feat: Add .cursor/rules/echo_rules.mdc to all templates

templates/assistant-ui/.cursor/rules/echo_rules.mdc

@@ -0,0 +1,169 @@
+---
+description: Guidelines and best practices for building applications with Echo, the user-pays AI infrastructure
+globs: **/*.ts,**/*.tsx,**/*.js,**/*.jsx
+---
+
+# Echo Guidelines
+
+## Overview
+Echo is a user-pays AI infrastructure that allows developers to integrate AI without fronting API costs. Users authenticate once, get a balance, and pay for their own usage. Developers set a markup and earn revenue automatically.
+
+## Core Concepts
+
+### How Echo Works
+1. **User Authentication**: Users authenticate via OAuth to get a universal balance across all Echo apps
+2. **Model Providers**: Replace AI SDK imports with Echo's model providers
+3. **Automatic Billing**: Users pay providers directly through Echo, developers never proxy requests or front bills
+4. **Revenue Generation**: Set a markup percentage, every token generates profit automatically
+
+### Key Benefits
+- **No hosting costs**: Users pay providers directly
+- **Better UX**: One OAuth login replaces complex BYOK flows
+- **Instant revenue**: Set markup percentage for automatic profit
+- **Zero infrastructure**: No payment processing, usage tracking, or key validation needed
+
+## SDK Usage
+
+### React SDK
+```typescript
+import { useEchoModelProviders } from '@merit-systems/echo-react-sdk';
+import { generateText } from 'ai';
+
+const { openai } = useEchoModelProviders();
+const response = await generateText({
+  model: openai('gpt-5'),
+  prompt: '...',
+});
+```
+
+### Next.js SDK
+```typescript
+import { createEchoServerClient } from '@merit-systems/echo-next-sdk';
+
+const echoClient = createEchoServerClient({
+  appId: process.env.ECHO_APP_ID,
+  appSecret: process.env.ECHO_APP_SECRET,
+});
+```
+
+## Best Practices
+
+### Authentication
+- Always use Echo's OAuth flow for user authentication
+- Never store user API keys - Echo handles this automatically
+- Use the universal balance system for cross-app compatibility
+
+### Model Provider Usage
+- Import model providers from Echo SDK, not directly from AI providers
+- Use the same AI SDK functions (generateText, streamText, etc.) with Echo providers
+- Let Echo handle rate limiting and usage tracking
+
+### Revenue Configuration
+- Set appropriate markup percentages in the Echo dashboard
+- Monitor usage and adjust pricing as needed
+- Use Echo's analytics to understand user behavior
+
+### Error Handling
+- Handle authentication errors gracefully
+- Provide clear error messages for insufficient balance
+- Implement retry logic for transient failures
+
+## Common Patterns
+
+### Setting Up Echo Provider (React)
+```typescript
+import { EchoProvider } from '@merit-systems/echo-react-sdk';
+
+function App() {
+  return (
+    <EchoProvider appId="your-app-id">
+      {/* Your app components */}
+    </EchoProvider>
+  );
+}
+```
+
+### Server-Side Integration (Next.js)
+```typescript
+import { echoAuth } from '@merit-systems/echo-next-sdk';
+
+export async function GET(request: Request) {
+  const session = await echoAuth(request);
+  if (!session) {
+    return new Response('Unauthorized', { status: 401 });
+  }
+  // Use session.user and session.accessToken
+}
+```
+
+### Streaming Responses
+```typescript
+import { useEchoModelProviders } from '@merit-systems/echo-react-sdk';
+import { streamText } from 'ai';
+
+const { openai } = useEchoModelProviders();
+
+const { textStream } = streamText({
+  model: openai('gpt-5'),
+  prompt: 'Write a story about...',
+});
+
+for await (const textPart of textStream) {
+  process.stdout.write(textPart);
+}
+```
+
+## Troubleshooting
+
+### Common Issues
+1. **Authentication Failed**: Check app ID and secret configuration
+2. **Insufficient Balance**: User needs to top up their Echo balance
+3. **Rate Limiting**: Echo handles this automatically, but check for 429 errors
+4. **Model Not Available**: Verify model is supported in your Echo plan
+
+### Debugging Tips
+- Check browser console for authentication errors
+- Verify environment variables are set correctly
+- Use Echo's dashboard to monitor usage and errors
+- Test with a small balance first before production deployment
+
+## Resources
+- [Echo Documentation](https://echo.merit.systems/docs)
+- [Echo Dashboard](https://echo.merit.systems/dashboard)
+- [GitHub Repository](https://github.com/Merit-Systems/echo)
+- [Discord Community](https://discord.gg/merit)
+
+## Assistant UI Specific Guidelines
+
+### Chat Interface Integration
+- Use Echo providers with Assistant UI components
+- Implement streaming for real-time responses
+- Handle conversation history properly
+
+### Message Handling
+```typescript
+import { useEchoModelProviders } from '@merit-systems/echo-react-sdk';
+import { useAssistant } from '@assistant-ui/react';
+
+function Chat() {
+  const { openai } = useEchoModelProviders();
+  const { messages, append } = useAssistant({
+    api: '/api/chat',
+    body: {
+      model: openai('gpt-5'),
+    },
+  });
+
+  // Render messages
+}
+```
+
+### Customization
+- Style Assistant UI components to match your app
+- Add custom message types if needed
+- Implement file upload and processing
+
+### Performance
+- Use virtualization for long conversations
+- Implement pagination for message history
+- Cache model responses when appropriate

templates/authjs/.cursor/rules/echo_rules.mdc

@@ -0,0 +1,177 @@
+---
+description: Guidelines and best practices for building applications with Echo, the user-pays AI infrastructure
+globs: **/*.ts,**/*.tsx,**/*.js,**/*.jsx
+---
+
+# Echo Guidelines
+
+## Overview
+Echo is a user-pays AI infrastructure that allows developers to integrate AI without fronting API costs. Users authenticate once, get a balance, and pay for their own usage. Developers set a markup and earn revenue automatically.
+
+## Core Concepts
+
+### How Echo Works
+1. **User Authentication**: Users authenticate via OAuth to get a universal balance across all Echo apps
+2. **Model Providers**: Replace AI SDK imports with Echo's model providers
+3. **Automatic Billing**: Users pay providers directly through Echo, developers never proxy requests or front bills
+4. **Revenue Generation**: Set a markup percentage, every token generates profit automatically
+
+### Key Benefits
+- **No hosting costs**: Users pay providers directly
+- **Better UX**: One OAuth login replaces complex BYOK flows
+- **Instant revenue**: Set markup percentage for automatic profit
+- **Zero infrastructure**: No payment processing, usage tracking, or key validation needed
+
+## SDK Usage
+
+### React SDK
+```typescript
+import { useEchoModelProviders } from '@merit-systems/echo-react-sdk';
+import { generateText } from 'ai';
+
+const { openai } = useEchoModelProviders();
+const response = await generateText({
+  model: openai('gpt-5'),
+  prompt: '...',
+});
+```
+
+### Next.js SDK
+```typescript
+import { createEchoServerClient } from '@merit-systems/echo-next-sdk';
+
+const echoClient = createEchoServerClient({
+  appId: process.env.ECHO_APP_ID,
+  appSecret: process.env.ECHO_APP_SECRET,
+});
+```
+
+## Best Practices
+
+### Authentication
+- Always use Echo's OAuth flow for user authentication
+- Never store user API keys - Echo handles this automatically
+- Use the universal balance system for cross-app compatibility
+
+### Model Provider Usage
+- Import model providers from Echo SDK, not directly from AI providers
+- Use the same AI SDK functions (generateText, streamText, etc.) with Echo providers
+- Let Echo handle rate limiting and usage tracking
+
+### Revenue Configuration
+- Set appropriate markup percentages in the Echo dashboard
+- Monitor usage and adjust pricing as needed
+- Use Echo's analytics to understand user behavior
+
+### Error Handling
+- Handle authentication errors gracefully
+- Provide clear error messages for insufficient balance
+- Implement retry logic for transient failures
+
+## Common Patterns
+
+### Setting Up Echo Provider (React)
+```typescript
+import { EchoProvider } from '@merit-systems/echo-react-sdk';
+
+function App() {
+  return (
+    <EchoProvider appId="your-app-id">
+      {/* Your app components */}
+    </EchoProvider>
+  );
+}
+```
+
+### Server-Side Integration (Next.js)
+```typescript
+import { echoAuth } from '@merit-systems/echo-next-sdk';
+
+export async function GET(request: Request) {
+  const session = await echoAuth(request);
+  if (!session) {
+    return new Response('Unauthorized', { status: 401 });
+  }
+  // Use session.user and session.accessToken
+}
+```
+
+### Streaming Responses
+```typescript
+import { useEchoModelProviders } from '@merit-systems/echo-react-sdk';
+import { streamText } from 'ai';
+
+const { openai } = useEchoModelProviders();
+
+const { textStream } = streamText({
+  model: openai('gpt-5'),
+  prompt: 'Write a story about...',
+});
+
+for await (const textPart of textStream) {
+  process.stdout.write(textPart);
+}
+```
+
+## Troubleshooting
+
+### Common Issues
+1. **Authentication Failed**: Check app ID and secret configuration
+2. **Insufficient Balance**: User needs to top up their Echo balance
+3. **Rate Limiting**: Echo handles this automatically, but check for 429 errors
+4. **Model Not Available**: Verify model is supported in your Echo plan
+
+### Debugging Tips
+- Check browser console for authentication errors
+- Verify environment variables are set correctly
+- Use Echo's dashboard to monitor usage and errors
+- Test with a small balance first before production deployment
+
+## Resources
+- [Echo Documentation](https://echo.merit.systems/docs)
+- [Echo Dashboard](https://echo.merit.systems/dashboard)
+- [GitHub Repository](https://github.com/Merit-Systems/echo)
+- [Discord Community](https://discord.gg/merit)
+
+## Auth.js (NextAuth) Specific Guidelines
+
+### Provider Configuration
+- Configure Echo as an Auth.js provider
+- Handle OAuth callbacks properly
+- Manage session and JWT tokens
+
+### Setup Example
+```typescript
+import { EchoProvider } from '@merit-systems/echo-auth-js-provider';
+
+export const authOptions = {
+  providers: [
+    EchoProvider({
+      clientId: process.env.ECHO_CLIENT_ID,
+      clientSecret: process.env.ECHO_CLIENT_SECRET,
+    }),
+  ],
+  callbacks: {
+    async jwt({ token, account }) {
+      if (account) {
+        token.accessToken = account.access_token;
+      }
+      return token;
+    },
+    async session({ session, token }) {
+      session.accessToken = token.accessToken;
+      return session;
+    },
+  },
+};
+```
+
+### Session Management
+- Use JWT for session management
+- Refresh tokens automatically
+- Handle logout properly
+
+### Security
+- Validate tokens on each request
+- Implement CSRF protection
+- Use secure cookies for production