Skip to content

Howto Guides Index

Task-focused guides for building with NENE2. Each guide is self-contained and links to related topics.

Three ways to find a guide:

  • By goal — the hand-picked "I want to…" table below.
  • By category — auto-generated from guide frontmatter; lists every guide.
  • By tag — see Browse by tag.

🔍 Find by what you want to build

Can't find the right guide by technical name? Start here.

I want to…Guide
Filter a list by optional query params (?status=, ?price_max=)dynamic-filter-query.md
Filter by multiple tags / skills (AND: must have all)multi-value-tag-filter.md
Sort by a query param safely (?sort=name&order=asc)dynamic-sort-order-injection.md
Add pagination to a list endpointadd-pagination.md
Store and calculate money without rounding errorsmoney-integer-arithmetic.md
Manage status transitions (draft → published → archived)state-machine-workflow-api.md
Build a hierarchy (categories, folders, org chart, regions)hierarchical-data.md
Store events / history (append-only, never update)event-sourcing-cqrs-api.md
Prevent double-booking (hotel, meeting room, appointment)prevent-double-booking.md
Prevent race conditions on limited stock or seatsflash-sale-api.md
Record who changed what and when (audit trail)audit-trail.md
Implement votes / likes (one per user)upvote-downvote-api.md
Add threaded comments or nested repliesthreaded-comments-api.md
Generate a secure token (invite link, download URL, API key)api-key-management.md
Handle timezones and UTC storagehandle-timezones.md
Add JWT authenticationjwt-authentication.md
Add multi-tenant isolation (per-tenant data separation)jwt-tenant-isolation.md
Hash passwords and verify on loginpassword-auth-argon2id.md
Add leaderboard / rankinggame-score-leaderboard-api.md
Upload and serve files securelyfile-upload.md
Full-text searchsqlite-fts5-search.md
Use database transactions (wrap multiple writes atomically)use-transactions.md
Soft-delete (hide without permanently removing)soft-delete.md
Send a webhook when something happenswebhook-delivery-api.md
Implement an approval / review workflowapproval-workflow.md
Manage points, credits, or a balance ledgerpoint-ledger-api.md
Manage coupons and discountscoupon-discount-api.md
Implement rate limitingadd-rate-limiting.md
Build a subscription / membershipsubscription-plan-management.md

Browse by category

Auto-generated from each guide's frontmatter (category / difficulty / tags); lists every guide. See also Browse by tag. Regenerate with composer howto:index.

Getting Started (9)

GuideDifficultyTags
Add a Custom Routebeginnerrouting http
Add a Database-backed Endpointbeginnerdatabase endpoint repository usecase dto
Add a Health Checkbeginnerhealth-check monitoring endpoint
Add a Second Domain Entitybeginnerdomain entity repository usecase multi-entity
Add HTML Viewsbeginnerhtml views templates server-rendering
FT Registrybeginnerfield-trial registry reference
How to add a domain exception handlerintermediateerror-handling exceptions middleware domain
How to pass request-scoped state between middleware and handlersintermediatemiddleware request-context dependency-injection holder-pattern
Quality Toolsbeginnerphpstan php-cs-fixer static-analysis code-style

Authentication & Authorization (27)

GuideDifficultyTags
Add JWT Authenticationintermediatejwt bearer authentication
API Key Managementintermediateapi-keys sha256 scopes rotation authentication
How to Build a Multi-Device Session Managerintermediatesession multi-device idor token revocation
How to Build Access Token Management with NENE2intermediateaccess-token pat api-keys sha256 scopes
How to Build Numeric Verification Codeintermediateverification-code otp brute-force-protection sms email
How to use Bearer token authenticationbeginnerbearer jwt middleware authentication
How-to: API Token Lifecycle Managementadvancedapi-key token sha256 scope revocation
How-to: Bearer Token Middleware (JWT Auth Edge Cases)advancedjwt bearer middleware authentication security
How-to: Delegated Access Grantsadvanceddelegation access-control scoped-access time-limited rbac
How-To: JWT Authenticationintermediatejwt bearer authentication argon2id password
How-to: JWT Multi-Tenant Isolationadvancedjwt multi-tenant isolation idor
How-To: JWT Refresh Token Rotationintermediaterefresh-token jwt token-rotation replay-attack session
How-to: Magic Link Authenticationintermediatemagic-link passwordless token ttl
How-to: OTP Authentication Systemadvancedotp passwordless brute-force-protection session-token lockout
How-to: Password Authentication with Argon2idintermediatepassword argon2id authentication user-enumeration-prevention rehash
How-To: Password Hashingbeginnerpassword hashing argon2id bcrypt security
How-to: Password Reset Flowintermediatepassword-reset token single-use user-enumeration-prevention argon2id
How-to: RBAC + JWT Authenticationintermediaterbac jwt argon2id bearer-token authorization
How-to: Refresh Token Patternintermediaterefresh-token jwt token-rotation replay-attack
How-To: Role-Based Access Control (RBAC)intermediaterbac jwt bearer-token authorization roles
How-to: Session / Token Management API (ATK-01~12)intermediatesession token revocation attack-hardening opaque-token
OAuth2 Social Login の実装ガイドadvancedoauth2 social-login authorization-code-flow jwt
Password Reset Flowbeginnerpassword-reset token email security
Passwordless Auth (Magic Link)intermediatepasswordless magic-link one-time-token email-auth
PIN 認証・ロックアウトintermediatepin lockout brute-force-protection verification
TOTP 二要素認証の実装ガイドadvancedtotp two-factor otp authentication
User Invitation Systemintermediateinvitation token expiry email

Security (36)

GuideDifficultyTags
Account Lockout (Brute-Force Protection)intermediatebrute-force lockout argon2id rate-limiting authentication
Add Rate Limitingbeginnerrate-limiting throttle middleware protection
CSRF and JSON APIsintermediatecsrf cors json-api security bearer-token
How to Add Data Maskingintermediatepii masking admin audit privacy
How to Build Encrypted Field Storageadvancedencryption aes-256-gcm pii blind-index field-level-encryption
How to Build Privacy Consent Managementintermediategdpr consent privacy idor-prevention audit-log
How to enforce resource ownership (IDOR prevention)intermediateidor ownership access-control authorization security
How to Prevent SQL ORDER BY Injectionbeginnersql-injection orderby-injection allowlist parameterized-queries
How to validate Unicode inputbeginnerunicode validation multibyte encoding
How-to: Data Export APIintermediategdpr data-export pii token async
How-to: Dynamic Sort & Filter with ORDER BY Injection Preventionintermediatesql-injection order-by allowlist sorting filtering
How-to: File Upload Metadata API (VULN-A~L)advancedfile-upload metadata vulnerability-assessment ownership
How-to: Fixed-window Rate Limiterintermediaterate-limiting fixed-window sqlite throttle
How-to: Mass Assignment Defence with Explicit DTOintermediatemass-assignment dto whitelist input-validation
How-To: Multi-Tenant Isolationadvancedmulti-tenant isolation idor authorization jwt
How-To: One-Time Secret API & ATK-01~12 Cracker Attack Testadvancedone-time-secret token atomic-consumption brute-force-protection
How-to: Pagination Boundary & Limit Injectionintermediatepagination limit-injection integer-validation boundary-attack
How-to: Pagination Boundary & Limit Injection Preventionintermediatepagination limit-injection integer-validation redos
How-To: Personal Secret Vault APIintermediatehmac idor-prevention encrypted-storage admin-auth user-isolation
How-to: PII Masking APIintermediatepii masking rbac audit-trail data-privacy
How-to: Signed URL for Secure Downloadsintermediatesigned-url hmac time-limited file-download tamper-detection
How-to: SQL Injection Defenceintermediatesql-injection parameterized-queries like-injection orderby-injection attack-hardening
How-to: Tenant Isolation & Cross-Tenant IDOR Preventionadvancedmulti-tenant idor isolation authorization
How-to: Tenant Isolation & IDOR Preventionadvancedmulti-tenant idor isolation authorization
How-to: Unicode-Aware Text APIintermediateunicode validation encoding null-byte multibyte
How-to: URL Shortener with SSRF Preventionadvancedssrf url-shortener private-ip mass-assignment
How-to: Webhook Signature Verification with HMAC-SHA256advancedwebhook hmac signature replay-attack timing-safe
HOWTO: Audit Trail — Recording Who Changed Whatintermediateaudit-trail immutable-log jwt change-tracking compliance
Live Container Penetration Testingadvancedpenetration-testing cracker-mindset live-test security-hardening atk
Mass Assignment Defencebeginnermass-assignment dto whitelist input-validation
Personal Data Exportintermediategdpr data-export pii download-token expiry
Prevent CSV / Spreadsheet Formula Injection on Exportintermediatecsv formula-injection export sanitization rfc-4180
Signed URLsintermediatesigned-url hmac presigned time-limited token
SQL injection defenseintermediatesql-injection pdo validation
URL Shortener API & SSRF Preventionadvancedssrf url-shortener vulnerability-assessment
Webhook Signature Verificationintermediatewebhook hmac signature timing-safe

Database (18)

GuideDifficultyTags
Database Transactionsbeginnertransactions atomic rollback database
Hierarchical Data — Self-Referential FK + Materialized Pathadvancedhierarchical tree materialized-path self-referential
How to add optimistic concurrency control (ETag / If-Match)intermediateoptimistic-locking etag concurrency lost-update
How to prevent double-booking (reservation and capacity enforcement)advancedbooking double-booking capacity transactions concurrency
How to use PostgreSQLbeginnerpostgresql pdo adapter database
How-to: Optimistic Concurrency Control (Version Field)intermediateoptimistic-locking concurrency version-field lost-update
How-to: Optimistic Lock with PATCH + Version Fieldintermediateoptimistic-locking patch version-field concurrency
How-to: Optimistic Locking with ETag / If-Matchintermediateoptimistic-locking etag if-match concurrency http-headers
How-to: Soft Delete, Restore, and Permanent Deletebeginnersoft-delete restore hard-delete deleted-at
How-to: Soft Delete, Trash & Restore APIintermediatesoft-delete trash restore hard-delete bulk-purge
How-to: Soft Delete, Trash Bin, and Permanent Purgebeginnersoft-delete trash purge deleted-at lifecycle
How-to: SQLite FTS5 Full-Text Searchintermediatesqlite fts5 full-text-search virtual-table triggers
How-to: Transaction Scope Patternintermediatetransactions atomic database inventory
Optimistic Lockingintermediateoptimistic-locking concurrency lost-update version-field
Soft Delete (Logical Deletion)beginnersoft-delete deleted-at logical-deletion audit-trail
Use Database Transactionsintermediatetransactions atomicity rollback
Use SQLite FTS5 Full-Text Searchintermediatefts5 sqlite full-text-search inverted-index
Use SQLite Window Functionsintermediatewindow-functions sqlite ranking running-total lag-lead

API Design (32)

GuideDifficultyTags
Add paginationbeginnerpagination query-params
Bulk Reorder (Drag-and-Drop Ordering) APIintermediateordering bulk-update case-when idor atomicity
Content negotiationbeginnercontent-negotiation json accept-header problem-json
CSV バルクインポート API の実装ガイドintermediatecsv bulk-import partial-success validation history
ETag & Conditional Requestsintermediateetag conditional-request cache optimistic-locking http
File upload (base64 JSON)beginnerfile-upload base64 json-api request-body
How to Add Geolocation Searchintermediategeolocation proximity-search coordinates bounding-box
How to Add Request Deduplicationintermediateidempotency deduplication idempotency-key retry
How to handle timezonesintermediatetimezone datetime iso-8601 validation
How to Validate ISO 8601 Datetimes with Timezoneintermediatedatetime iso-8601 timezone validation
How-to: API Versioningintermediateversioning deprecation url-path headers sunset
How-to: Batch API with Partial Successintermediatebatch partial-success validation bulk-operations
How-to: Bulk Operations with Partial-Success Semanticsintermediatebulk partial-success multi-status http-207 validation
How-to: Bulk Status Update APIintermediatebulk status-update batch state-machine
How-to: Content Negotiation — JSON APIbeginnercontent-negotiation accept-header json problem-details
How-to: Cursor-Based Paginationintermediatepagination cursor keyset performance
How-to: Dynamic Filter Query (Dynamic WHERE Clause)beginnerfiltering query-params sql where-clause list-endpoint
How-to: Geolocation APIintermediategeolocation proximity-search coordinates haversine
How-to: Idempotency Key (Request Deduplication)intermediateidempotency deduplication retry ttl
How-to: Idempotency Key APIintermediateidempotency deduplication payment retry
How-to: Idempotency-Key Patternintermediateidempotency deduplication race-condition retry
How-to: Implement a Bulk Create Endpointintermediatebulk batch validation partial-success
How-to: Implement a PATCH Endpointintermediatepatch partial-update json-merge-patch dto
How-to: JSON Merge Patch & ETag Conflict Detectionintermediatepatch json-merge-patch etag conflict-detection
How-to: Money and Integer Arithmeticintermediatemoney integer-arithmetic precision financial
How-to: Multi-value Tag Filter APIintermediatefiltering tags query-params many-to-many
How-to: Nested JSON Validationintermediatevalidation nested-json error-paths line-items
How-to: Offset & Cursor Paginationintermediatepagination offset cursor keyset
How-to: PATCH Partial Update (JSON Merge Patch)intermediatepatch json-merge-patch partial-update etag immutable-fields
How-to: Timezone-aware Event Schedulingintermediatetimezone utc scheduling datetime iana
Paginationbeginnerpagination offset cursor keyset
全文検索・オートコンプリート API の実装ガイドintermediatesearch autocomplete full-text-search like-query

Background & Infrastructure (32)

GuideDifficultyTags
Add MCP Toolsintermediatemcp ai-integration tools api-exposure
Application Caching の実装ガイドintermediatecaching cache-aside ttl invalidation performance
Background Job Queue with Retry and Idempotencyintermediatejob-queue retry idempotency priority-queue
Content Scheduling — Time-Based Publish with Lifecycle Statesintermediatescheduling state-machine content cron publish
Deploy to Productionintermediatedeploy docker production environment reverse-proxy
Distributed Lockingadvanceddistributed-lock concurrency database ttl critical-section
Event Sourcing (Basic)intermediateevent-sourcing append-only immutable replay domain-events
How to Add an Inbound Webhook Receiverintermediatewebhook hmac signature-verification idempotency
How-to: API Usage Metering & Quota Managementintermediatemetering quota rate-limiting idor-prevention usage-tracking
How-to: Background Job Queue with Retry and Idempotencyintermediatejob-queue retry idempotency background-jobs
How-to: Circuit Breakeradvancedcircuit-breaker resilience state-machine fault-tolerance
How-to: CQRS Patternadvancedcqrs read-model write-model event-sourcing architecture
How-to: Dead Letter Queue (DLQ)advancedqueue dead-letter-queue retry backoff reliability
How-to: Distributed Lockadvanceddistributed-lock concurrency ttl database race-condition
How-to: Event Analytics APIintermediateanalytics event-tracking aggregation json-extract statistics
How-to: Event Analytics APIintermediateanalytics event-tracking aggregation json-extract statistics
How-to: Event Sourcing & CQRS APIadvancedevent-sourcing cqrs append-only read-model projection
How-to: Event Sourcing Ledgeradvancedevent-sourcing ledger append-only balance replay
How-to: Feature Flag APIintermediatefeature-flags rollout environment override gradual-rollout
How-to: Feature Flags APIintermediatefeature-flags rollout percentage kill-switch tenant
How-to: Inbound Webhook Gatewayintermediatewebhook hmac signature-verification idempotency
How-to: Notification Queue APIintermediatenotifications queue admin messaging
How-to: Quota Management APIintermediatequota rate-limiting windowed-counter http-429
How-to: Sliding-Window Rate Limiterintermediaterate-limiting sliding-window http-429 per-user
How-to: State Machine with Audit Logintermediatestate-machine audit-log transitions domain-events workflow
How-to: State Machine Workflow APIintermediatestate-machine workflow transitions terminal-state audit-log
How-to: Step-Based Workflow with Approvaladvancedworkflow state-machine approval multi-step
How-to: Webhook Delivery APIintermediatewebhook delivery retry event-dispatch
How-to: Webhook Delivery Systemadvancedwebhook ssrf hmac signature secret-hashing
Outbound Webhook Deliveryintermediatewebhook outbound ssrf signature
Payment Webhook 受信の実装ガイドintermediatewebhook payment signature-verification idempotency
Rate Limitingintermediaterate-limiting throttle fixed-window middleware http-429

Product Features (107)

GuideDifficultyTags
Add a Disposable Demoadvanceddemo multi-tenant provisioning seeding rate-limiting cron
Bookmark Systembeginnerbookmarks collections idempotent user-scoped
Content Pinningintermediatepinning ordering idempotent position-management
Content Relations — Typed M:N Self-Referential Linksintermediaterelations self-referential many-to-many inverse typed-links
Content Report & Moderationintermediatemoderation reporting rbac idor-prevention state-machine
Content Versioning の実装ガイドintermediateversioning append-only rollback history content
How to Add a Multi-step Workflowintermediateworkflow approval state-machine multi-step
How to Add Admin Report Aggregationintermediateadmin reporting aggregation dashboard date-range
How to Build a Content Draft Lifecycle (Draft → Published → Archived) with NENE2intermediatedraft publish state-machine content lifecycle
How to Build a Direct Messaging System with NENE2intermediatemessaging conversation threading access-control idempotency
How to Build a Flash Sale System with NENE2advancedflash-sale inventory time-window race-condition
How to Build a Guest Order System (Cart → Order → Order Items) with NENE2intermediateorder cart inventory price-snapshot guest
How to Build a Leaderboard (Ranking System) with NENE2intermediateleaderboard ranking scores personal-best
How to Build a User Follow System with NENE2intermediatefollow social mutual-follow many-to-many
How to Build an Emoji Reaction System with NENE2intermediateemoji reactions unique-constraint group-by social
How to Build Group Membership Management with NENE2intermediategroup membership roles invitation
How to Build System Announcement Managementintermediateannouncement admin dismissal priority
How-to: A/B Testing Frameworkadvancedab-testing experimentation state-machine analytics
How-to: Activity Feed / Timeline APIintermediateactivity-feed timeline pagination idor-prevention
How-to: Aggregate Reporting APIintermediatereporting aggregation analytics sql grouping
How-to: Approval Workflow APIintermediateworkflow approval state-machine multi-step
How-to: Article Relations APIintermediaterelations many-to-many self-referential inverse content
How-to: Article Versioning APIintermediateversioning content snapshot history draft
How-To: Asset Check-out / Check-in Managementintermediateasset-management checkout exclusive-lock audit-log
How-to: Bookmark APIbeginnerbookmarks collections deduplication idor-prevention
How-to: Budget Tracking APIintermediatebudget finance tracking spending categories
How-to: Category Hierarchy Tree APIadvancedhierarchy tree recursive-cte parent-child categories
How-to: Collection API (User Curated Lists)intermediatecollections curated-lists visibility ordering deduplication
How-to: Comment Thread APIintermediatecomments threads pagination moderation rbac
How-to: Contact Management APIintermediatecontacts crud many-to-many owner-scoped tagging
How-to: Content Approval Workflowintermediateapproval workflow state-machine content moderation
How-to: Content Reporting Systemintermediatereporting moderation enum state-machine idempotent
How-to: Coupon / Discount Code Redemption APIintermediatecoupon redemption discount usage-limit expiry
How-to: Coupon Discount Code APIintermediatecoupon discount redemption admin usage-limit
How-to: Credit Ledger APIintermediateledger credits append-only balance idempotency
How-To: Document Template Enginebeginnertemplate substitution admin crud rendering
How-to: Document Versioning APIintermediateversioning append-only rollback transactions document
How-to: Draft → Publish → Archive Workflowintermediatestate-machine draft publish archive content-lifecycle
How-to: Emoji Reactions APIintermediateemoji reactions unique-constraint social unicode
How-to: Emoji Reactions with Toggle and Grouped Countsintermediateemoji reactions toggle concurrency unique-constraint
How-To: Event Ticket Bookingintermediatebooking tickets capacity concurrency inventory
How-to: Expense Tracker APIbeginnerexpense tracker categories date-range aggregation
How-to: Expense Tracking APIintermediateexpense tracking pagination patch aggregation
How-to: Feedback Collection APIbeginnerfeedback rating aggregation admin score
How-to: File Sharing APIintermediatefile-sharing permissions visibility access-control ownership
How-to: Flash Sale APIadvancedflash-sale inventory race-condition time-window
How-to: Follow / Unfollow APIintermediatefollow social graph pagination
How-to: Game Leaderboard & Ranking APIintermediateleaderboard ranking scores personal-best
How-to: Game Score & Leaderboard APIintermediateleaderboard scores ranking bulk-insert pagination
How-to: Group Member Managementadvancedgroup membership rbac role-hierarchy idor
How-to: Habit Tracker APIintermediatehabit streak tracking daily
How-to: Inventory Management APIintermediateinventory stock adjustment history
How-to: Inventory Stock Managementintermediateinventory stock sku transactions
How-to: Invitation / Referral APIintermediateinvitation referral token one-time-use
How-to: Invitation Systemintermediateinvitation token one-time-use entropy
How-to: Leaderboard & Score Tracking APIintermediateleaderboard scores ranking aggregation
How-to: Leaderboard Ranking APIintermediateleaderboard ranking personal-best scores
How-to: Live Poll Systemintermediatepoll voting deduplication lifecycle
How-to: Media Watchlist APIbeginnerwatchlist media enum status
How-to: Multi-Currency Money Ledger with Integer Centsadvancedmoney ledger multi-currency integer-arithmetic transactions
How-To: Multi-Currency Walletadvancedwallet multi-currency deposit withdraw transfer
How-to: Multilingual Content APIintermediatei18n multilingual localization content
How-to: Note Management with Ownershipintermediatenotes ownership idor crud authorization
How-to: Note Management with Tagsintermediatenotes tags full-text-search ownership crud
How-to: Notification Inbox APIintermediatenotifications inbox pagination mark-as-read idor
How-to: Order Management APIintermediateorders status-lifecycle line-items idor admin
How-to: Pin / Bookmark with Orderingintermediatepins bookmarks ordering reorder user-isolation
How-to: Point Ledger APIintermediatepoints ledger loyalty idempotency overdraft-prevention
How-to: Poll / Survey APIintermediatepoll survey voting duplicate-prevention
How-to: Product Catalog API (ATK-01~12)intermediatecatalog soft-delete search admin-auth attack-hardening
How-to: Product Price History APIintermediateprice history timeline temporal-data
How-to: Project and Task Management with Nested Resourcesintermediatenested-resources patch task-management pagination
How-to: Rating & Review APIintermediaterating review upsert aggregate distribution
How-to: Reservation & Availability APIintermediatereservation booking availability overlap-detection cancel
How-to: Resource Booking Systemintermediatebooking capacity double-booking idor soft-delete
How-to: Resource Reservation & Booking APIintermediatereservation booking overlap-prevention idor admin-auth
How-to: Resource Reservation / Time Slot Booking APIintermediatereservation time-slot overlap-detection idor
How-to: Scheduled Publish Articleintermediatecontent-scheduling state-machine draft publish lifecycle
How-to: Scheduled Reminders APIintermediatereminders scheduling timezone idor ownership
How-To: Service Status Page APIintermediatestatus-page incident-management admin-auth state-machine
How-to: Shift Management APIintermediatescheduling shift overlap-detection employee transactions
How-to: Shopping Cart APIintermediateshopping-cart upsert integer-money per-user
How-to: Slug URL Management with Historyintermediateslug url redirect history collision
How-to: Subscription / Plan Management API (VULN-A~L)advancedsubscription plan idor security-assessment
How-to: Subscription Plan Managementintermediatesubscription plan lifecycle billing
How-to: Tag / Label APIintermediatetagging label many-to-many entity
How-to: Threaded Comments APIintermediatecomments threaded tombstone depth-limit
How-to: Time Tracking APIintermediatetime-tracking stopwatch timer duration
How-to: Upvote / Downvote APIintermediatevoting upvote downvote toggle score
How-to: URL Bookmark API with Tag Filteringintermediatebookmark url tagging filtering
How-to: User Preferences APIintermediatepreferences settings typed-values defaults
How-to: User Profile APIintermediateprofile user ownership validation url-security
How-to: Waitlist Systemintermediatewaitlist state-machine queue approval
How-to: Wish List API (VULN-A~L Security Assessment)advancedwishlist crud idor security-assessment
Product Review & Rating Systemintermediatereview rating cursor-pagination ownership
Slug Management — Unique URL Slugs with Collision Resolution and Historyintermediateslug url collision-resolution redirect history
Tagging System (M:N)intermediatetagging many-to-many atomic-update n-plus-one
Threaded Commentsintermediatecomments threaded soft-delete depth-limit
User Preferences Managementintermediatepreferences settings typed-values ownership
User Profile Managementbeginnerprofile user bio avatar
Voting System (Upvote / Downvote)intermediatevoting upvote downvote toggle
ウィッシュリスト管理intermediatewishlist priority visibility idor
ウェイティングリスト管理intermediatewaitlist state-machine queue admin
クーポン・プロモコード管理intermediatecoupon promo-code rbac discount expiry
コンテンツコレクションintermediatecollections visibility idor-prevention idempotent ordering
ファイルメタデータ管理・共有 API の実装ガイドintermediatefile-sharing metadata permissions access-control visibility
ポイント・ロイヤルティシステムintermediatepoints loyalty idempotency rbac balance

Released under the MIT License.