verification if runtime behavior matters
forge test if UI changed
forge check last

Reference loading

Most small tasks need only this file. Always loaddonts.md before implementation.

Signal	Load
Starting any implementation task	`references/donts.md`
Macro attributes, context methods, error types, config fields	`references/api.md`
Auth, JWT, login/register, protected routes	`references/auth.md`
Frontend patterns (shared principles)	`references/frontend.md`
SvelteKit: stores, runes, generated bindings	`references/frontend/svelte.md`
Dioxus: hooks, signals, generated bindings	`references/frontend/dioxus.md`

Output contract

For implementation tasks: what changed, tests added, what you ran, runtime success or blocker, Playwright result, forge check result, risks.

For review tasks: findings with file references, assumptions, short summary.

Weekly Installs

195

Repository

isala404/forge

GitHub Stars

First Seen

Mar 6, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode195

github-copilot195

codex195

kimi-cli195

gemini-cli195

amp195

React 组合模式指南：Vercel 组件架构最佳实践，提升代码可维护性

116,600 周安装