@jigyasudham/veto 0.8.3 → 1.0.0

package/src/agents/development/api.ts

@@ -1,120 +0,0 @@
-import { AgentPlan, WorkerAgentType } from '../types.js';
-
-type ApiStyle = 'rest' | 'graphql' | 'grpc' | 'general';
-
-function detectApiStyle(task: string, context?: string): ApiStyle {
-  const combined = (task + ' ' + (context ?? '')).toLowerCase();
-  if (combined.includes('graphql') || combined.includes('query') || combined.includes('mutation') || combined.includes('resolver')) return 'graphql';
-  if (combined.includes('grpc') || combined.includes('protobuf') || combined.includes('proto')) return 'grpc';
-  if (combined.includes('rest') || combined.includes('http') || combined.includes('endpoint') || combined.includes('route')) return 'rest';
-  return 'general';
-}
-
-const styleApproach: Record<ApiStyle, string> = {
-  rest: 'Design resource-oriented URLs, assign correct HTTP verbs, define request/response DTOs with validation, implement versioning strategy, document with OpenAPI, secure with JWT/OAuth.',
-  graphql: 'Define the schema first (SDL-first approach), design resolvers to avoid N+1 (DataLoader), implement mutations with input types, add field-level authorisation, paginate list queries.',
-  grpc: 'Write the .proto file first (contract-first), generate server and client stubs, implement unary and streaming RPCs as needed, add interceptors for auth/logging, define error codes.',
-  general: 'Choose REST for CRUD resource APIs, GraphQL for flexible client-driven queries, gRPC for high-performance internal services. Design the contract before writing implementation code.',
-};
-
-const styleSteps: Record<ApiStyle, string[]> = {
-  rest: [
-    'Identify the resources (nouns) the API exposes — e.g., /users, /orders, /products',
-    'Map CRUD operations to HTTP verbs: GET (read), POST (create), PUT/PATCH (update), DELETE',
-    'Design the URL structure: /api/v1/resources/{id}/sub-resources',
-    'Define the request body DTO with all required and optional fields',
-    'Define the response body DTO — never return the raw DB row',
-    'Define error response shape: { code, message, details } for all 4xx/5xx',
-    'Choose the pagination strategy: cursor-based for large datasets, offset for small',
-    'Implement versioning: URL path versioning (/v1/) or header versioning',
-    'Secure the endpoint: add authentication middleware and role-based guards',
-    'Add rate limiting to prevent abuse',
-    'Write OpenAPI/Swagger annotation for each endpoint',
-    'Write integration tests covering happy path and all error conditions',
-  ],
-  graphql: [
-    'Write the GraphQL schema (SDL) before writing any resolver code',
-    'Define types for all entities, input types for mutations, and enums for fixed values',
-    'Design query fields with pagination arguments (first, after, last, before)',
-    'Implement DataLoader for all one-to-many and many-to-many relations to batch DB queries',
-    'Implement resolvers using the service layer — no direct DB queries in resolvers',
-    'Add field-level authorisation using resolver guards',
-    'Add query depth limiting (max depth 10) and query complexity limits',
-    'Implement subscriptions only for truly real-time use cases',
-    'Add persisted queries for production performance',
-    'Write tests using graphql-tester or supertest against the schema',
-    'Document each type and field with SDL description strings',
-  ],
-  grpc: [
-    'Write the .proto file defining all messages and services',
-    'Generate TypeScript server and client stubs from the proto',
-    'Implement each RPC method in the service implementation class',
-    'Add server interceptors for authentication, logging, and tracing',
-    'Implement unary RPCs for simple request/response patterns',
-    'Implement server-streaming for large result sets',
-    'Implement bidirectional streaming for real-time communication',
-    'Define a standard error model using google.rpc.Status',
-    'Add health checking via the gRPC health protocol',
-    'Write integration tests using the generated client stubs',
-    'Document each service and RPC with proto comments',
-  ],
-  general: [
-    'Choose the API style based on use case (REST/GraphQL/gRPC)',
-    'Write the API contract (OpenAPI, SDL, or .proto) before implementation',
-    'Define all data types for requests and responses',
-    'Design error handling and error response shapes',
-    'Plan authentication and authorisation strategy',
-    'Design versioning strategy',
-    'Add rate limiting and throttling',
-    'Write API documentation',
-    'Write integration tests',
-    'Set up monitoring for error rates and latency',
-  ],
-};
-
-export function plan(task: string, context?: string): AgentPlan {
-  const style = detectApiStyle(task, context);
-
-  return {
-    agent: 'api' as WorkerAgentType,
-    task,
-    tier: 2,
-    approach: styleApproach[style],
-    steps: styleSteps[style],
-    checklist: [
-      '[ ] API contract (OpenAPI/SDL/proto) written before implementation',
-      '[ ] All request inputs validated and sanitised',
-      '[ ] Response DTOs never expose internal DB columns or secrets',
-      '[ ] HTTP status codes semantically correct (201 for creation, 422 for validation errors)',
-      '[ ] Authentication required on all non-public endpoints',
-      '[ ] Authorisation checked — user can only access their own resources',
-      '[ ] Rate limiting applied to prevent abuse',
-      '[ ] Pagination implemented for all list endpoints',
-      '[ ] Error responses follow a consistent shape with error code and message',
-      '[ ] Idempotency key supported on create/update endpoints',
-      '[ ] API versioning strategy documented and implemented',
-      '[ ] CORS configured correctly for the intended client origins',
-      '[ ] No internal error details (stack traces) exposed in production responses',
-      '[ ] Integration tests cover 200, 400, 401, 403, 404, 422, 500 paths',
-      '[ ] API documentation complete and accurate',
-    ],
-    pitfalls: [
-      'Returning 200 OK with an error body — use the correct HTTP status code',
-      'Exposing database IDs directly — use UUIDs or opaque tokens to prevent enumeration',
-      'Not validating Content-Type — body parsers silently fail on wrong content type',
-      'Returning the full DB row in the response — exposes internal fields and breaks encapsulation',
-      'Using GET requests for operations with side effects — browsers and caches will replay them',
-      'Not implementing idempotency for payment or order endpoints — duplicate requests cause duplicate charges',
-      'Omitting pagination on list endpoints — a single request can return millions of rows',
-    ],
-    patterns: [
-      'Command pattern (map HTTP requests to command objects)',
-      'DTO pattern (request and response data transfer objects)',
-      'Decorator pattern (middleware as route decorators)',
-      'Repository pattern (abstract data access from controllers)',
-      'API Gateway pattern (single entry point with cross-cutting concerns)',
-      'Circuit Breaker pattern (for outbound calls to other services)',
-    ],
-    duration_estimate: '4-8 hours',
-  };
-}

package/src/agents/development/backend.ts

@@ -1,85 +0,0 @@
-import { AgentPlan, WorkerAgentType } from '../types.js';
-
-type BackendStyle = 'monolith' | 'microservice' | 'serverless' | 'general';
-
-function detectStyle(task: string, context?: string): BackendStyle {
-  const combined = (task + ' ' + (context ?? '')).toLowerCase();
-  if (combined.includes('lambda') || combined.includes('serverless') || combined.includes('function') || combined.includes('faas')) return 'serverless';
-  if (combined.includes('microservice') || combined.includes('service mesh') || combined.includes('kubernetes') || combined.includes('k8s')) return 'microservice';
-  if (combined.includes('monolith') || combined.includes('mvc') || combined.includes('express') || combined.includes('nestjs') || combined.includes('rails')) return 'monolith';
-  return 'general';
-}
-
-const styleApproach: Record<BackendStyle, string> = {
-  monolith: 'Organise by feature module (not by layer). Each module owns its Controller → Service → Repository stack. Use dependency injection for testability. Enforce module boundaries — no cross-module direct imports.',
-  microservice: 'Define the service boundary around a bounded context. Use async messaging for cross-service communication. Implement the Saga pattern for distributed transactions. Each service owns its data store.',
-  serverless: 'Design for stateless execution — no in-memory state between invocations. Use environment variables for config. Cold start budget: keep the handler lean. Use SQS/EventBridge for async operations.',
-  general: 'Apply Clean Architecture: Controllers → Use Cases → Domain → Infrastructure. Dependencies point inward. The domain layer has no framework imports. Testable by definition.',
-};
-
-export function plan(task: string, context?: string): AgentPlan {
-  const style = detectStyle(task, context);
-
-  return {
-    agent: 'backend' as WorkerAgentType,
-    task,
-    tier: 3,
-    approach: styleApproach[style],
-    steps: [
-      'Define the domain model: entities, value objects, and aggregate roots',
-      'Define use cases (application services) — each use case is a single public method',
-      'Design the repository interfaces in the domain layer (no DB imports)',
-      'Implement the controller layer: parse request → call use case → format response',
-      'Implement the service layer: orchestrate domain objects and repositories',
-      'Implement the repository layer: translate domain operations to DB queries',
-      'Wire dependency injection container (manual DI or a framework like tsyringe/inversify)',
-      'Add authentication middleware: verify JWT/session, attach user to request context',
-      'Add authorisation guards: check role/permission on each protected route',
-      'Add request validation middleware: validate body/query against schema before reaching controller',
-      'Implement structured error handling: domain errors → HTTP errors → error middleware',
-      'Add correlation ID middleware: generate and propagate request tracing ID',
-      'Add health check endpoint: /health returns 200 with DB and dependency status',
-      'Configure graceful shutdown: drain in-flight requests before stopping the process',
-      'Write unit tests for each service method with mocked repositories',
-      'Write integration tests for each controller route against a test database',
-    ],
-    checklist: [
-      '[ ] Domain layer has zero framework or DB imports',
-      '[ ] Each use case / service method has a single responsibility',
-      '[ ] All dependencies injected via constructor — no new SomeDependency() in methods',
-      '[ ] Repository interfaces defined in domain, implementations in infrastructure',
-      '[ ] Authentication middleware applied to all non-public routes',
-      '[ ] Authorisation checked inside the use case — not just at the route level',
-      '[ ] Request validation runs before the controller method executes',
-      '[ ] All async operations wrapped in try/catch with typed error handling',
-      '[ ] Structured logging with correlation ID on every log line',
-      '[ ] No sensitive data (passwords, tokens) in log output',
-      '[ ] Graceful shutdown implemented — SIGTERM drains in-flight requests',
-      '[ ] Health endpoint checks real DB connectivity, not just process liveness',
-      '[ ] Environment variables validated at startup — fail fast on missing config',
-      '[ ] Connection pools sized appropriately for the expected concurrency',
-      '[ ] Unit tests cover all service methods',
-      '[ ] Integration tests cover all controller routes',
-    ],
-    pitfalls: [
-      'Putting business logic in controllers — controllers should only parse input and format output',
-      'Accessing the database directly from controllers — bypasses the service/repository abstraction',
-      'Using global state (singletons with mutable fields) — breaks in clustered/concurrent environments',
-      'Swallowing exceptions in middleware — downstream handlers receive undefined instead of an error',
-      'Not validating environment variables at startup — the service starts, runs for hours, then crashes on first DB access',
-      'Building a distributed monolith — microservices that share a DB defeat the purpose of the architecture',
-      'Forgetting graceful shutdown — in-flight requests are killed on deploy, causing user-visible errors',
-    ],
-    patterns: [
-      'Clean Architecture (Controllers → Use Cases → Domain → Infrastructure)',
-      'Repository pattern (abstract DB access behind an interface)',
-      'Dependency Injection (constructor injection for testability)',
-      'Middleware chain (Chain of Responsibility for cross-cutting concerns)',
-      'Command / Query Responsibility Segregation (CQRS)',
-      'Domain Events (decouple side effects from core logic)',
-      'Circuit Breaker (for resilient outbound calls)',
-      'Saga pattern (coordinate distributed transactions)',
-    ],
-    duration_estimate: '1-3 days',
-  };
-}

package/src/agents/development/coder.ts

@@ -1,213 +0,0 @@
-import { AgentPlan, WorkerAgentType } from '../types.js';
-
-type TaskCategory = 'api-endpoint' | 'ui-component' | 'utility' | 'service' | 'general';
-
-function detectCategory(task: string): TaskCategory {
-  const t = task.toLowerCase();
-  if (t.includes('endpoint') || t.includes('route') || t.includes('controller') || t.includes('rest') || t.includes('graphql')) return 'api-endpoint';
-  if (t.includes('component') || t.includes('ui') || t.includes('button') || t.includes('form') || t.includes('modal') || t.includes('page')) return 'ui-component';
-  if (t.includes('util') || t.includes('helper') || t.includes('format') || t.includes('parse') || t.includes('transform')) return 'utility';
-  if (t.includes('service') || t.includes('manager') || t.includes('handler') || t.includes('processor') || t.includes('worker')) return 'service';
-  return 'general';
-}
-
-const categoryApproach: Record<TaskCategory, string> = {
-  'api-endpoint': 'Design the contract first (request/response types), implement handler with validation, wire middleware chain, write integration tests.',
-  'ui-component': 'Define props interface, sketch component tree, implement stateless core first then add state/effects, ensure accessibility, write render tests.',
-  'utility': 'Write pure functions with explicit input/output types, cover all edge cases including null/undefined/empty, optimise for readability over cleverness.',
-  'service': 'Apply Dependency Injection, define interface before class, implement with repository abstraction, propagate typed errors, add unit tests for each method.',
-  'general': 'Define types first, implement incrementally, handle all error paths explicitly, add JSDoc for public APIs, write tests in parallel with implementation.',
-};
-
-const categorySteps: Record<TaskCategory, string[]> = {
-  'api-endpoint': [
-    'Define TypeScript interfaces for request body, query params, and response payload',
-    'Write input validation schema (zod or class-validator)',
-    'Stub out the route handler and wire it in the router',
-    'Implement business logic in a dedicated service class',
-    'Add authentication/authorisation middleware as required',
-    'Implement error handling — map domain errors to HTTP status codes',
-    'Add request logging and correlation ID propagation',
-    'Write integration tests hitting the endpoint directly',
-    'Document the endpoint with OpenAPI/JSDoc annotations',
-    'Test error paths: missing fields, invalid types, unauthorised access',
-  ],
-  'ui-component': [
-    'Define the Props interface with JSDoc on each prop',
-    'Sketch the component tree — identify sub-components to extract',
-    'Implement the purely presentational render first with hardcoded data',
-    'Replace hardcoded data with props, add PropTypes/TypeScript narrowing',
-    'Add local state and effects only after the static render is correct',
-    'Implement loading and error states',
-    'Add keyboard navigation and ARIA attributes',
-    'Test with screen reader using browser dev tools',
-    'Add responsive CSS — mobile first with breakpoints',
-    'Write render tests covering each significant prop combination',
-  ],
-  'utility': [
-    'Write function signature with explicit parameter and return types',
-    'Document expected input/output with JSDoc examples',
-    'Handle null, undefined, and empty inputs explicitly',
-    'Handle boundary conditions (zero, negative, overflow, max-length)',
-    'Implement the happy-path logic',
-    'Add guards and early returns for invalid inputs',
-    'Write unit tests for each distinct input category',
-    'Benchmark if the utility is on a hot path',
-    'Export from an index barrel so imports stay clean',
-  ],
-  'service': [
-    'Define the service interface (IMyService) with all public methods',
-    'List constructor dependencies — inject via interface not concrete class',
-    'Write method stubs with return types before implementing',
-    'Implement each method with a single clear responsibility',
-    'Use typed Result or throw typed domain errors — no raw Error strings',
-    'Log structured data (not plain strings) at appropriate log levels',
-    'Write unit tests with mocked dependencies for each method',
-    'Write integration test against a real dependency (DB, API) if applicable',
-    'Document retry / circuit-breaker strategy for external calls',
-    'Add health-check method if the service wraps an external resource',
-  ],
-  'general': [
-    'Clarify and write down acceptance criteria before touching code',
-    'Define all TypeScript types/interfaces needed',
-    'Break the work into small independently testable functions',
-    'Implement incrementally — make it work, then make it right',
-    'Handle all error paths explicitly with typed errors',
-    'Add JSDoc to every exported symbol',
-    'Write unit tests alongside implementation',
-    'Run the linter and fix all warnings',
-    'Review the diff for accidental debug code or console.log statements',
-    'Update relevant documentation or README if the public API changes',
-  ],
-};
-
-const categoryChecklist: Record<TaskCategory, string[]> = {
-  'api-endpoint': [
-    '[ ] Request DTO fully typed with validation annotations',
-    '[ ] Response DTO typed — no raw any or unknown leaking out',
-    '[ ] HTTP status codes are semantically correct (201 vs 200, 422 vs 400)',
-    '[ ] Auth middleware applied where required',
-    '[ ] Rate limiting considered',
-    '[ ] Input sanitisation prevents injection',
-    '[ ] Async handler wrapped to forward errors to Express error middleware',
-    '[ ] Pagination implemented for list endpoints',
-    '[ ] Integration test covers 200, 400, 401, 404, 500 paths',
-    '[ ] OpenAPI annotation added',
-    '[ ] No secrets or PII logged',
-    '[ ] Idempotency considered for mutating endpoints',
-  ],
-  'ui-component': [
-    '[ ] Props interface exported and all props documented',
-    '[ ] No inline styles — use CSS modules or styled components',
-    '[ ] Loading state renders a skeleton or spinner',
-    '[ ] Error state renders a user-friendly message',
-    '[ ] Empty state renders a meaningful prompt',
-    '[ ] ARIA roles and labels present on interactive elements',
-    '[ ] Tab order is logical',
-    '[ ] Component is keyboard-operable without mouse',
-    '[ ] Works at 320 px (mobile) and 1440 px (desktop)',
-    '[ ] No useEffect with missing dependency array entries',
-    '[ ] Memoisation applied only where profiling justifies it',
-    '[ ] Render test covers loading, error, and data states',
-  ],
-  'utility': [
-    '[ ] Function is pure — no hidden side effects',
-    '[ ] Returns typed result, not any',
-    '[ ] Handles null and undefined inputs without throwing',
-    '[ ] Handles empty string and empty array inputs',
-    '[ ] Handles numeric edge cases (NaN, Infinity, 0, negative)',
-    '[ ] Unit test for each distinct input category',
-    '[ ] Exported from barrel index',
-    '[ ] JSDoc with @param, @returns, and @example',
-  ],
-  'service': [
-    '[ ] Interface defined before implementation class',
-    '[ ] All dependencies injected — no new SomeDependency() in methods',
-    '[ ] Each public method has a single responsibility',
-    '[ ] Typed errors thrown — no throw new Error("raw string")',
-    '[ ] External calls have timeout configured',
-    '[ ] Unit tests mock all external dependencies',
-    '[ ] Integration test covers the real dependency path',
-    '[ ] Logs structured objects, not string concatenation',
-    '[ ] No business logic in the constructor',
-    '[ ] Service registered in the DI container',
-  ],
-  'general': [
-    '[ ] Acceptance criteria written before coding',
-    '[ ] All types explicit — no implicit any',
-    '[ ] All error paths handled',
-    '[ ] JSDoc on every exported symbol',
-    '[ ] Unit tests written alongside implementation',
-    '[ ] No console.log left in committed code',
-    '[ ] Linter passes with zero warnings',
-    '[ ] No TODO comments without a linked issue number',
-    '[ ] Public API is backwards-compatible or version-bumped',
-    '[ ] Documentation updated if the public API changed',
-  ],
-};
-
-const categoryPitfalls: Record<TaskCategory, string[]> = {
-  'api-endpoint': [
-    'Forgetting to await async middleware — silently skips auth checks',
-    'Returning 200 for operations that create resources — use 201',
-    'Leaking internal stack traces to the client in production',
-    'Not validating Content-Type header before parsing body',
-    'Using req.body directly without validation — injection risk',
-  ],
-  'ui-component': [
-    'Calling setState inside useEffect without a dependency array — infinite loop',
-    'Forgetting key prop on list items — causes subtle reconciliation bugs',
-    'Storing derived data in state instead of computing it on render',
-    'Leaving event listeners without cleanup in useEffect return',
-    'Assuming controlled and uncontrolled prop modes cannot conflict',
-  ],
-  'utility': [
-    'Using == instead of === for null checks — misses undefined',
-    'Mutating the input array or object instead of returning a new one',
-    'Assuming parseInt always returns a number — it returns NaN on bad input',
-    'Using Date arithmetic without accounting for timezone offsets',
-  ],
-  'service': [
-    'Catching and swallowing errors silently — log and rethrow or return Result',
-    'Doing database work in the constructor — blocks DI container startup',
-    'Sharing mutable state across concurrent requests — use per-request scope',
-    'Not configuring timeout on external HTTP calls — hangs indefinitely',
-  ],
-  'general': [
-    'Premature optimisation before profiling — adds complexity with no gain',
-    'Mixing abstraction levels in a single function — extract sub-functions',
-    'Returning null instead of throwing when the contract is violated',
-    'Copy-pasting similar blocks instead of extracting a parameterised function',
-  ],
-};
-
-const categoryPatterns: Record<TaskCategory, string[]> = {
-  'api-endpoint': ['Command pattern', 'Chain of Responsibility (middleware)', 'DTO pattern', 'Repository pattern', 'Decorator pattern (route guards)'],
-  'ui-component': ['Compound component pattern', 'Render props', 'Custom hook extraction', 'Container / Presenter split', 'Controlled component pattern'],
-  'utility': ['Pure function', 'Pipe / compose', 'Guard clause early return', 'Option/Result type', 'Memoisation'],
-  'service': ['Dependency Injection', 'Repository pattern', 'Strategy pattern', 'Result type', 'Façade pattern'],
-  'general': ['Single Responsibility Principle', 'Dependency Inversion', 'Guard clauses', 'Factory function', 'Module pattern'],
-};
-
-const categoryDuration: Record<TaskCategory, string> = {
-  'api-endpoint': '2-4 hours',
-  'ui-component': '3-6 hours',
-  'utility': '1-2 hours',
-  'service': '4-8 hours',
-  'general': '2-4 hours',
-};
-
-export function plan(task: string, context?: string): AgentPlan {
-  const category = detectCategory(task + ' ' + (context ?? ''));
-  return {
-    agent: 'coder' as WorkerAgentType,
-    task,
-    tier: 2,
-    approach: categoryApproach[category],
-    steps: categorySteps[category],
-    checklist: categoryChecklist[category],
-    pitfalls: categoryPitfalls[category],
-    patterns: categoryPatterns[category],
-    duration_estimate: categoryDuration[category],
-  };
-}

package/src/agents/development/database.ts

@@ -1,83 +0,0 @@
-import { AgentPlan, WorkerAgentType } from '../types.js';
-
-type DbType = 'rdbms' | 'nosql' | 'timeseries' | 'graph' | 'general';
-
-function detectDbType(task: string, context?: string): DbType {
-  const combined = (task + ' ' + (context ?? '')).toLowerCase();
-  if (combined.includes('mongo') || combined.includes('document') || combined.includes('dynamodb') || combined.includes('firestore') || combined.includes('nosql')) return 'nosql';
-  if (combined.includes('timeseries') || combined.includes('influx') || combined.includes('prometheus') || combined.includes('clickhouse') || combined.includes('time series')) return 'timeseries';
-  if (combined.includes('graph') || combined.includes('neo4j') || combined.includes('relationship')) return 'graph';
-  if (combined.includes('postgres') || combined.includes('mysql') || combined.includes('sqlite') || combined.includes('sql') || combined.includes('relational')) return 'rdbms';
-  return 'general';
-}
-
-const dbApproach: Record<DbType, string> = {
-  rdbms: 'Design a normalised schema first (3NF), add indexes for every foreign key and frequent filter column, use transactions for multi-table mutations, plan migration scripts with backward compatibility.',
-  nosql: 'Design around access patterns — denormalise to serve queries in one round trip. Choose partition keys that distribute load evenly. Model for reads, use references sparingly for writes.',
-  timeseries: 'Optimise for append-heavy write patterns. Use time-bucketed partitioning. Compress old data with downsampling. Design queries around time ranges, not individual rows.',
-  graph: 'Model entities as nodes and relationships as edges with properties. Index node labels and edge types. Design traversal patterns and bound depth of recursive queries.',
-  general: 'Evaluate RDBMS vs NoSQL based on data structure, access patterns, and consistency requirements. Design schema to serve the most frequent query without joins if possible.',
-};
-
-export function plan(task: string, context?: string): AgentPlan {
-  const dbType = detectDbType(task, context);
-
-  return {
-    agent: 'database' as WorkerAgentType,
-    task,
-    tier: 3,
-    approach: dbApproach[dbType],
-    steps: [
-      'List all entities and their relationships — draw an ER diagram',
-      'Identify the top 5 most frequent query patterns (what will be read most?)',
-      'Design the schema to serve those queries with minimal joins/lookups',
-      'Add primary keys and unique constraints first',
-      'Add foreign key constraints for relational integrity',
-      'Identify every column used in WHERE, ORDER BY, or JOIN — add indexes',
-      'Choose composite index column order by selectivity (most selective first)',
-      'Design the migration script: additive changes first (new tables, new nullable columns)',
-      'Write seed / fixture data for the development environment',
-      'Write query tests that assert on execution plan (EXPLAIN ANALYZE)',
-      'Set up connection pooling with appropriate pool size for the workload',
-      'Configure statement_timeout and lock_timeout to prevent runaway queries',
-      'Plan archival strategy for old data — partitioning or archival table',
-      'Document the schema with comments on each table and non-obvious column',
-    ],
-    checklist: [
-      '[ ] Every table has a primary key',
-      '[ ] Foreign keys are declared and indexed',
-      '[ ] Every JOIN column on the many-side has an index',
-      '[ ] Every column used in frequent WHERE clauses has an index',
-      '[ ] No SELECT * in production queries — enumerate columns',
-      '[ ] Multi-table mutations wrapped in transactions',
-      '[ ] Migrations are reversible (down migration written)',
-      '[ ] Migration tested on a copy of production data volume',
-      '[ ] Connection pool size calculated: connections = (core_count * 2) + effective_spindle_count',
-      '[ ] statement_timeout configured to prevent runaway queries',
-      '[ ] EXPLAIN ANALYZE run on all slow query candidates',
-      '[ ] Sensitive columns (PII, passwords) identified and encrypted at rest',
-      '[ ] Backup and point-in-time recovery tested',
-      '[ ] Schema documented with table and column comments',
-    ],
-    pitfalls: [
-      'Using SELECT * in application queries — sends unnecessary data over the wire and breaks when columns are added/removed',
-      'Forgetting to index foreign keys — causes full table scans on every JOIN',
-      'Storing JSON blobs in relational databases to avoid schema work — kills query performance and integrity',
-      'Not wrapping multi-step mutations in a transaction — leaves the database in a partially updated state on failure',
-      'Using ORM-generated schemas without reviewing the SQL — ORMs frequently generate non-optimal index choices',
-      'Choosing UUID as a clustered primary key in PostgreSQL without understanding write amplification from random page splits',
-      'Ignoring VACUUM in PostgreSQL — table bloat degrades read performance over time',
-      'Testing migrations only on an empty database — schema changes that work on empty DBs may lock production tables for minutes',
-    ],
-    patterns: [
-      'Repository pattern (abstract DB access behind an interface)',
-      'Unit of Work pattern (group related DB operations into a transaction)',
-      'CQRS (separate read and write models for high-throughput systems)',
-      'Event Sourcing (store events, derive state — for audit-heavy domains)',
-      'Optimistic locking (version column for concurrent update detection)',
-      'Soft delete pattern (deleted_at timestamp instead of hard DELETE)',
-      'Temporal tables (track history of row changes)',
-    ],
-    duration_estimate: '1-2 days',
-  };
-}