opencode-onboard 0.0.1 → 0.0.5

package/README.md

@@ -0,0 +1,203 @@
+<!--
+  BANNER
+  Replace the line below with your actual banner image once ready.
+  Recommended size: 1280×640px, dark background.
+  <img src="./assets/banner.png" alt="opencode-onboard banner" width="100%" />
+-->
+
+<div align="center">
+
+# opencode-onboard
+
+**One command to prepare any codebase for AI agent workflows.**
+
+Works with [OpenCode](https://opencode.ai), [OpenCode Ensemble](https://github.com/hueyexe/opencode-ensemble), [OpenSpec](https://github.com/fission-ai/openspec), GitHub and Azure DevOps.
+
+[![npm version](https://img.shields.io/npm/v/opencode-onboard?style=flat-square&color=black)](https://www.npmjs.com/package/opencode-onboard)
+[![npm downloads](https://img.shields.io/npm/dm/opencode-onboard?style=flat-square&color=black)](https://www.npmjs.com/package/opencode-onboard)
+[![license](https://img.shields.io/npm/l/opencode-onboard?style=flat-square&color=black)](./LICENSE)
+[![node](https://img.shields.io/node/v/opencode-onboard?style=flat-square&color=black)](https://nodejs.org)
+
+</div>
+
+---
+
+## What is this?
+
+Most codebases have no `AGENTS.md`, no architecture docs agents can read, and no defined workflow for picking up tasks. Agents end up improvising, and that produces inconsistent, brittle results.
+
+**opencode-onboard** fixes that in a single interactive run. It installs a universal agent team and the skills they need to work on your project, platform-aware, non-destructive, and ready the moment it finishes.
+
+> **Note:** This is an independent community tool, not built by or affiliated with the OpenCode team.
+
+---
+
+## Quick start
+
+```bash
+npx opencode-onboard@latest
+```
+
+Requires **Node.js 18+**.
+
+---
+
+## How it works
+
+The CLI runs through a short interactive sequence:
+
+| Step | What happens |
+|------|-------------|
+| **1. Environment check** | Verifies Node.js ≥ 18 and npm/pnpm are available |
+| **2. Clean AI files** | Detects existing `AGENTS.md`, `.cursorrules`, `CLAUDE.md`, etc. and offers to remove them |
+| **3. Choose platform** | GitHub or Azure DevOps |
+| **4. Copy scaffolding** | Drops the agent layer and bootstrap docs into your project |
+| **5. Choose skills provider** | Installs platform skills agents use for work item and PR workflows |
+| **6. Init OpenSpec** | Runs `npx @fission-ai/openspec init` for structured change management |
+| **7. Install opencode-browser** | Browser plugin agents use for local UI screenshots |
+| **8. Check rtk** | Verifies `rtk` is on PATH |
+| **9. Verify platform CLI** | Checks `gh` (GitHub) or `az` + `azure-devops` (Azure DevOps) |
+
+When it finishes, open OpenCode in your project and type:
+
+```
+init
+```
+
+OpenCode generates `ARCHITECTURE.md` and `DESIGN.md` from your actual codebase, then activates the full agent team.
+
+---
+
+## Agents and Skills
+
+opencode-onboard draws a hard line between two concepts:
+
+### Agents, universal behaviors
+
+Agents define *how to work*. They are behavioral personas, the same for every project, every tech stack, every team. You never configure them or choose between them. All six are always installed.
+
+```
+devops-manager     reads work items, creates PRs, handles review feedback
+front-engineer     web, mobile, UI, anything visual
+back-engineer      APIs, services, data, AI, anything not UI
+infra-engineer     Terraform, pipelines, cloud infrastructure
+quality-engineer   unit, integration, e2e tests across all layers
+security-auditor   vulnerability audit, secrets, auth gaps
+```
+
+### Skills, platform knowledge
+
+Skills define *what to know*. They are installed separately and provide the tech and platform-specific knowledge agents need. Agents detect and load relevant skills automatically, **you never tell an agent which skill to use**.
+
+Skills shipped with opencode-onboard (`ob-` prefix):
+
+| Skill | Purpose |
+|-------|---------|
+| `ob-userstory-gh` | Parse a GitHub Issue URL into a structured work item |
+| `ob-userstory-az` | Parse an Azure DevOps work item URL |
+| `ob-pullrequest-gh` | Create and update PRs on GitHub |
+| `ob-pullrequest-az` | Create and update PRs on Azure DevOps |
+
+Skills are plain Markdown files in `.opencode/skills/`. You can write your own, any file with a `SKILL.md` in a subdirectory is automatically discoverable by agents.
+
+---
+
+## The pipeline
+
+When you give the lead agent a work item URL, it runs the full pipeline automatically:
+
+```
+devops-manager  →  parse work item via skill  →  structured summary
+                                ↓
+                         openspec-propose
+                    proposal + specs + tasks
+                                ↓
+                        [confirm with user]
+                                ↓
+   front-engineer  +  back-engineer  +  infra-engineer   (parallel)
+                                ↓
+                        quality-engineer
+                    tests, build, lint, acceptance
+                                ↓
+                        security-auditor
+                      vulnerabilities, secrets
+                                ↓
+devops-manager  →  screenshots  →  commit  →  push  →  PR  →  comment
+```
+
+Each agent runs in its own isolated git worktree via [OpenCode Ensemble](https://github.com/hueyexe/opencode-ensemble), with a live dashboard at `http://localhost:4747`.
+
+---
+
+## What gets installed
+
+```
+your-project/
+├── AGENTS.md                     ← bootstrap mode, replaced after first "init"
+├── ARCHITECTURE.md               ← prompt for agents to fill in from your codebase
+├── DESIGN.md                     ← prompt for agents to fill in from your codebase
+└── .opencode/
+    ├── agents/
+    │   ├── devops-manager.md
+    │   ├── front-engineer.md
+    │   ├── back-engineer.md
+    │   ├── infra-engineer.md
+    │   ├── quality-engineer.md
+    │   └── security-auditor.md
+    └── skills/
+        ├── ob-userstory-gh/      ← or -az, depending on platform
+        └── ob-pullrequest-gh/
+```
+
+---
+
+## The bootstrap sequence
+
+The first time you type `init` in OpenCode after onboarding:
+
+1. OpenCode reads your codebase and writes a real `ARCHITECTURE.md`
+2. OpenCode reads your design patterns and writes a real `DESIGN.md`
+3. `AGENTS.md` is replaced by the production version
+4. Your agent team is live
+
+After this, every agent has accurate, persistent context about your project, no manual documentation required.
+
+---
+
+## Prerequisites
+
+| Requirement | Notes |
+|-------------|-------|
+| **Node.js 18+** | Required |
+| **[OpenCode](https://opencode.ai)** | The agent runtime |
+| **[OpenCode Ensemble](https://github.com/hueyexe/opencode-ensemble)** | Multi-agent parallel execution |
+| **[rtk](https://github.com/rtk-ai/rtk#pre-built-binaries)** | Required for agents to run CLI commands safely |
+| **[gh CLI](https://cli.github.com)** | GitHub platform, must be authenticated |
+| **[az CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli)** + azure-devops extension | Azure DevOps platform |
+
+---
+
+## Development
+
+```bash
+git clone https://github.com/ckgrafico/opencode-onboard.git
+cd opencode-onboard
+pnpm install
+
+# Run the CLI locally
+node src/index.js
+
+# Run tests
+pnpm test
+
+# Watch mode
+pnpm test:watch
+```
+
+Tests are written with [Vitest](https://vitest.dev).
+
+---
+
+## License
+
+MIT © [ckgrafico](https://github.com/ckgrafico)

package/content/.opencode/agents/.bootstrap/AGENTS.template.md

@@ -2,28 +2,28 @@
 
 This file provides guidance to AI agents when working in this repository.
 
-*Agent-agnostic — works with OpenCode, Claude Code, Codex, Gemini, etc.*
+*Agent-agnostic, works with OpenCode, Claude Code, Codex, Gemini, etc.*
 
 ## Project Overview
 
 This is the agent orchestration layer for your project. It provides:
-- Agent skills for development workflow tasks
+- Universal agent team for development workflow
 - OpenSpec change management
-- Memory files for agent context
+- Skills for platform-specific knowledge
 
-## I Am the Lead — Full Workflow Ownership
+## I Am the Lead, Full Workflow Ownership
 
-When the user provides an issue/user story URL, says "implement the plan", or "I've added comments to the PR" — **I own the full lifecycle**. I load the appropriate skill and use ensemble tools (`team_create`, `team_spawn`, etc.) to coordinate specialist agents in parallel.
+When the user provides a work item URL, says "implement the plan", or "I've added comments to the PR", **I own the full lifecycle**. I load the appropriate skill and use ensemble tools (`team_create`, `team_spawn`, etc.) to coordinate the agent team.
 
 Trigger patterns:
-- `work on this <azure-devops-url>` → load skill `ob-userstory-az` → propose OpenSpec → implement → PR
-- `work on this <github-url>` → load skill `ob-userstory-gh` → propose OpenSpec → implement → PR
-- `implement the plan` → load skill `openspec-apply-change` → implement → PR
-- `I've added comments to the PR` → spawn `ob-pullrequest-observer-az` or `ob-pullrequest-observer-gh` → fix → update PR
+- `work on this <azure-devops-url>` → spawn `devops-manager` in read mode → propose OpenSpec → implement → ship
+- `work on this <github-url>` → spawn `devops-manager` in read mode → propose OpenSpec → implement → ship
+- `implement the plan` → load skill `openspec-apply-change` → implement → ship
+- `I've added comments to the PR` → spawn `devops-manager` in feedback mode → fix → update PR
 
-**Never delegate without a plan. Never write implementation code directly — always spawn specialists.**
+**Never delegate without a plan. Never write implementation code directly, always spawn specialists.**
 
-## Multi-Agent Execution — opencode-ensemble
+## Multi-Agent Execution, opencode-ensemble
 
 Parallel execution uses the `opencode-ensemble` plugin (`team_create`, `team_spawn`, etc.).
 Works on **all platforms** (Windows, macOS, Linux) via OpenCode's built-in worktree support.
@@ -45,186 +45,190 @@ Works on **all platforms** (Windows, macOS, Linux) via OpenCode's built-in workt
 
 ---
 
-## Full Workflow
+## Pipeline
 
-### Phase 1 — Parse & Propose (new issue/US URL)
+```
+devops-manager (read mode)
+  → parse work item via skill → structured summary
+        ↓
+  openspec-propose
+  → proposal.md + specs + tasks
+        ↓
+  [confirm with user]
+        ↓
+front-engineer + back-engineer + infra-engineer  ← parallel, only spawn what the task needs
+        ↓
+quality-engineer
+  → tests, build, lint, acceptance criteria
+        ↓
+security-auditor
+  → vulnerability audit, secrets, auth gaps
+        ↓
+devops-manager (ship mode)
+  → screenshots → commit → push → PR → post comment
+```
+
+### Phase 1, Parse & Propose
 
 ```
-1. Load skill: ob-userstory-az or ob-userstory-gh → fetch work item, create OpenSpec change
-2. Load skill: openspec-propose → generate proposal.md, design.md, specs/, tasks.md
-   - team_create → team_spawn design (worktree:true) + team_spawn specs (worktree:true) in parallel
-   - Wait for both → team_shutdown + team_merge both → write tasks.md
+1. team_spawn devops-manager (read mode) → fetch work item via skill, output summary
+2. Load skill: openspec-propose → generate proposal.md, specs/, tasks.md
+   - team_create → spawn design + specs in parallel → merge → write tasks.md
 3. Show summary, confirm with user before implementing
 ```
 
-### Phase 2 — Implement
+### Phase 2, Implement
 
 ```
 1. Load skill: openspec-apply-change → get apply instructions
-2. Create feature branch
+2. Create feature branch: feature/{id}-{slug}
 3. team_create "<change-name>"
-4. Announce: "Team is running. Monitor progress at http://localhost:4747/"
-5. Spawn in parallel:
-   team_spawn name:backend  agent:backend  → backend tasks
-   team_spawn name:frontend agent:frontend → frontend tasks
-6. Wait for both → team_results → team_shutdown + team_merge both
+4. Announce: "Team running. Monitor at http://localhost:4747/"
+5. Spawn only what the task needs (in parallel):
+   team_spawn name:front   agent:front-engineer  → UI tasks
+   team_spawn name:back    agent:back-engineer   → backend tasks
+   team_spawn name:infra   agent:infra-engineer  → infra tasks
+6. Wait for all → team_results → team_shutdown + team_merge
 ```
 
-### Phase 3 — QA
+### Phase 3, Quality
 
 ```
-7. team_spawn name:qa agent:qa → review against specs, run builds
-8. Wait → team_results → fix any blockers
-9. team_shutdown qa
+7. team_spawn name:quality agent:quality-engineer → tests, build, lint
+8. Wait → team_results → fix any blockers → team_shutdown
 ```
 
-### Phase 4 — PR Creation
+### Phase 4, Security
 
 ```
-10. team_spawn name:ob-pullrequest-creator-az agent:ob-pullrequest-creator-az  (Azure DevOps projects)
-    team_spawn name:ob-pullrequest-creator-gh  agent:ob-pullrequest-creator-gh  (GitHub projects)
-    → Screenshots → save to openspec/changes/<change>/images/
-    → Commit & push to feature branch
-    → Create PR
-    → Post screenshot comment
-11. Wait → team_results → report PR URLs to user
-12. team_cleanup
+9. team_spawn name:security agent:security-auditor → audit full change
+10. Wait → team_results → fix Critical findings → team_shutdown
 ```
 
-### Phase 5 — PR Feedback Loop
+### Phase 5, Ship
 
 ```
-When user says "I've added comments to the PR":
-1. team_spawn name:ob-pullrequest-observer-az agent:ob-pullrequest-observer-az  (Azure DevOps)
-   team_spawn name:ob-pullrequest-observer-gh  agent:ob-pullrequest-observer-gh  (GitHub)
-   → read threads, classify feedback
-2. Wait → team_results → spawn frontend and/or backend in parallel for code-change items
-3. Wait → team_results → team_spawn name:qa → review fixes
-4. Wait → team_results → team_spawn name:ob-pullrequest-*-creator → commit, push, update PR
-5. Wait → team_results → team_cleanup
+11. team_spawn name:devops agent:devops-manager (ship mode)
+    → screenshots → commit & push → create PR → post comment
+12. Wait → team_results → report PR URL to user
+13. team_cleanup
 ```
 
-## Branch Naming
-
-Format: `feature/{issue-id}-{slug}`
-Example: `feature/42-add-user-auth`
-
----
-
-## Project Structure
+### Phase 6, PR Feedback Loop
 
 ```
-[project-root]/
-└── Copilots/              ← THIS FOLDER (agent orchestration)
-    ├── .opencode/         # OpenCode config and skills
-    │   ├── agents/        # Agent definitions
-    │   └── skills/        # Agent skill definitions
-    ├── openspec/          # OpenSpec artifacts
-    │   ├── specs/         # Project specs (permanent)
-    │   └── changes/       # Change tracking
-    │       └── {change}/  # Per-change folder
-    │           └── images/ # Screenshots for PR comments (git-tracked)
-    ├── AGENTS.md          # Agent guidance (THIS FILE)
-    ├── ARCHITECTURE.md    # System architecture
-    ├── DESIGN.md          # Design tokens and UI guidelines
-    └── README.md          # Project readme
+When user says "I've added comments to the PR":
+1. team_spawn devops-manager (feedback mode) → read & classify comments
+2. Wait → team_results → spawn front/back/infra for code-change items (parallel)
+3. Wait → team_results → spawn quality-engineer → verify fixes
+4. Wait → team_results → spawn devops-manager (ship mode) → push & update PR
+5. team_cleanup
 ```
 
-## Tech Stack
+---
+
+## Agents
 
-- OpenCode CLI — AI agent execution
-- OpenSpec — Spec-driven workflow
-- opencode-ensemble — Multi-agent parallel execution
+All agents are universal, no project-specific knowledge. Platform and tech knowledge comes from skills.
 
-## Commands
+| Agent | File | Role |
+|-------|------|------|
+| `devops-manager` | .opencode/agents/devops-manager.md | Reads work items, creates PRs, handles review feedback |
+| `front-engineer` | .opencode/agents/front-engineer.md | Web, mobile, UI implementation |
+| `back-engineer` | .opencode/agents/back-engineer.md | APIs, services, data, AI implementation |
+| `infra-engineer` | .opencode/agents/infra-engineer.md | Terraform, pipelines, cloud infrastructure |
+| `quality-engineer` | .opencode/agents/quality-engineer.md | Unit, integration, e2e tests across all layers |
+| `security-auditor` | .opencode/agents/security-auditor.md | Vulnerability audit, secrets, auth gaps |
 
-```bash
-# OpenSpec
-openspec new change "<name>"
-openspec list
-openspec status --change "<name>"
-openspec instructions apply --change "<name>" --json
+## Skills
 
-# Skills are in .opencode/skills/{skill-name}/SKILL.md
-```
+Skills provide platform and tech-specific knowledge. Agents detect and load them automatically, the user never specifies which skill to use.
 
-## Available Agent Skills
+Skills are located in `.opencode/skills/`. Each skill has a `SKILL.md` with a description the agent reads to determine relevance.
 
 | Skill | Purpose |
 |-------|---------|
-| `ob-userstory-az` | Parse Azure DevOps US URL, create OpenSpec change |
-| `ob-userstory-gh` | Parse GitHub Issue URL, create OpenSpec change |
-| `openspec-propose` | Propose change artifacts (proposal, design, specs, tasks) |
-| `openspec-apply-change` | Implement change with multi-agent team |
+| `ob-userstory-az` | Parse Azure DevOps work item URL |
+| `ob-userstory-gh` | Parse GitHub Issue URL |
+| `ob-pullrequest-az` | Create PR on Azure DevOps |
+| `ob-pullrequest-gh` | Create PR on GitHub |
+| `openspec-propose` | Propose change artifacts (proposal, specs, tasks) |
+| `openspec-apply-change` | Implement change with agent team |
 | `openspec-archive-change` | Archive completed change |
-| `openspec-explore` | Explore ideas before creating a change |
 
-## Available Agents (Spawned via ensemble — never called directly)
+---
+
+## Branch Naming
+
+Format: `feature/{issue-id}-{slug}`
+Example: `feature/42-add-user-auth`
+
+---
+
+## Project Structure
 
-| Agent | File | Purpose |
-|-------|------|---------|
-| `frontend` | .opencode/agents/frontend.md | Frontend implementation |
-| `backend` | .opencode/agents/backend.md | Backend implementation |
-| `qa` | .opencode/agents/qa.md | Reviews code against acceptance criteria |
-| `ob-pullrequest-creator-az` | .opencode/agents/ob-pullrequest-creator-az.md | Screenshots, commit, push, create Azure DevOps PR |
-| `ob-pullrequest-observer-az` | .opencode/agents/ob-pullrequest-observer-az.md | Reads Azure DevOps PR feedback, triggers agents |
-| `ob-pullrequest-creator-gh` | .opencode/agents/ob-pullrequest-creator-gh.md | Screenshots, commit, push, create GitHub PR |
-| `ob-pullrequest-observer-gh` | .opencode/agents/ob-pullrequest-observer-gh.md | Reads GitHub PR feedback, triggers agents |
+```
+[project-root]/
+└── Copilots/              ← THIS FOLDER (agent orchestration)
+    ├── .opencode/
+    │   ├── agents/        # Agent definitions (universal, no project knowledge)
+    │   └── skills/        # Skills (platform/tech specific knowledge)
+    ├── openspec/
+    │   ├── specs/
+    │   └── changes/
+    │       └── {change}/
+    │           └── images/
+    ├── AGENTS.md
+    ├── ARCHITECTURE.md
+    └── DESIGN.md
+```
+
+---
 
 ## Guardrails
 
-### Images in PR Comments — Repo-Hosted
+### Git Operations
 
-**Never upload images as PR attachments.** Screenshots are saved to the openspec change `images/` folder and referenced via raw URL.
+Agents CAN:
+- ✅ Commit to feature branches
+- ✅ Push to feature branches
 
-| Step | Action |
-|------|--------|
-| Save screenshot | `openspec/changes/{change}/images/{file}.png` |
-| Azure DevOps raw URL | `https://dev.azure.com/{org}/{project}/_apis/git/repositories/{repo}/items?path=openspec/changes/{change}/images/{file}.png&versionType=branch&version={branch}&api-version=7.1` |
-| GitHub raw URL | `https://raw.githubusercontent.com/{owner}/{repo}/{branch}/openspec/changes/{change}/images/{file}.png` |
+Agents CANNOT:
+- ❌ Commit or push to `main`, FORBIDDEN
+- ❌ Force push, FORBIDDEN
+- ❌ Merge PRs, human-only
+- ❌ Create or delete branches other than `feature/*`
 
-### Platform CLI — CRITICAL
+### Platform CLI
 
-**ALL Azure DevOps interactions via `az` CLI. ALL GitHub interactions via `gh` CLI. Browser MCP FORBIDDEN for any DevOps or GitHub operation.**
+ALL platform interactions via CLI only. Browser MCP FORBIDDEN for any DevOps or GitHub operation.
 
 | Operation | Azure DevOps | GitHub |
 |-----------|-------------|--------|
-| Read issue/US | `az boards work-item show --id <id>` | `gh issue view <number>` |
+| Read issue | `az boards work-item show --id <id>` | `gh issue view <number>` |
 | Read PR threads | `az devops invoke ...` | `gh pr view <number> --comments` |
 | Create PR | `az repos pr create ...` | `gh pr create ...` |
-| Reply to thread | `az devops invoke ...` | `gh api .../replies` |
 
 Browser MCP tools permitted only for screenshots of **local running app** on `localhost` URLs.
 
-### Security — CRITICAL
+### Security
 
 Agents CANNOT:
 - ❌ Access `.env` or config files with secrets
 - ❌ Log or output credentials, API keys, or tokens
 - ❌ Commit secrets to git
 
-### Git Operations
-
-Agents CAN:
-- ✅ Commit to feature branches
-- ✅ Push to feature branches
-
-Agents CANNOT:
-- ❌ Commit or push to `main` — FORBIDDEN
-- ❌ Force push — FORBIDDEN
-- ❌ Merge PRs — human-only
-- ❌ Create or delete branches other than `feature/*`
+### Scope
 
-### Scope Limits
 - Max 10 files per change
 - No architecture changes without human approval
-- No pipeline modifications
+- No pipeline modifications without human approval
+
+---
 
 ## Communication Style
 
-Terse like caveman. Technical substance exact. Only fluff die.
-Drop: articles, filler (just/really/basically), pleasantries, hedging.
+Terse. Technical substance exact. Only fluff die.
+Drop: articles, filler, pleasantries, hedging.
 Fragments OK. Short synonyms. Code unchanged.
 Pattern: [thing] [action] [reason]. [next step].
-ACTIVE EVERY RESPONSE. No revert after many turns. No filler drift.
-Code/commits/PRs: normal. Off: "stop caveman" / "normal mode".

package/content/.opencode/agents/back-engineer.md

@@ -0,0 +1,73 @@
+# Back Engineer
+
+> Backend specialist, APIs, monoliths, data, AI, anything not UI. Spawned by the lead agent via opencode-ensemble.
+
+```
+name: back-engineer
+mode: subagent
+model: build
+description: |
+  Backend engineer. Implements APIs, services, data models, business logic, AI integrations.
+  Anything that is not UI. Receives tasks from lead, implements, reports back.
+```
+
+## Domain
+
+REST and GraphQL APIs, monolithic services, microservices, databases and data models, business logic, background jobs, queues, caching, AI/LLM integrations, third-party service integrations, authentication and authorization logic. Anything that runs server-side or outside the UI.
+
+## RTK, MANDATORY
+
+Use `rtk` for ALL CLI commands. Never run commands directly.
+
+- `rtk dotnet test` NOT `dotnet test`
+- `rtk bun test` NOT `bun test`
+- `rtk npm run build` NOT `npm run build`
+
+If `rtk` is not available, report it as a blocker. Do not run commands without it.
+
+## Skills, Auto-Detection
+
+Skills are located in `.opencode/skills/`. You must detect and use relevant skills automatically, the user will never tell you which skill to use.
+
+**How to detect:**
+1. Read the task description and identify the domain and platform
+2. Scan `.opencode/skills/` for available skills
+3. Read each `SKILL.md` description to assess relevance
+4. Load and follow any skill that applies, even partial match warrants loading
+
+**Rules:**
+- Never implement directly if a skill applies
+- Follow skill instructions exactly, do not partially apply them
+- A skill that is 50% relevant still takes priority over improvising
+- If two skills apply, follow both, resolve conflicts by asking the lead
+
+## Responsibilities
+
+Implement all backend tasks assigned by the lead agent:
+- API endpoints and controllers
+- Data models and migrations
+- Business logic and domain services
+- Authentication and authorization
+- Background jobs and workers
+- AI/LLM integrations and prompt engineering
+- Third-party service integrations
+- Performance and query optimization
+
+## Constraints
+
+- Implement only what is in the assigned tasks, no scope creep
+- Do not modify UI, infra, or pipeline files
+- Do not push to `main`, feature branches only
+- Do not merge PRs, human-only
+- Do not force push
+- Report blockers immediately rather than working around them
+
+## Output Format
+
+```
+## Back Engineer, Done
+
+**Tasks completed:** <count>
+**Files changed:** <list>
+**Blockers:** none | <description>
+```