chore: add AIP skills

Author: tothandras

.agents/skills/api-filters/SKILL.md

@@ -148,6 +148,8 @@ Each operation file uses `httptransport.NewHandlerWithArgs` with 4 arguments:
 3. **Response encoder** — `commonhttp.JSONResponseEncoderWithStatus[T](http.StatusXxx)`
 4. **Options** — `httptransport.AppendOptions(h.options, httptransport.WithOperationName("..."), httptransport.WithErrorEncoder(apierrors.GenericErrorEncoder()))`
 
+> **List endpoints with filtering:** if the operation supports `?filter[...]` query parameters, use the `/api-filters` skill for the decoder and adapter wiring. It covers `api/v3/filters.Parse`, the typed filter structs, `Convert*` helpers, range splitting, and the Ent `.Select(field)` application — everything this skill does not cover.
+
 Type alias convention at top of file:
 
 ```go
@@ -325,7 +327,31 @@ Reference: `api/v3/server/server.go:138-218`, `api/v3/server/routes.go`
 
 ## AIP Standards (Kong AIP)
 
-Follow the API design standards in `api/spec/packages/aip/README.md` (symlinked as `AIP.md` next to this file). That document is the single source of truth for all AIP conventions including naming, enums, resources, visibility, CRUD templates, pagination, filtering, labels, errors, time/duration, content-type, bulk operations, versioning, and empty fields.
+OpenMeter v3 APIs follow [Kong's AIP](https://kong-aip.netlify.app/list/) conventions. Each rule lives in its own file under `rules/` next to this SKILL — open the rule file you need for the task at hand.
+
+### Rule index
+
+| File                              | Covers                                                                           |
+| --------------------------------- | -------------------------------------------------------------------------------- |
+| `rules/aip-122-naming.md`         | Naming conventions + base resource models (`Shared.Resource`)                    |
+| `rules/aip-126-enums.md`          | Enum wire values, `Unknown` zero member, prefer-enum-over-bool                   |
+| `rules/aip-visibility.md`         | `@visibility` + `Lifecycle.Read/Create/Update`                                   |
+| `rules/aip-134-135-crud.md`       | Create/Get/Update/Upsert/Delete templates, PATCH rules, DELETE rules             |
+| `rules/aip-132-list.md`           | List endpoints, sort, trailing slash                                             |
+| `rules/aip-158-pagination.md`     | Page-based and cursor-based pagination                                           |
+| `rules/aip-160-filtering.md`      | Filter query syntax, `Common.*FieldFilter` types, label dot-notation             |
+| `rules/aip-129-labels.md`         | Label key constraints, PATCH-with-null semantics                                 |
+| `rules/aip-193-errors.md`         | RFC-7807 error responses, `Common.ErrorResponses`, 403-before-404 rule           |
+| `rules/aip-composition.md`        | Composition-over-inheritance (spread, `model is`, `@discriminator`)              |
+| `rules/aip-docs.md`               | `@doc`/`/** */` requirements, `@operationId`, `@summary`                         |
+| `rules/aip-181-stability.md`      | `x-private` / `x-unstable` / `x-internal` stability markers                      |
+| `rules/aip-142-time.md`           | RFC-3339 timestamps, ISO-8601 duration deviation                                 |
+| `rules/aip-137-content-type.md`   | `Content-Type` validation, 415 on unsupported                                    |
+| `rules/aip-235-bulk-delete.md`    | `POST .../bulk-delete` transactional vs 207 partial                              |
+| `rules/aip-3101-versioning.md`    | URL-path versioning, per-resource versioning                                     |
+| `rules/aip-3106-empty-fields.md`  | Always return all fields, `null` / `[]` / `{}` for empty                         |
+
+For filtering specifically, `rules/aip-160-filtering.md` covers the **TypeSpec side** (which `Common.*FieldFilter` to pick, `Shared.ResourceFilters`, label dot-notation, `deepObject` exposure). The **Go implementation side** — parsing deepObject query params into typed filters, converting to `pkg/filter`, and applying Ent predicates — is in the `/api-filters` skill.
 
 ## Important Reminders
 

.agents/skills/api/AIP.md

@@ -0,0 +1,50 @@
+# AIP-122 — Resource names & URL paths
+
+Reference: https://kong-aip.netlify.app/aip/122/
+
+## What AIP-122 actually covers
+
+AIP-122 is a narrow rule about **resource names, URL paths, and field names** — nothing more:
+
+- **URL paths** use `kebab-case` for multi-word resource names: `/v1/konnect-services/domestic-cats`
+- Prefer lowercase resource names like `services`, `users`
+- **Field names** (JSON property names) are lowercase and use `snake_case` for multi-word names: `primary_color`, `billing_profile_id`
+- Uppercase, title case, and `camelCase` are exceptions and require justification
+
+That's it. AIP-122 says nothing about TypeSpec model names, enum names, path parameter casing, or operation IDs.
+
+## OpenMeter-local naming conventions (not from AIP-122)
+
+These are locally enforced by linter rules in `api/spec/packages/aip/lib/rules/` but are **not** rules from AIP-122 itself. They are collected here for convenience.
+
+| Element            | Convention   | Example                                 | Source                                  |
+| ------------------ | ------------ | --------------------------------------- | --------------------------------------- |
+| URL paths          | `kebab-case` | `/api/v3/openmeter/llm-cost`            | AIP-122                                 |
+| Field/property names | `snake_case` | `created_at`, `billing_profile_id`    | AIP-122                                 |
+| Enum wire values   | `snake_case` | `"unique_count"`                        | AIP-126 (see `aip-126-enums.md`)        |
+| Operation IDs      | `kebab-case` | `update-meter`, `list-billing-profiles` | AIP-134 / AIP-135 (see `aip-134-135-crud.md`) |
+| Model names (TypeSpec) | `PascalCase` | `BillingProfile`                    | OpenMeter linter only                   |
+| Enum type names (TypeSpec) | `PascalCase` | `MeterAggregation`              | OpenMeter linter only                   |
+| Enum member names (TypeSpec) | `PascalCase` | `UniqueCount`                 | OpenMeter linter only                   |
+| Path parameters (TypeSpec) | `camelCase`  | `meterId`, `customerId`         | OpenMeter linter only                   |
+
+The TypeSpec-facing casing (`PascalCase` model names, `camelCase` path parameters) is an OpenMeter convention because TypeSpec model identifiers and path parameter identifiers are separate from the JSON wire format. The wire format still complies with AIP-122.
+
+## Base resource models (not from AIP-122)
+
+These are OpenMeter `Shared.Resource` conventions defined in `api/spec/packages/aip/src/shared/resource.tsp`, not AIP-122 rules. They use AIP-122-compliant snake_case field names on the wire.
+
+- **`Shared.Resource`** — `id`, `name`, `description`, `labels`, `created_at`, `updated_at`, `deleted_at`
+- **`Shared.ResourceWithKey`** — same as `Shared.Resource` plus `key: ResourceKey` (`Lifecycle.Read, Lifecycle.Create` only)
+- **`Shared.ResourceImmutable`** — `Shared.Resource` with `updated_at` and `deleted_at` omitted, for resources that cannot be mutated after creation
+
+`public_labels` is **not** part of `Shared.Resource`; add it explicitly on resources that need publicly visible labels (see `aip-129-labels.md`).
+
+```tsp
+model Meter {
+  ...Shared.Resource;
+
+  @visibility(Lifecycle.Read, Lifecycle.Create)
+  event_type: string;
+}
+```

.agents/skills/api/SKILL.md

@@ -0,0 +1,7 @@
+# AIP-126 — Enums
+
+Reference: https://kong-aip.netlify.app/aip/126/
+
+- All enum wire values must be `snake_case` (enforced as an error by the `casing-aip-errors` linter rule).
+- Every enum must define an `Unknown` member as the zero/default value.
+- Prefer enums over booleans for two-state fields — this allows a third state to be added later without a breaking change.

.agents/skills/api/rules/aip-122-naming.md

@@ -0,0 +1,36 @@
+# AIP-129 — Labels
+
+Reference: https://kong-aip.netlify.app/aip/129/
+
+`Common.Labels` stores mutable user-managed metadata. `Common.PublicLabels` is for publicly visible labels. Labels are case-sensitive key/value pairs.
+
+Note: `Shared.Resource` includes `labels` by default but **not** `public_labels` — add `public_labels` explicitly on resources that need it.
+
+## Key constraints
+
+- Maximum **63 characters**
+- Must **start and end with an alphanumeric** character
+- Permitted internal characters: alphanumerics, dashes (`-`), underscores (`_`), dots (`.`)
+- Reserved prefixes (case-insensitive): cannot begin with `kong`, `konnect`, `insomnia`, `mesh`, `kic`, `kuma`, or `_`
+
+## Value constraints
+
+- Maximum **63 characters** (same as keys — **not** 255)
+- Same character rules as keys
+- **Values must not be empty**
+
+## Resource-level limits
+
+- Maximum **50 user-defined labels** per resource
+- Both `labels` and `public_labels` return `{}` (empty object) when unset, never omitted — see `aip-3106-empty-fields.md`
+
+## PATCH semantics
+
+- `PATCH` with a `null` value **deletes** that label key
+- `PATCH` with an absent key leaves that entry untouched
+- `PATCH` with a new key adds the entry
+- Attempting to delete a missing key is not an error
+
+## Filtering
+
+Labels support filtering via dot-notation — see `aip-160-filtering.md`.

.agents/skills/api/rules/aip-126-enums.md

@@ -0,0 +1,32 @@
+# AIP-132 — List endpoints
+
+Reference: https://kong-aip.netlify.app/aip/132/
+
+## Method, URL, and response shape
+
+- List endpoints use `GET` on the entity root (e.g., `GET /meters`).
+- Responses must contain a `data` key holding the array of requested entities — this comes from the pagination response templates (`Shared.PagePaginatedResponse<T>`, etc.).
+- **Trailing slash returns `404`** — `GET /meters/` must 404, `GET /meters` must 200.
+- List endpoints must follow the pagination AIP (see `aip-158-pagination.md`) unless the resource will provably never need pagination.
+
+## Default sort order is mandatory and deterministic
+
+AIP-132 requires a default sort order: *"Multiple requests to retrieve the same list must result in the same ordering of items."* Pick a field that is both stable and unique enough to produce a total order.
+
+**OpenMeter convention** (not AIP-132 itself): prefer `name asc`, `created_at asc`, or `updated_at desc` as the default. Avoid UUIDs as the sort key — they are unique but randomly ordered, which makes the default sort feel arbitrary to clients. Always pair a non-unique sort column (like `name`) with a tie-breaker (like `id`) to preserve determinism.
+
+## `sort` query parameter
+
+Expose sorting via `@query(#{ name: "sort" }) sort?: Common.SortQuery`.
+
+Sort values are a **comma-delimited list of attributes with optional `asc`/`desc` suffixes**, with the following syntax rules (from AIP-132):
+
+- Ascending is the default — the `asc` suffix is optional
+- Descending requires the `desc` suffix, separated by a space
+- Multiple attributes sort left-to-right
+- Extra whitespace around delimiters is insignificant
+- JSONPath dot notation supports nested attributes (e.g., `foo.bar`)
+
+**AIP example:** `?sort=foo,bar desc,foo.baz asc`
+
+Sortable attributes should include all filterable attributes (so clients can sort on anything they can filter on). If the server cannot execute a particular sort expression, return `400 Bad Request`.

.agents/skills/api/rules/aip-129-labels.md

@@ -0,0 +1,52 @@
+# AIP-134 / AIP-135 — CRUD request & response templates
+
+References:
+
+- https://kong-aip.netlify.app/aip/134/ (update)
+- https://kong-aip.netlify.app/aip/135/ (delete)
+
+Use the generic templates from `shared/request.tsp` and `shared/responses.tsp`. Do not define ad-hoc request/response types.
+
+| Purpose         | Request template          | Response template                   | HTTP status |
+| --------------- | ------------------------- | ----------------------------------- | ----------- |
+| Create (POST)   | `Shared.CreateRequest<T>` | `Shared.CreateResponse<T>`          | 201         |
+| Upsert (PUT)    | `Shared.UpsertRequest<T>` | `Shared.UpsertResponse<T>`          | 200/201     |
+| Update (PATCH)  | `Shared.UpdateRequest<T>` | `Shared.UpdateResponse<T>`          | 200         |
+| Get (GET)       | —                         | `Shared.GetResponse<T>`             | 200         |
+| Delete (DELETE) | —                         | `Shared.DeleteResponse`             | 204         |
+| Page list       | —                         | `Shared.PagePaginatedResponse<T>`   | 200         |
+| Cursor list     | —                         | `Shared.CursorPaginatedResponse<T>` | 200         |
+
+## AIP-134 update rules
+
+Both `PATCH` and `PUT` are **required** for all entities (mandate introduced 2025-04-08). The sole exception: `PATCH` may be omitted when the full entity representation is needed to validate an update.
+
+### PATCH (partial update)
+
+- Implements JSON Merge Patch (RFC 7396) with **mandatory recursive patching** of nested objects.
+- Operation ID: `update-<entity>` (kebab-case).
+- Rejects requests with `Content-Type` other than `application/json` with `400 Bad Request`.
+- Rejects unknown fields and read-only fields with `400 Bad Request`, naming them in `invalid_parameters`.
+- Null-value semantics:
+  - For non-required properties: removes the property
+  - For schema-less object properties: removes the property
+  - For required-nullable properties: sets them to null
+  - For required non-nullable properties: `400 Bad Request`
+
+### PUT (upsert)
+
+- Returns `201 Created` when creating an entity, `200 OK` when replacing an existing one.
+- Operation ID: `upsert-<entity>` or `update-<entity>` (kebab-case).
+- **Creation via PUT only works when the entity uses customer-supplied IDs** (unique within the organization or parent scope, not globally).
+- For entities with system-generated globally-unique IDs, PUT only supports **replacement**; missing entities must return `404 Not Found`.
+
+## AIP-135 delete rules
+
+- DELETE returns `204 No Content` on success.
+- **No request body is accepted**; all parameters go in the URL path, not the query string.
+- Return `403 Forbidden` before `404 Not Found` — check permissions before existence to prevent resource enumeration.
+- Soft-deleted resources return `404 Not Found` on subsequent DELETE calls.
+- Cascading deletes:
+  - If no protected resources would be affected, proceed as a normal DELETE.
+  - If protected resources would be affected and `?force=true` is **not** supplied, return `400 Bad Request` listing the affected resource types in the error detail.
+  - If `?force=true` is supplied, delete all child resources and associations, returning `204`.

.agents/skills/api/rules/aip-132-list.md

@@ -0,0 +1,20 @@
+# AIP-137 — Content-Type
+
+Reference: https://kong-aip.netlify.app/aip/137/
+
+## Default content type
+
+When the `Content-Type` header is absent, it defaults to `application/json; charset=utf-8` (note: the default **includes** a charset). APIs must not reject valid JSON payloads that omit the header.
+
+## Validation
+
+Validate the request body's `Content-Type` on `POST`, `PUT`, and `PATCH`. Validation fails when:
+
+- The `Content-Type` header specifies an unsupported type, **or**
+- The body does not match the declared type
+
+Either failure mode returns `415 Unsupported Media Type`. When responding with 415, include an `Accept-{METHOD}` header listing supported types (e.g., `Accept-POST: application/json`). If the rejection was caused by a charset mismatch, the charset directive must appear in the `Accept-{METHOD}` value.
+
+## Exclusions
+
+**Endpoints without request bodies are exempt** from content-type validation — there is nothing to validate.

.agents/skills/api/rules/aip-134-135-crud.md

@@ -0,0 +1,22 @@
+# AIP-142 — Time & duration
+
+Reference: https://kong-aip.netlify.app/aip/142/
+
+## Timestamps (AIP-compliant)
+
+- **Field name pattern**: `<past_participle>_at` for fields representing a point in time — e.g., `created_at`, `updated_at`, `deleted_at`, `expires_at`
+- **Wire format**: RFC-3339 string in UTC with `Z` suffix, e.g., `"2023-02-27T02:15:00Z"`
+- `T` separates date and time; fractional seconds are optional
+
+## Durations (OpenMeter deviates from AIP-142)
+
+AIP-142 specifies durations as **integer values with a unit suffix in the field name**: `ttl_ms`, `flight_duration_mins`, `lifespan_yrs`. Permitted suffixes: `ns`, `ms`, `secs`, `mins`, `hrs`, `days`, `yrs`. Values must be non-negative integers within `0 <= N < 2^53`.
+
+**OpenMeter does not follow AIP-142 for durations.** Instead, OpenMeter uses the **ISO-8601 duration format** as an opaque string:
+
+- `PT1M` — one minute
+- `PT1H` — one hour
+- `P1D` — one day
+- `P1M` — one month
+
+Components: years (`Y`), months (`M`), weeks (`W`), days (`D`), time separator `T`, hours (`H`), minutes (`M` after `T`), seconds (`S`). When authoring a new duration field in OpenMeter, use the ISO-8601 form and do **not** append a unit suffix to the field name. This deviation is intentional and documented here so reviewers know to allow it.