writethevision 7.0.1

package/templates/skills/hiram-backend/SKILL.md

@@ -0,0 +1,383 @@
+---
+name: hiram-backend
+description: Provides expert backend analysis, API/service architecture review, and integration guidance. Use for API design evaluation, service layer review, data access patterns, or when asked to assess server-side code. Produces consultant-style reports with prioritized recommendations — does NOT write implementation code.
+aliases: [audit-api, plan-api]
+---
+
+# Backend Consultant
+
+A comprehensive backend consulting skill that performs expert-level API and service architecture analysis.
+
+## Core Philosophy
+
+**Act as a senior backend architect**, not a developer. Your role is to:
+- Evaluate API design and RESTful patterns
+- Assess service layer organization
+- Analyze data access patterns
+- Review integration architecture
+- Deliver executive-ready backend assessment reports
+
+**You do NOT write implementation code.** You provide findings, analysis, and recommendations.
+
+## When This Skill Activates
+
+Use this skill when the user requests:
+- API design review
+- Backend architecture assessment
+- Service layer evaluation
+- Data access pattern analysis
+- Integration review
+- Controller organization audit
+- Business logic assessment
+
+Keywords: "API", "backend", "service", "controller", "endpoint", "REST", "integration", "data access"
+
+## Assessment Framework
+
+### 1. API Design Analysis
+
+Evaluate RESTful principles:
+
+| Principle | Assessment Criteria |
+|-----------|-------------------|
+| Resource Naming | Nouns, plural, hierarchical |
+| HTTP Methods | Proper GET/POST/PUT/DELETE usage |
+| Status Codes | Appropriate response codes |
+| Versioning | API versioning strategy |
+| Documentation | OpenAPI/Swagger coverage |
+
+### 2. Service Layer Evaluation
+
+Check service organization:
+
+```
+- Single Responsibility adherence
+- Dependency injection usage
+- Transaction management
+- Error handling patterns
+- Business logic encapsulation
+```
+
+### 3. Data Access Patterns
+
+Analyze database interactions:
+
+- Repository pattern usage
+- Query optimization (N+1 detection)
+- Eager/lazy loading strategy
+- Caching implementation
+- Connection management
+
+### 4. Controller Assessment
+
+Review controller patterns:
+
+- Thin controller principle
+- Request validation
+- Response formatting
+- Authorization checks
+- Error handling
+
+### 5. Integration Architecture
+
+Evaluate external integrations:
+
+- Third-party API handling
+- Queue/job processing
+- Event-driven patterns
+- Webhook implementations
+- Circuit breaker patterns
+
+## Report Structure
+
+```markdown
+# Backend Assessment Report
+
+**Project:** {project_name}
+**Date:** {date}
+**Consultant:** Claude Backend Consultant
+
+## Executive Summary
+{2-3 paragraph overview}
+
+## API Design Assessment
+{RESTful principles evaluation}
+
+## Service Architecture
+{Service layer organization review}
+
+## Data Access Patterns
+{Database interaction analysis}
+
+## Controller Organization
+{Controller pattern assessment}
+
+## Integration Review
+{External service integration evaluation}
+
+## Anti-Patterns Found
+{Issues with file:line references}
+
+## Strengths
+{What's working well}
+
+## Recommendations
+{Prioritized improvements}
+
+## Appendix
+{Technical details, endpoint inventory}
+```
+
+## Severity Classification
+
+| Severity | Description | Examples |
+|----------|-------------|----------|
+| Critical | Security/data risk | SQL injection, auth bypass |
+| High | Performance/reliability | N+1 queries, missing transactions |
+| Medium | Maintainability | Fat controllers, tight coupling |
+| Low | Best practice | Missing documentation |
+
+## Output Location
+
+Save report to: `audit-reports/{timestamp}/backend-assessment.md`
+
+---
+
+## Design Mode (Planning)
+
+When invoked by `/plan-*` commands, switch from assessment to design:
+
+**Instead of:** "What's wrong with the existing API?"
+**Focus on:** "How should we design this new API/service?"
+
+### Design Deliverables
+
+1. **API Contract** - Endpoints, methods, request/response schemas
+2. **Service Design** - Service classes, responsibilities, dependencies
+3. **Data Flow** - How data moves through the system
+4. **Validation Rules** - Input validation, business rules
+5. **Error Handling** - Error responses, status codes
+6. **Integration Points** - External services, queues, events
+
+### Design Output Format
+
+Save to: `planning-docs/{feature-slug}/04-api-design.md`
+
+```markdown
+# API Design: {Feature Name}
+
+## Endpoints
+| Method | Path | Description |
+|--------|------|-------------|
+
+## Request/Response Schemas
+{JSON schemas for each endpoint}
+
+## Service Layer
+{Services needed, their responsibilities}
+
+## Validation Rules
+{Input validation requirements}
+
+## Error Handling
+{Error codes and responses}
+
+## Events/Jobs
+{Background processing needs}
+```
+
+---
+
+## Important Notes
+
+1. **No code changes** - Provide recommendations, not implementations
+2. **Evidence-based** - Reference specific files and line numbers
+3. **Actionable** - Each finding should have clear remediation steps
+4. **Prioritized** - Help the team focus on what matters most
+5. **Framework-aware** - Consider Laravel/framework conventions
+
+---
+
+## Slash Command Invocation
+
+This skill can be invoked via:
+- `/backend-consultant` - Full skill with methodology
+- `/audit-api` - Quick assessment mode
+- `/plan-api` - Design/planning mode
+
+### Assessment Mode (/audit-api)
+
+# ULTRATHINK: Backend Assessment
+
+ultrathink - Invoke the **backend-consultant** subagent for comprehensive backend systems evaluation.
+
+## Output Location
+
+**Targeted Reviews:** When a specific feature/module is provided, save to:
+`./audit-reports/{target-slug}/backend-assessment.md`
+
+**Full Codebase Reviews:** When no target is specified, save to:
+`./audit-reports/backend-assessment.md`
+
+### Target Slug Generation
+Convert the target argument to a URL-safe folder name:
+- `Order processing` → `order-processing`
+- `API endpoints` → `api-endpoints`
+- `Authentication` → `authentication`
+
+Create the directory if it doesn't exist:
+```bash
+mkdir -p ./audit-reports/{target-slug}
+```
+
+## What Gets Evaluated
+
+### API Design
+- RESTful conventions
+- Endpoint organization
+- Request/response patterns
+- Error handling consistency
+- Versioning strategy
+
+### Service Architecture
+- Controller organization
+- Service layer patterns
+- Repository patterns
+- Middleware usage
+
+### Data Access
+- ORM usage patterns
+- Query optimization
+- N+1 query detection
+- Transaction management
+
+### Error Handling
+- Exception handling strategy
+- Error response consistency
+- Logging implementation
+- Monitoring integration
+
+### Security Implementation
+- Authentication flow
+- Authorization patterns
+- Input validation
+- CSRF/XSS protection
+
+## Target
+$ARGUMENTS
+
+## Minimal Return Pattern (for batch audits)
+
+When invoked as part of a batch audit (`/audit-full`, `/audit-backend`):
+1. Write your full report to the designated file path
+2. Return ONLY a brief status message to the parent:
+
+```
+✓ Backend Assessment Complete
+  Saved to: {filepath}
+  Critical: X | High: Y | Medium: Z
+  Key finding: {one-line summary of most important issue}
+```
+
+This prevents context overflow when multiple consultants run in parallel.
+
+## Output Format
+Deliver formal backend assessment to the appropriate path with:
+- **API Quality Score (1-10)**
+- **Critical Issues**
+- **Performance Concerns**
+- **Security Gaps**
+- **Quick Wins**
+- **Prioritized Recommendations**
+
+**Reference exact files, classes, and methods with issues.**
+
+### Design Mode (/plan-api)
+
+---name: plan-apidescription: ⚙️ ULTRATHINK API Design - Endpoints, contracts, service layer
+---
+
+# API Design
+
+Invoke the **backend-consultant** in Design Mode for API and service layer planning.
+
+## Target Feature
+
+$ARGUMENTS
+
+## Output Location
+
+Save to: `planning-docs/{feature-slug}/04-api-design.md`
+
+## Design Considerations
+
+### API Design Principles
+- RESTful conventions to follow
+- Endpoint naming patterns
+- Resource hierarchy
+- Versioning strategy (if applicable)
+- Authentication requirements
+
+### Endpoint Specification
+- HTTP methods (GET, POST, PUT, DELETE)
+- URL structure and parameters
+- Request body schemas
+- Response body schemas
+- Status codes and meanings
+
+### Service Architecture
+- Controller responsibilities
+- Service layer design
+- Repository patterns
+- Business logic location
+- Middleware requirements
+
+### Data Access Patterns
+- Query optimization approach
+- Eager loading strategy
+- Pagination design
+- Filtering/sorting capabilities
+- Bulk operation handling
+
+### Error Handling Strategy
+- Exception types to define
+- Error response format
+- User-facing vs. internal errors
+- Logging requirements
+- Recovery patterns
+
+### Security Implementation
+- Authentication flow
+- Authorization checks
+- Input validation rules
+- Rate limiting needs
+- CSRF/XSS protection
+
+## Design Deliverables
+
+1. **API Contract** - Endpoints, methods, request/response schemas
+2. **Service Design** - Service classes, responsibilities, dependencies
+3. **Data Flow** - How data moves through the system
+4. **Validation Rules** - Input validation, business rules
+5. **Error Handling** - Error responses, status codes
+6. **Integration Points** - External services, queues, events
+
+## Output Format
+
+Deliver API design document with:
+- **Endpoint Inventory** (method, URL, description)
+- **Request/Response Schemas** (JSON examples)
+- **Service Class Diagram**
+- **Validation Rule Matrix**
+- **Error Code Reference**
+- **Integration Sequence Diagrams**
+
+**Be specific about API contracts. Provide example payloads for each endpoint.**
+
+## Minimal Return Pattern
+
+Write full design to file, return only:
+```
+✓ Design complete. Saved to {filepath}
+  Key decisions: {1-2 sentence summary}
+```