@quanticjs/create-app 0.1.1

package/templates/claude/skills/add-integration/SKILL.md

@@ -0,0 +1,176 @@
+# Add External Integration
+
+## When to Use
+When the project integrates with an external system (third-party API, AI provider, partner service).
+
+## Steps
+1. **Create adapter service** in `src/<module>/services/<SystemName>Adapter.ts`:
+   ```typescript
+   @Injectable()
+   export class AcmeAdapter {
+     private readonly logger = new Logger(AcmeAdapter.name);
+     private readonly baseUrl: string;
+     private readonly apiKey: string;
+
+     constructor() {
+       this.baseUrl = process.env.ACME_API_URL!;
+       this.apiKey = process.env.ACME_API_KEY!;
+     }
+
+     async createResource(payload: CreatePayload): Promise<AcmeResponse> {
+       return this.request('POST', '/api/resources', payload);
+     }
+
+     private async request<T>(method: string, path: string, body?: unknown): Promise<T> {
+       const url = `${this.baseUrl}${path}`;
+       const response = await fetch(url, {
+         method,
+         headers: {
+           'Content-Type': 'application/json',
+           'Authorization': `Bearer ${this.apiKey}`,
+           'X-Idempotency-Key': crypto.randomUUID(),
+         },
+         body: body ? JSON.stringify(body) : undefined,
+       });
+
+       if (response.status === 429) {
+         const retryAfter = parseInt(response.headers.get('Retry-After') || '5');
+         await new Promise(r => setTimeout(r, retryAfter * 1000));
+         return this.request(method, path, body);
+       }
+
+       if (!response.ok) {
+         const errorBody = await response.text();
+         this.logger.error({ method, path, status: response.status }, 'External API failed');
+         throw new Error(`${method} ${path}: ${response.status}`);
+       }
+
+       return response.json() as T;
+     }
+   }
+   ```
+2. **Define types** for request/response payloads
+3. **Create command with @Validate** — every integration command needs validation:
+   ```typescript
+   @Validate(SyncResourceValidator)
+   @DistributedLock('sync-resource:{resourceId}')
+   export class SyncResourceCommand {
+     constructor(
+       public readonly resourceId: string,
+       public readonly data: Record<string, unknown>,
+     ) {}
+   }
+   ```
+4. **Create .validator.ts** — co-located Zod schema
+5. **Use in command handler** — inject adapter, use `getTransactionalRepo()`:
+   ```typescript
+   @CommandHandler(SyncResourceCommand)
+   export class SyncResourceHandler implements ICommandHandler<SyncResourceCommand> {
+     constructor(
+       private readonly acme: AcmeAdapter,
+       @InjectRepository(Resource) private readonly resourceRepo: Repository<Resource>,
+     ) {}
+
+     async execute(command: SyncResourceCommand): Promise<Result<ResourceDto>> {
+       const resourceRepo = getTransactionalRepo(this.resourceRepo);
+
+       const externalResult = await this.acme.createResource({
+         reference: command.resourceId,
+         ...command.data,
+       });
+
+       const resource = await resourceRepo.save(
+         resourceRepo.create({
+           ...command,
+           externalId: externalResult.id,
+           syncStatus: 'synced',
+         }),
+       );
+
+       return Result.success(toDto(resource));
+     }
+   }
+   ```
+6. **Add webhook controller** (if the external system sends callbacks):
+   ```typescript
+   @Public()
+   @Controller('webhooks/<system>')
+   export class AcmeWebhookController {
+     constructor(private readonly commandBus: CommandBus) {}
+
+     @Post()
+     async handleWebhook(
+       @Req() req: RawBodyRequest<Request>,
+       @Headers('x-signature') signature: string,
+     ) {
+       const expectedSig = crypto
+         .createHmac('sha256', process.env.ACME_WEBHOOK_SECRET!)
+         .update(req.rawBody!)
+         .digest('hex');
+
+       if (signature !== expectedSig) {
+         throw new UnauthorizedException('Invalid webhook signature');
+       }
+
+       const event = JSON.parse(req.rawBody!.toString());
+       return this.commandBus.execute(new HandleWebhookEventCommand(event));
+     }
+   }
+   ```
+7. **Add environment variables** to `.env` and `docker-compose.yml`
+8. **Add circuit breaker** (MANDATORY for all external integrations):
+   ```typescript
+   import { createCircuitBreaker } from '@quanticjs/core';
+
+   private readonly breaker = createCircuitBreaker({
+     maxRetries: 2,              // 3 total attempts, exponential backoff
+     consecutiveFailures: 5,     // open circuit after 5 consecutive failures
+     halfOpenAfterMs: 30_000,    // test one request after 30s
+   });
+
+   async createResource(payload: CreatePayload): Promise<AcmeResponse> {
+     return this.breaker.execute(() => this.request('POST', '/api/resources', payload));
+   }
+   ```
+   - **States:** Closed (normal) → Open (fast-fail) → Half-open (test one) → Closed on success
+   - 4xx responses are **never retried** and do not count toward circuit-breaker failures
+   - Each integration gets its **own** circuit breaker instance — never share across integrations
+9. **Add tests** — run `/write-backend-tests` for handler, validator, and webhook controller
+
+## Integration Spec Template
+Create `docs/integrations/<system>.md` if it doesn't exist:
+```markdown
+# Integration: <System Name>
+
+## Connection
+- Base URL: env `<SYSTEM>_API_URL`
+- Auth: Bearer token (env `<SYSTEM>_API_KEY`)
+- Rate limit: N req/min
+
+## Endpoints
+| Method | Path | Purpose | Request | Response |
+|--------|------|---------|---------|----------|
+| POST | /api/resource | Create | `{ field: value }` | `{ id, status }` |
+
+## Webhooks (inbound)
+- URL: /webhooks/<system>
+- Signature: HMAC-SHA256 in X-Signature header
+- Secret: env `<SYSTEM>_WEBHOOK_SECRET`
+- Events: resource.created, resource.updated
+
+## Error Handling
+- 429 → retry after Retry-After header
+- 5xx → circuit breaker (5 consecutive failures → open 30s, 2 retries with exponential backoff)
+```
+
+## Rules
+- NEVER hardcode API keys — always `process.env.*`
+- NEVER trust inbound webhooks without signature verification
+- Adapter is the ONLY class that knows the external API — handlers call adapter methods
+- Store external IDs on your entities (`externalId` column) for reconciliation
+- Use idempotency keys on all mutating external calls
+- Log all external calls at debug level (structured JSON) for troubleshooting
+- Circuit breaker on ALL external HTTP calls — prevent cascade failures
+- Each integration gets its own circuit breaker — never share across integrations
+- 4xx responses are never retried and don't count toward circuit-breaker failures
+- All repo access via `getTransactionalRepo()` — never use `this.repo` directly in handlers

package/templates/claude/skills/add-migration/SKILL.md

@@ -0,0 +1,20 @@
+# Add Migration
+
+## Steps
+1. Modify TypeORM entity classes in `src/<module>/entities/`
+2. Generate migration: `npx typeorm migration:generate src/migrations/<MigrationName>`
+3. Review generated SQL — ensure it handles existing data
+4. Run migration: `npx typeorm migration:run`
+5. Verify with: `npx typeorm migration:revert` (test down migration)
+
+## Migration Naming Convention
+Use descriptive names: `AddItemTable`, `AddStatusColumnToOrder`, `CreateIndexOnEmail`.
+
+## Rules
+- NEVER modify a migration that has been run — create a new one
+- Column names are `"camelCase"` (quoted in SQL) — NOT `snake_case`
+- Use regular `CREATE INDEX` in transactional migrations — NEVER `CREATE INDEX CONCURRENTLY`
+- For large tables needing non-blocking index creation, use a separate migration with `transaction = false`
+- NEVER write manual `CREATE TABLE` for tables with TypeORM entities — use `migration:generate`
+- Test migration both up and down
+- Each module's tables live in its own schema (e.g., `identity.*`, `project.*`)

package/templates/claude/skills/add-module/SKILL.md

@@ -0,0 +1,89 @@
+# Add Module (Bounded Context)
+
+## Steps
+1. **Create module directory** — `src/<module-name>/`
+2. **Create subdirectories:**
+   ```
+   src/<module-name>/
+   ├── commands/       # Command classes + handlers + validators
+   ├── queries/        # Query classes + handlers
+   ├── entities/       # TypeORM entities
+   ├── dtos/           # Request/response DTOs
+   ├── controllers/    # THIN controllers
+   ├── services/       # Adapters (external integrations)
+   └── <module-name>.module.ts
+   ```
+3. **Create module file:**
+   ```typescript
+   import { Module } from '@nestjs/common';
+   import { CqrsModule } from '@nestjs/cqrs';
+   import { TypeOrmModule } from '@nestjs/typeorm';
+
+   @Module({
+     imports: [
+       CqrsModule,
+       TypeOrmModule.forFeature([/* entities */]),
+     ],
+     controllers: [/* controllers */],
+     providers: [
+       ...CommandHandlers,
+       ...QueryHandlers,
+       ...Validators,
+     ],
+   })
+   export class XxxModule {}
+   ```
+4. **Register in AppModule** — add to imports array in `src/app.module.ts`
+5. **Create PostgreSQL schema** — migration: `CREATE SCHEMA IF NOT EXISTS <module_name>;`
+6. **Add initial entity** — run `/add-entity`
+
+## App Module Checklist
+
+When registering a new module in `app.module.ts`, ensure these `.forRoot()` modules are present (import once, never in feature modules):
+
+```typescript
+@Module({
+  imports: [
+    QuanticModule.forRoot({ redis: { url: process.env.REDIS_URL } }),
+    QuanticHealthModule.forRoot(),        // health probes — auto-detects DB + Redis
+    ScheduleModule.forRoot(),
+    LoggerModule.forRoot(pinoConfig),
+    // ... feature modules
+    XxxModule,                            // your new module
+  ],
+})
+export class AppModule {}
+```
+
+## Graceful Shutdown
+
+If the service has custom resources (queue workers, websockets, outbox publisher), extend `GracefulShutdownService`:
+
+```typescript
+@Injectable()
+export class AppShutdownService extends GracefulShutdownService {
+  constructor(
+    @Optional() dataSource: DataSource,
+    @Optional() @Inject('REDIS_CLIENT') redis: Redis,
+    private readonly queueWorker: Worker,
+  ) {
+    super(dataSource, redis);
+  }
+
+  protected async drainWork(): Promise<void> {
+    await this.queueWorker.close();
+  }
+}
+```
+
+Register `AppShutdownService` in `app.module.ts` providers. Base class handles DB and Redis cleanup automatically.
+
+## Rules
+- Each module owns its own PostgreSQL schema — no cross-schema queries
+- Modules communicate through `CommandBus`/`QueryBus` — never import another module's services or repositories
+- Only commands, queries, and DTOs are exported from a module
+- Import from `@quanticjs/core` — never import from sibling modules directly
+- Inter-module async communication uses Redis Streams
+- `.forRoot()` modules (ScheduleModule, LoggerModule, QuanticHealthModule, etc.) go ONLY in `app.module.ts`
+- `QuanticHealthModule.forRoot()` is MANDATORY — every service needs health probes
+- Services with queue workers or websockets MUST extend `GracefulShutdownService` and close resources in `drainWork()`

package/templates/claude/skills/add-realtime/SKILL.md

@@ -0,0 +1,119 @@
+# Add Real-time Feature (Socket.IO)
+
+## When to Use
+When you need live updates pushed to the browser — notifications, collaborative editing, live status, real-time feeds.
+
+## Steps
+1. **Create WebSocket gateway** in `src/<module>/gateways/<Feature>Gateway.ts`:
+   ```typescript
+   import { WebSocketGateway, WebSocketServer, SubscribeMessage, ConnectedSocket, MessageBody } from '@nestjs/websockets';
+   import { Server, Socket } from 'socket.io';
+   import { createAdapter } from '@socket.io/redis-adapter';
+   import { Injectable, Inject, Optional } from '@nestjs/common';
+   import { REDIS_CLIENT } from '@quanticjs/core';
+   import type { Redis } from 'ioredis';
+
+   @WebSocketGateway({
+     namespace: '/<feature>',
+     cors: {
+       origin: (process.env.CORS_ORIGINS || 'http://localhost:5173').split(','),
+       credentials: true,
+     },
+   })
+   export class FeatureGateway {
+     @WebSocketServer()
+     server!: Server;
+
+     constructor(@Optional() @Inject(REDIS_CLIENT) private readonly redis?: Redis) {}
+
+     afterInit(server: Server): void {
+       if (this.redis) {
+         const pubClient = this.redis.duplicate();
+         const subClient = this.redis.duplicate();
+         server.adapter(createAdapter(pubClient, subClient));
+       }
+     }
+
+     @SubscribeMessage('subscribe')
+     handleSubscribe(
+       @ConnectedSocket() client: Socket,
+       @MessageBody() data: { resourceId: string },
+     ): void {
+       client.join(`<feature>:${data.resourceId}`);
+     }
+
+     @SubscribeMessage('unsubscribe')
+     handleUnsubscribe(
+       @ConnectedSocket() client: Socket,
+       @MessageBody() data: { resourceId: string },
+     ): void {
+       client.leave(`<feature>:${data.resourceId}`);
+     }
+
+     emitUpdate(resourceId: string, payload: unknown): void {
+       this.server.to(`<feature>:${resourceId}`).emit('update', payload);
+     }
+   }
+   ```
+
+2. **Register in module** — add gateway to `providers` array
+
+3. **Emit from handler** — inject gateway, call `emitUpdate()` after mutation:
+   ```typescript
+   @CommandHandler(UpdateStatusCommand)
+   export class UpdateStatusHandler implements ICommandHandler<UpdateStatusCommand> {
+     constructor(
+       private readonly gateway: FeatureGateway,
+       @InjectRepository(Resource) private readonly repo: Repository<Resource>,
+     ) {}
+
+     async execute(command: UpdateStatusCommand): Promise<Result<void>> {
+       const repo = getTransactionalRepo(this.repo);
+       await repo.update(command.id, { status: command.status });
+       this.gateway.emitUpdate(command.id, { status: command.status });
+       return Result.success();
+     }
+   }
+   ```
+
+4. **Frontend hook** using `@quanticjs/react-query` for cache invalidation:
+   ```typescript
+   import { useEffect } from 'react';
+   import { io } from 'socket.io-client';
+   import { useQueryClient } from '@tanstack/react-query';
+
+   export function useRealtimeUpdates(resourceId: string, queryKey: string[]) {
+     const queryClient = useQueryClient();
+
+     useEffect(() => {
+       const socket = io('/<feature>', { withCredentials: true });
+       socket.emit('subscribe', { resourceId });
+
+       socket.on('update', () => {
+         queryClient.invalidateQueries({ queryKey });
+       });
+
+       return () => { socket.disconnect(); };
+     }, [resourceId, queryKey, queryClient]);
+   }
+   ```
+
+## Patterns
+- **Room per resource** — `<feature>:<resourceId>`
+- **Redis adapter** — required for multi-instance deployments (horizontal scaling)
+- **Graceful fallback** — if Redis unavailable, in-memory adapter (single instance only)
+- **Invalidate, don't push data** — emit event type + ID, let client refetch via React Query
+
+## Frontend Connection
+```typescript
+// Socket.IO uses the BFF cookie automatically
+const socket = io('/<feature>', { withCredentials: true });
+```
+
+## Rules
+- ALWAYS use Redis adapter in production (horizontal scaling)
+- ALWAYS use namespace per feature (avoids event collision)
+- ALWAYS disconnect on component unmount (memory leak prevention)
+- NEVER send large payloads via WebSocket — send event + ID, client refetches
+- NEVER use Socket.IO for data that should go through the command bus
+- Frontend connects with `withCredentials: true` — BFF cookie sent on handshake

package/templates/claude/skills/audit-rules/SKILL.md

@@ -0,0 +1,120 @@
+# Audit Rules Against ADRs
+
+## Usage
+`/audit-rules` — compare `.claude/rules/` against the engineering ADR repository and report gaps.
+
+## Context
+
+Rules in `.claude/rules/` are derived from architectural decision records (ADRs) at:
+`/Users/turkel/Desktop/personal/projecets/engineering-adrs`
+
+Over time, ADRs get updated or new ones are added without updating rules, and vice versa. This skill detects drift between the two.
+
+## ADR-to-Rule Mapping
+
+| ADR (Backend) | Rule File |
+|---|---|
+| 001-modular-monolith.md | backend-patterns.md |
+| 002-cqrs-pipeline-behaviors.md | backend-patterns.md |
+| 003-result-error-handling.md | backend-patterns.md, api-patterns.md |
+| 004-bff-authentication.md | auth-patterns.md |
+| 005-multi-tenancy-rls.md | database-patterns.md |
+| 006-typeorm-code-first-migrations.md | database-patterns.md |
+| 007-two-layer-validation.md | backend-patterns.md |
+| 008-redis-streams-events.md | backend-patterns.md |
+| 009-kubernetes-helm-argocd.md | docker-patterns.md |
+| 010-api-documentation.md | api-patterns.md |
+| 011-observability.md | observability-patterns.md |
+| 012-testing-strategy.md | testing-patterns.md |
+| 013-local-development-workflow.md | docker-patterns.md |
+
+| ADR (Frontend) | Rule File |
+|---|---|
+| 001-monorepo-tooling.md | frontend-patterns.md |
+| 002-design-tokens-and-component-libraries.md | frontend-patterns.md |
+| 003-state-management.md | frontend-patterns.md |
+| 004-authentication-and-authorization.md | auth-patterns.md |
+| 005-typescript-strict-mode.md | frontend-patterns.md |
+| 006-mobile-secure-storage.md | auth-patterns.md |
+| 007-observability.md | observability-patterns.md |
+| 008-testing-strategy.md | testing-patterns.md |
+| 009-local-development-workflow.md | docker-patterns.md |
+
+## Process
+
+### Step 1: Pull latest ADRs
+
+Run `git -C /Users/turkel/Desktop/personal/projecets/engineering-adrs pull` to ensure you're comparing against the latest ADRs.
+
+### Step 2: Read all files
+
+Read every ADR file listed in the mapping table above and every rule file in `.claude/rules/`. Do this in parallel using multiple Read calls to be efficient.
+
+### Step 3: Compare each ADR-rule pair
+
+For each mapping in the table, compare the ADR's decisions against the corresponding rule file. Check for:
+
+**Missing rules** — decisions, bans ("NEVER"), or patterns defined in the ADR but absent from the rule file:
+- Code patterns or conventions mandated in the ADR
+- Explicit bans ("What is explicitly banned" sections)
+- Technology choices or library mandates
+- Configuration requirements
+- Mapping tables (e.g., Result-to-HTTP mappings)
+
+**Stale rules** — rules that contradict or no longer match the current ADR:
+- Values that changed (e.g., a timeout was 30s in the rule but the ADR now says 60s)
+- Patterns that were replaced by newer decisions
+- Libraries or tools that were swapped
+
+**Unmapped ADRs** — any ADR file in the repo that does not appear in the mapping table above. These may need a new rule file or an addition to an existing one.
+
+### Step 4: Report
+
+Output a structured report with three sections:
+
+```
+## Audit: Rules vs ADRs
+
+### Gaps Found
+For each gap:
+- **ADR:** <filename> — <section or quote>
+- **Rule:** <filename> — what's missing or wrong
+- **Action:** what should be added/changed
+
+### Stale Rules
+For each stale rule:
+- **Rule:** <filename> — <the stale content>
+- **ADR:** <filename> — <what it should say now>
+- **Action:** what should change
+
+### New ADRs Without Rules
+For each unmapped ADR:
+- **ADR:** <filename> — <summary of decisions>
+- **Suggested rule file:** <which rule file to add it to>
+
+### Summary
+- X gaps found
+- X stale rules
+- X unmapped ADRs
+```
+
+### Step 5: Offer to fix
+
+After presenting the report, ask the user:
+"Want me to fix these gaps?" using AskUserQuestion with options:
+- **Fix all** — update all rule files to match ADRs
+- **Fix one by one** — go through each gap and ask before fixing
+- **Report only** — no changes, just the audit
+
+If the user chooses to fix, update only the rule files (`.claude/rules/`), never the ADRs. ADRs are the source of truth.
+
+Also update the mapping table in this skill file if new ADRs were found that need mapping.
+
+## Rules
+
+- ADRs are the source of truth. Rules derive from ADRs, not the other way around.
+- NEVER modify ADR files — only modify rule files.
+- When reporting gaps, quote the specific ADR section so the user can verify.
+- Ignore stylistic differences (wording, formatting) — only flag semantic gaps.
+- If an ADR section says "planned" or "future", do NOT flag it as missing from rules. Rules only cover current decisions.
+- Check ADR status field — only compare "Accepted" ADRs. Skip "Proposed", "Deprecated", or "Superseded" ADRs.

package/templates/claude/skills/debugging/SKILL.md

@@ -0,0 +1,105 @@
+# Debugging
+
+## Backend (NestJS)
+
+### Logs
+```bash
+docker compose logs backend -f --tail=100   # Live structured logs (Pino)
+docker compose logs backend 2>&1 | grep -i error  # Filter errors only
+```
+
+### Health Check
+```bash
+curl http://localhost:3000/health
+```
+
+### Database
+```bash
+docker compose exec postgres psql -U postgres -d autoflux
+npx typeorm migration:show       # List migrations and status
+npx typeorm migration:run        # Apply pending migrations
+npx typeorm migration:revert     # Rollback last migration
+```
+
+### Redis
+```bash
+docker compose exec redis redis-cli PING
+docker compose exec redis redis-cli MONITOR          # Watch all commands live
+docker compose exec redis redis-cli KEYS '*'         # List all keys
+docker compose exec redis redis-cli XINFO GROUPS <stream>  # Stream consumer info
+```
+
+### Running specific tests
+```bash
+npx jest --testPathPattern=CreateItem --verbose
+npx jest --watch  # interactive mode
+```
+
+## Frontend (React)
+
+### Dev Server
+```bash
+cd client && npm run dev    # Check terminal for build errors
+```
+
+### Browser DevTools
+1. **Console** — check for React errors, unhandled rejections
+2. **Network** — verify API calls go to `/api/*` (not direct to :3000)
+3. **Application > Cookies** — verify httpOnly session cookie exists after login
+4. **React DevTools** — inspect component state and query cache
+5. **TanStack Query DevTools** — inspect cache state, stale queries, refetch triggers
+
+### Running specific tests
+```bash
+cd client && npx vitest run src/pages/ProjectsPage.test.tsx
+cd client && npx playwright test projects.spec.ts
+```
+
+## Common Issues
+
+### Auth / 401 Errors
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| 401 on every request | Session cookie missing/expired | Re-login via `/auth/login` |
+| 401 after refresh | Keycloak session expired | Restart Keycloak: `docker compose restart keycloak` |
+| Login redirect loop | Callback URL mismatch | Check Keycloak client config: Valid Redirect URIs |
+| No cookie set | Vite proxy not configured | Verify `vite.config.ts` has `/auth` proxy |
+
+### Database / Migrations
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| `relation does not exist` | Migration not run | `npx typeorm migration:run` |
+| `column does not exist` | Entity/migration mismatch | `npx typeorm migration:generate src/migrations/Fix` |
+| Migration fails | Conflict with existing data | Check migration SQL, add IF NOT EXISTS |
+| Duplicate key error | Missing unique constraint handling | Add `@DistributedLock` or check-before-insert |
+
+### Docker / Services
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| Connection refused :3000 | Backend not started | `docker compose up backend` |
+| Connection refused :5432 | Trying localhost for DB | Use Docker hostname `postgres` in backend config |
+| Container restarting | OOM or crash loop | `docker compose logs <svc> --tail=20` |
+| Slow hot reload | Volume mount lag | Restart: `docker compose restart backend` |
+
+### Redis / Streams
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| Stream lag growing | Consumer crashed | Check consumer logs, restart service |
+| DLQ filling up | Handler throwing repeatedly | Fix handler bug, then reprocess DLQ |
+| Cache stale | Missing invalidation | Check mutation's cache invalidation logic |
+
+### Frontend / API
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| CORS error | Bypassing Vite proxy | Use relative URLs (`/api/...`), not `http://localhost:3000` |
+| Stale data | Missing `invalidates` | Add `invalidates: [['queryKey']]` to `useApiMutation` |
+| Form errors not showing | Not using `@quanticjs/react-forms` | Use `useForm` — auto-maps server errors |
+| White screen | Unhandled error | Check browser console, add ErrorBoundary |
+
+## Quick Diagnostic Script
+```bash
+echo "=== Services ===" && docker compose ps
+echo "=== Backend Health ===" && curl -s http://localhost:3000/health | jq .
+echo "=== Pending Migrations ===" && npx typeorm migration:show 2>&1 | grep -v "✓"
+echo "=== Redis ===" && docker compose exec redis redis-cli PING
+```