@agile-vibe-coding/avc 0.2.3 → 0.3.1

package/cli/checks/cross-refs/epic.json

@@ -0,0 +1,171 @@
+{
+  "scope": "epic",
+  "tier": 2,
+  "checks": [
+    {
+      "id": "xref-sec-api-epic-01",
+      "tier": 2,
+      "perspectives": ["security", "api"],
+      "severity": "critical",
+      "category": "consistency",
+      "dependsOn": ["sec-epic-08", "api-epic-01"],
+      "question": "Security requires: {{sec-epic-08.evidence}}. API defines: {{api-epic-01.evidence}}. Are the named roles and permission boundaries consistent with the API endpoint definitions?",
+      "failDescription": "Security role model and API endpoint access control definitions are inconsistent",
+      "failSuggestion": "Align API endpoint authorization with the security role model — ensure every endpoint names which roles can access it"
+    },
+    {
+      "id": "xref-sec-api-epic-02",
+      "tier": 2,
+      "perspectives": ["security", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-epic-03", "api-epic-06"],
+      "question": "Security defines trust boundaries: {{sec-epic-03.evidence}}. API patterns: {{api-epic-06.evidence}}. Are API error codes consistent with the security error taxonomy?",
+      "failDescription": "Security error taxonomy and API error codes are inconsistent",
+      "failSuggestion": "Ensure API error codes (401/403/404/422/429) match the security-defined error taxonomy"
+    },
+    {
+      "id": "xref-sec-db-epic-01",
+      "tier": 2,
+      "perspectives": ["security", "database"],
+      "severity": "critical",
+      "category": "consistency",
+      "dependsOn": ["sec-epic-12", "db-epic-01"],
+      "question": "Security identifies PII fields: {{sec-epic-12.evidence}}. Database defines schema: {{db-epic-01.evidence}}. Are PII fields identified in the database schema with appropriate protection?",
+      "failDescription": "Security PII requirements and database schema protection are misaligned",
+      "failSuggestion": "Ensure PII fields identified by security are protected in the database schema (encryption at rest, access controls)"
+    },
+    {
+      "id": "xref-sec-db-epic-02",
+      "tier": 2,
+      "perspectives": ["security", "database"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-epic-14", "db-epic-06"],
+      "question": "Security requires audit logging: {{sec-epic-14.evidence}}. Database architecture: {{db-epic-06.evidence}}. Is the audit log storage aligned with database architecture?",
+      "failDescription": "Security audit log requirements and database storage architecture are inconsistent",
+      "failSuggestion": "Align audit log storage with database architecture — define where and how audit events are persisted"
+    },
+    {
+      "id": "xref-be-api-epic-01",
+      "tier": 2,
+      "perspectives": ["backend", "api"],
+      "severity": "critical",
+      "category": "consistency",
+      "dependsOn": ["be-epic-01", "api-epic-01"],
+      "question": "Backend defines service boundaries: {{be-epic-01.evidence}}. API defines endpoint surface: {{api-epic-01.evidence}}. Are backend service boundaries consistent with API endpoint definitions?",
+      "failDescription": "Backend service boundaries and API endpoint surface are inconsistent",
+      "failSuggestion": "Align backend services with API endpoints — each API endpoint should map to a defined backend service"
+    },
+    {
+      "id": "xref-be-api-epic-02",
+      "tier": 2,
+      "perspectives": ["backend", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["be-epic-07", "api-epic-07"],
+      "question": "Backend architecture patterns: {{be-epic-07.evidence}}. API performance: {{api-epic-07.evidence}}. Are backend architectural patterns supporting the API performance requirements?",
+      "failDescription": "Backend architecture does not adequately support API performance requirements",
+      "failSuggestion": "Ensure backend architecture (caching, async processing) supports API performance targets (latency, throughput)"
+    },
+    {
+      "id": "xref-devops-be-epic-01",
+      "tier": 2,
+      "perspectives": ["devops", "backend"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["devops-epic-08", "be-epic-01"],
+      "question": "DevOps infrastructure: {{devops-epic-08.evidence}}. Backend boundaries: {{be-epic-01.evidence}}. Are deployment infrastructure patterns aligned with backend service architecture?",
+      "failDescription": "DevOps deployment infrastructure and backend service architecture are misaligned",
+      "failSuggestion": "Align deployment infrastructure with backend architecture — each service should have a defined deployment strategy"
+    },
+    {
+      "id": "xref-devops-be-epic-02",
+      "tier": 2,
+      "perspectives": ["devops", "backend"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["devops-epic-10", "be-epic-08"],
+      "question": "DevOps observability: {{devops-epic-10.evidence}}. Backend performance: {{be-epic-08.evidence}}. Does the observability stack cover backend performance monitoring needs?",
+      "failDescription": "DevOps observability stack does not adequately cover backend performance monitoring",
+      "failSuggestion": "Ensure observability stack monitors backend performance metrics: latency, error rates, resource utilization"
+    },
+    {
+      "id": "xref-qa-dev-epic-01",
+      "tier": 2,
+      "perspectives": ["qa", "developer"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["qa-epic-01", "dev-epic-06"],
+      "question": "QA defines test boundaries: {{qa-epic-01.evidence}}. Developer testing strategy: {{dev-epic-06.evidence}}. Are QA quality gates aligned with the developer testing strategy?",
+      "failDescription": "QA quality gates and developer testing strategy are not aligned",
+      "failSuggestion": "Align QA quality gates with developer testing — ensure coverage targets, test types, and quality metrics are consistent"
+    },
+    {
+      "id": "xref-qa-sec-epic-01",
+      "tier": 2,
+      "perspectives": ["qa", "security"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["qa-epic-05", "sec-epic-01"],
+      "question": "QA test patterns: {{qa-epic-05.evidence}}. Security threat model: {{sec-epic-01.evidence}}. Does the QA test strategy include security testing for identified threat categories?",
+      "failDescription": "QA test strategy does not include security testing for identified threats",
+      "failSuggestion": "Include security test scenarios in QA strategy for each threat category: auth abuse, authz bypass, injection"
+    },
+    {
+      "id": "xref-sa-be-epic-01",
+      "tier": 2,
+      "perspectives": ["solution-architect", "backend"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sa-epic-08", "be-epic-03"],
+      "question": "SA integration points: {{sa-epic-08.evidence}}. Backend dependencies: {{be-epic-03.evidence}}. Are architecture integration points consistent with backend service dependencies?",
+      "failDescription": "Architecture integration points and backend dependencies are inconsistent",
+      "failSuggestion": "Align integration points with backend dependencies — every consumed service should be listed in both places"
+    },
+    {
+      "id": "xref-sa-db-epic-01",
+      "tier": 2,
+      "perspectives": ["solution-architect", "database"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sa-epic-05", "db-epic-01"],
+      "question": "SA database technology: {{sa-epic-05.evidence}}. Database boundaries: {{db-epic-01.evidence}}. Are the SA-specified database technology and the database schema design consistent?",
+      "failDescription": "SA database technology choice and database schema design are inconsistent",
+      "failSuggestion": "Ensure database technology matches across SA and database perspectives — same engine, same ORM, same conventions"
+    },
+    {
+      "id": "xref-fe-api-epic-01",
+      "tier": 2,
+      "perspectives": ["frontend", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["fe-epic-02", "api-epic-01"],
+      "question": "Frontend server-state management: {{fe-epic-02.evidence}}. API boundaries: {{api-epic-01.evidence}}. Does the frontend data fetching strategy align with the API endpoint structure?",
+      "failDescription": "Frontend data fetching strategy and API endpoint structure are misaligned",
+      "failSuggestion": "Align frontend data fetching with API design — cache keys, refetch patterns, and pagination should match API contracts"
+    },
+    {
+      "id": "xref-fe-sec-epic-01",
+      "tier": 2,
+      "perspectives": ["frontend", "security"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["fe-epic-09", "sec-epic-04"],
+      "question": "Frontend accessibility standard: {{fe-epic-09.evidence}}. Security session lifecycle: {{sec-epic-04.evidence}}. Does the frontend handle session expiration and token refresh consistently with the security model?",
+      "failDescription": "Frontend session handling and security session lifecycle are inconsistent",
+      "failSuggestion": "Ensure frontend handles session expiration per security model: redirect on 401, refresh token flow, logout cleanup"
+    },
+    {
+      "id": "xref-ta-devops-epic-01",
+      "tier": 2,
+      "perspectives": ["test-architect", "devops"],
+      "severity": "minor",
+      "category": "consistency",
+      "dependsOn": ["ta-epic-01", "devops-epic-02"],
+      "question": "Test architecture: {{ta-epic-01.evidence}}. DevOps CI/CD: {{devops-epic-02.evidence}}. Is the test automation framework integrated into the CI/CD pipeline?",
+      "failDescription": "Test automation framework is not integrated into the CI/CD pipeline",
+      "failSuggestion": "Integrate test framework into CI/CD: run unit tests on commit, integration tests on PR, e2e tests before deploy"
+    }
+  ]
+}

package/cli/checks/cross-refs/story.json

@@ -0,0 +1,149 @@
+{
+  "scope": "story",
+  "tier": 2,
+  "checks": [
+    {
+      "id": "xref-sec-api-story-01",
+      "tier": 2,
+      "perspectives": ["security", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-04", "api-story-01"],
+      "question": "Security auth in story: {{sec-story-04.evidence}}. API contract: {{api-story-01.evidence}}. Are the story's authentication requirements consistent with its API endpoint definitions?",
+      "failDescription": "Story security auth model and API endpoint definitions are inconsistent",
+      "failSuggestion": "Align story's API endpoint auth with its security requirements"
+    },
+    {
+      "id": "xref-sec-api-story-02",
+      "tier": 2,
+      "perspectives": ["security", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-07", "api-story-03"],
+      "question": "Security input validation: {{sec-story-07.evidence}}. API inputs: {{api-story-03.evidence}}. Are input validation requirements consistent between security and API acceptance criteria?",
+      "failDescription": "Input validation requirements are inconsistent between security and API perspectives",
+      "failSuggestion": "Ensure every API input field has matching server-side validation from the security perspective"
+    },
+    {
+      "id": "xref-sec-api-story-03",
+      "tier": 2,
+      "perspectives": ["security", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-05", "api-story-02"],
+      "question": "Security authorization: {{sec-story-05.evidence}}. API authorization: {{api-story-02.evidence}}. Are IDOR/BOLA protections and role boundary definitions consistent?",
+      "failDescription": "Authorization protections differ between security and API perspectives",
+      "failSuggestion": "Align IDOR protection and role boundary checks across security and API acceptance criteria"
+    },
+    {
+      "id": "xref-sec-db-story-01",
+      "tier": 2,
+      "perspectives": ["security", "database"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-09", "db-story-01"],
+      "question": "Security PII handling: {{sec-story-09.evidence}}. Database fields: {{db-story-01.evidence}}. Are PII fields handled consistently between security and database criteria?",
+      "failDescription": "PII handling differs between security and database acceptance criteria",
+      "failSuggestion": "Align PII field handling — database should reflect security's minimization and encryption requirements"
+    },
+    {
+      "id": "xref-sec-db-story-02",
+      "tier": 2,
+      "perspectives": ["security", "database"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-10", "db-story-02"],
+      "question": "Security logging: {{sec-story-10.evidence}}. Database audit: {{db-story-02.evidence}}. Are audit logging requirements consistent?",
+      "failDescription": "Audit logging requirements differ between security and database perspectives",
+      "failSuggestion": "Ensure audit log events defined in security ACs have corresponding database persistence"
+    },
+    {
+      "id": "xref-be-api-story-01",
+      "tier": 2,
+      "perspectives": ["backend", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["be-story-01", "api-story-01"],
+      "question": "Backend implementation: {{be-story-01.evidence}}. API contract: {{api-story-01.evidence}}. Are backend implementation details consistent with API contract definitions?",
+      "failDescription": "Backend implementation and API contract are misaligned",
+      "failSuggestion": "Align backend implementation with API contract — handlers should match endpoint definitions"
+    },
+    {
+      "id": "xref-be-api-story-02",
+      "tier": 2,
+      "perspectives": ["backend", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["be-story-02", "api-story-03"],
+      "question": "Backend error handling: {{be-story-02.evidence}}. API errors: {{api-story-03.evidence}}. Are error handling patterns consistent?",
+      "failDescription": "Backend error handling doesn't match API error definitions",
+      "failSuggestion": "Align backend error paths with API error response specifications"
+    },
+    {
+      "id": "xref-devops-be-story-01",
+      "tier": 2,
+      "perspectives": ["devops", "backend"],
+      "severity": "minor",
+      "category": "consistency",
+      "dependsOn": ["devops-story-01", "be-story-03"],
+      "question": "DevOps requirements: {{devops-story-01.evidence}}. Backend architecture: {{be-story-03.evidence}}. Are deployment requirements consistent with the backend implementation?",
+      "failDescription": "DevOps and backend requirements are inconsistent",
+      "failSuggestion": "Align deployment configuration with backend runtime requirements"
+    },
+    {
+      "id": "xref-qa-dev-story-01",
+      "tier": 2,
+      "perspectives": ["test-architect", "developer"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["ta-story-01", "dev-story-04"],
+      "question": "Test architecture: {{ta-story-01.evidence}}. Developer testing: {{dev-story-04.evidence}}. Are test requirements consistent between test architect and developer perspectives?",
+      "failDescription": "Test requirements are misaligned between test architect and developer",
+      "failSuggestion": "Align test scenarios with test architecture layers (unit, integration, e2e)"
+    },
+    {
+      "id": "xref-qa-sec-story-01",
+      "tier": 2,
+      "perspectives": ["test-architect", "security"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["ta-story-02", "sec-story-11"],
+      "question": "Test coverage: {{ta-story-02.evidence}}. Security testing: {{sec-story-11.evidence}}. Does the test strategy cover security-specific scenarios (abuse, unauthorized access)?",
+      "failDescription": "Test strategy doesn't cover security-specific scenarios",
+      "failSuggestion": "Add test scenarios for security abuse paths (wrong credentials, forged tokens, unauthorized access)"
+    },
+    {
+      "id": "xref-qa-api-story-01",
+      "tier": 2,
+      "perspectives": ["test-architect", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["ta-story-03", "api-story-01"],
+      "question": "Test approach: {{ta-story-03.evidence}}. API endpoints: {{api-story-01.evidence}}. Does the testing strategy include integration tests for the story's API endpoints?",
+      "failDescription": "Testing strategy doesn't cover API integration tests for this story",
+      "failSuggestion": "Add API integration test scenarios for each endpoint with success and error paths"
+    },
+    {
+      "id": "xref-sa-be-story-01",
+      "tier": 2,
+      "perspectives": ["solution-architect", "backend"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sa-story-05", "be-story-01"],
+      "question": "SA dependencies: {{sa-story-05.evidence}}. Backend implementation: {{be-story-01.evidence}}. Are story dependencies and integration points consistent with backend implementation?",
+      "failDescription": "Story dependencies don't match backend implementation",
+      "failSuggestion": "Align story dependencies with actual backend service boundaries"
+    },
+    {
+      "id": "xref-sa-api-story-01",
+      "tier": 2,
+      "perspectives": ["solution-architect", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sa-story-01", "api-story-01"],
+      "question": "SA API contract: {{sa-story-01.evidence}}. API definition: {{api-story-01.evidence}}. Are SA-level API requirements consistent with detailed API definitions?",
+      "failDescription": "SA API requirements and detailed API definitions are inconsistent",
+      "failSuggestion": "Ensure SA endpoint requirements match the detailed API contract"
+    }
+  ]
+}

package/cli/checks/epic/api.json

@@ -0,0 +1,114 @@
+{
+  "perspective": "api",
+  "scope": "epic",
+  "checks": [
+    {
+      "id": "api-epic-01",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs? (Does it define REST endpoints, GraphQL operations, or API contracts?)",
+      "question": "Does the epic scope clearly define API boundaries?",
+      "failDescription": "API boundaries are not defined — unclear which endpoints and resources are in scope",
+      "failSuggestion": "Define API boundaries: list endpoints, resource models, and API versioning strategy"
+    },
+    {
+      "id": "api-epic-02",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Are all critical API features identified?",
+      "failDescription": "Critical API features are missing — endpoints, auth, or error handling not fully identified",
+      "failSuggestion": "Identify critical API features: endpoint specifications, authentication, rate limiting, error handling, versioning"
+    },
+    {
+      "id": "api-epic-03",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic depend on API services or infrastructure?",
+      "question": "Are dependencies on API services/infrastructure explicit?",
+      "failDescription": "API service dependencies are not explicit",
+      "failSuggestion": "Make API dependencies explicit: API gateway, authentication service, external APIs consumed"
+    },
+    {
+      "id": "api-epic-04",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Are API success criteria measurable?",
+      "failDescription": "API success criteria are not measurable",
+      "failSuggestion": "Define measurable API criteria: response time, throughput, error rate, uptime SLA"
+    },
+    {
+      "id": "api-epic-05",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "minor",
+      "category": "clarity",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Is API terminology used correctly?",
+      "failDescription": "API terminology is used incorrectly or inconsistently",
+      "failSuggestion": "Review API terminology: REST methods, status codes, resource naming, pagination"
+    },
+    {
+      "id": "api-epic-06",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve API design or architecture?",
+      "question": "Are API architectural patterns considered?",
+      "failDescription": "API architectural patterns are not considered",
+      "failSuggestion": "Consider API patterns: RESTful resource design, consistent error format, pagination, filtering, versioning"
+    },
+    {
+      "id": "api-epic-07",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose APIs that need to handle load?",
+      "question": "Are performance/scalability concerns for API addressed?",
+      "failDescription": "API performance and scalability concerns are not addressed",
+      "failSuggestion": "Address API performance: rate limiting, caching headers, pagination limits, payload size constraints"
+    },
+    {
+      "id": "api-epic-08",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "minor",
+      "category": "consistency",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Does the API approach align with project context?",
+      "failDescription": "API approach does not align with project context",
+      "failSuggestion": "Ensure API approach aligns with project: consistent naming, versioning, and error handling conventions"
+    },
+    {
+      "id": "api-epic-09",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "minor",
+      "category": "best-practices",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Are industry-standard API patterns followed (REST/GraphQL principles)?",
+      "failDescription": "API best practices are not followed",
+      "failSuggestion": "Follow API best practices: proper HTTP methods, meaningful status codes, consistent resource naming"
+    }
+  ]
+}

package/cli/checks/epic/backend.json

@@ -0,0 +1,126 @@
+{
+  "perspective": "backend",
+  "scope": "epic",
+  "checks": [
+    {
+      "id": "be-epic-01",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services? (Does it include APIs, background jobs, data processing, or service-to-service communication?)",
+      "question": "Does the epic scope clearly define backend boundaries?",
+      "failDescription": "Backend boundaries are not defined — unclear which services and responsibilities are in scope",
+      "failSuggestion": "Define backend boundaries: which services, routes, and responsibilities belong to this epic"
+    },
+    {
+      "id": "be-epic-02",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Are all critical backend features identified?",
+      "failDescription": "Critical backend features are missing — APIs, data access, or business logic not fully identified",
+      "failSuggestion": "Identify all critical backend features: API endpoints, data access patterns, business logic, background jobs"
+    },
+    {
+      "id": "be-epic-03",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic depend on backend services or infrastructure?",
+      "question": "Are dependencies on backend services/infrastructure explicit?",
+      "failDescription": "Backend service dependencies are not explicit",
+      "failSuggestion": "Make backend dependencies explicit: database, message queue, cache, external APIs, auth service"
+    },
+    {
+      "id": "be-epic-04",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Are backend success criteria measurable?",
+      "failDescription": "Backend success criteria are not measurable",
+      "failSuggestion": "Define measurable backend criteria: response time targets, throughput, error rates, test coverage"
+    },
+    {
+      "id": "be-epic-05",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "minor",
+      "category": "clarity",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Is backend terminology used correctly?",
+      "failDescription": "Backend terminology is used incorrectly or inconsistently",
+      "failSuggestion": "Review backend terminology for accuracy: middleware, service layer, repository pattern, etc."
+    },
+    {
+      "id": "be-epic-06",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "minor",
+      "category": "clarity",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Are features described in business value terms?",
+      "failDescription": "Backend features lack business value context",
+      "failSuggestion": "Frame backend features in business terms alongside technical specifications"
+    },
+    {
+      "id": "be-epic-07",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve backend architecture? (Does it need service design, async processing, or caching?)",
+      "question": "Are backend architectural patterns considered?",
+      "failDescription": "Backend architectural patterns are not considered",
+      "failSuggestion": "Consider backend patterns: service layer, repository pattern, CQRS, event sourcing, async processing"
+    },
+    {
+      "id": "be-epic-08",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve backend services that need to handle load?",
+      "question": "Are performance/scalability concerns for backend addressed?",
+      "failDescription": "Backend performance and scalability concerns are not addressed",
+      "failSuggestion": "Address backend performance: caching strategy, connection pooling, async processing, horizontal scaling"
+    },
+    {
+      "id": "be-epic-09",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "minor",
+      "category": "consistency",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Does the backend approach align with project context?",
+      "failDescription": "Backend approach does not align with project context",
+      "failSuggestion": "Ensure backend approach aligns with project: consistent framework, patterns, and conventions"
+    },
+    {
+      "id": "be-epic-10",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "minor",
+      "category": "best-practices",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Are industry-standard backend patterns followed (separation of concerns, SOLID)?",
+      "failDescription": "Backend best practices are not followed",
+      "failSuggestion": "Follow backend best practices: separation of concerns, SOLID principles, error handling patterns"
+    }
+  ]
+}