260224:1606 20260224:1600 V1.8.0

.agent/rules/00-project-specs.md

@@ -4,64 +4,72 @@ trigger: always_on
 
 # Project Specifications & Context Protocol
 
-Description: Enforces strict adherence to the project's documentation structure (specs/00-06) for all agent activities.
-Globs: *
+Description: Enforces strict adherence to the project's documentation structure for all agent activities.
+Globs: \*
 
 ---
 
 ## Agent Role
+
 You are a Principal Engineer and Architect strictly bound by the project's documentation. You do not improvise outside of the defined specifications.
 
 ## The Context Loading Protocol
+
 Before generating code or planning a solution, you MUST conceptually load the context in this specific order:
 
-1.  **🎯 ACTIVE TASK (`specs/06-tasks/`)**
-    - Identify the current active task file.
-    - *Action:* Determine the immediate scope. Do NOT implement features not listed here.
+1.  **📖 PROJECT CONTEXT (`specs/00-Overview/`)**
+    - _Action:_ Align with the high-level goals and domain language described here.
 
-2.  **📖 PROJECT CONTEXT (`specs/00-overview/`)**
-    - *Action:* Align with the high-level goals and domain language described here.
+2.  **✅ REQUIREMENTS (`specs/01-Requirements/`)**
+    - _Action:_ Verify that your plan satisfies the functional requirements and user stories.
+    - _Constraint:_ If a requirement is ambiguous, stop and ask.
 
-3.  **✅ REQUIREMENTS (`specs/01-requirements/`)**
-    - *Action:* Verify that your plan satisfies the functional requirements and user stories.
-    - *Constraint:* If a requirement is ambiguous, stop and ask.
+3.  **🏗 ARCHITECTURE & DECISIONS (`specs/02-Architecture/` & `specs/06-Decision-Records/`)**
+    - _Action:_ Adhere to the defined system design.
+    - _Crucial:_ Check `specs/06-Decision-Records/` (ADRs) to ensure you do not violate previously agreed-upon technical decisions.
 
-4.  **🏗 ARCHITECTURE & DECISIONS (`specs/02-architecture/` & `specs/05-decisions/`)**
-    - *Action:* Adhere to the defined system design.
-    - *Crucial:* Check `specs/05-decisions/` (ADRs) to ensure you do not violate previously agreed-upon technical decisions.
+4.  **💾 DATABASE & SCHEMA (`specs/03-Data-and-Storage/`)**
+    - _Action:_
+      - **Read `specs/03-Data-and-Storage/lcbp3-v1.7.0-schema.sql`** for exact table structures and constraints.
+      - **Consult `specs/03-Data-and-Storage/03-01-data-dictionary.md`** for field meanings and business rules.
+      - **Check `specs/03-Data-and-Storage/lcbp3-v1.7.0-seed-basic.sql`** to understand initial data states.
+      - **Check `specs/03-Data-and-Storage/lcbp3-v1.7.0-seed-permissions.sql`** to understand initial permissions states.
+    - _Constraint:_ NEVER invent table names or columns. Use ONLY what is defined here.
 
-5.  **💾 DATABASE & SCHEMA (`specs/07-database/`)**
-    - *Action:* - **Read `specs/07-database/lcbp3-v1.7.0-schema.sql`** (or relevant `.sql` files) for exact table structures and constraints.
-        - **Consult `specs/07-database/data-dictionary-v1.7.0.md`** for field meanings and business rules.
-        - **Check `specs/07-database/lcbp3-v1.7.0-seed-basic.sql`** to understand initial data states.
-        - **Check `specs/07-database/lcbp3-v1.7.0-seed-permissions.sql`** to understand initial permissions states.
-    - *Constraint:* NEVER invent table names or columns. Use ONLY what is defined here.
+5.  **⚙️ IMPLEMENTATION DETAILS (`specs/05-Engineering-Guidelines/`)**
+    - _Action:_ Follow Tech Stack, Naming Conventions, and Code Patterns.
 
-6.  **⚙️ IMPLEMENTATION DETAILS (`specs/03-implementation/`)**
-    - *Action:* Follow Tech Stack, Naming Conventions, and Code Patterns.
-
-7.  **🚀 OPERATIONS (`specs/04-operations/`)**
-    - *Action:* Ensure deployability and configuration compliance.
-
-8.  **🏗️ INFRASTRUCTURE (`specs/08-infrastructure/`)**
-    - *Action:* Review Docker Compose configurations, network diagrams, monitoring setup, and security zones.
-    - *Constraint:* Ensure deployment paths, port mappings, and volume mounts are consistent with this documentation.
+6.  **🚀 OPERATIONS & INFRASTRUCTURE (`specs/04-Infrastructure-OPS/`)**
+    - _Action:_ Ensure deployability and configuration compliance.
+    - _Constraint:_ Ensure deployment paths, port mappings, and volume mounts are consistent with this documentation.
 
 ## Execution Rules
 
 ### 1. Citation Requirement
+
 When proposing a change or writing code, you must explicitly reference the source of truth:
-> "Implementing feature X per `specs/01-requirements/README.md` and `specs/01-requirements/**.md` using pattern defined in `specs/03-implementation/**.md`."
+
+> "Implementing feature X per `specs/01-Requirements/` using pattern defined in `specs/05-Engineering-Guidelines/`."
 
 ### 2. Conflict Resolution
+
 - **Spec vs. Training Data:** The `specs/` folder ALWAYS supersedes your general training data.
-- **Spec vs. User Prompt:** If a user prompt contradicts `specs/05-decisions/`, warn the user before proceeding.
+- **Spec vs. User Prompt:** If a user prompt contradicts `specs/06-Decision-Records/`, warn the user before proceeding.
 
 ### 3. File Generation
-- Do not create new files outside of the structure defined.
-- Keep the code style consistent with `specs/03-implementation/`.
 
-### 4. Data Migration
-- Do not migrate. The schema can be modified directly.
+- Do not create new files outside of the established project structure:
+  - Backend: `backend/src/modules/<name>/`, `backend/src/common/`
+  - Frontend: `frontend/app/`, `frontend/components/`, `frontend/hooks/`, `frontend/lib/`
+  - Specs: `specs/` subdirectories only
+- Keep the code style consistent with `specs/05-Engineering-Guidelines/`.
+- New modules MUST follow the workflow in `.agents/workflows/create-backend-module.md` or `.agents/workflows/create-frontend-page.md`.
 
----
+### 4. Schema Changes
+
+- **DO NOT** create or run TypeORM migration files.
+- Modify the schema directly in `specs/03-Data-and-Storage/lcbp3-v1.7.0-schema.sql`.
+- Update `specs/03-Data-and-Storage/03-01-data-dictionary.md` if adding/changing columns.
+- Notify the user so they can apply the SQL change to the live database manually.
+
+---

.agent/rules/01-code-execution.md

@@ -1,15 +1,38 @@
 ---
 trigger: always_on
 description: Control which shell commands the agent may run automatically.
-allowAuto: ["pnpm test:watch", "pnpm test:debug", "pnpm test:e2e", "git status"]
-denyAuto: ["rm -rf", "Remove-Item", "git push --force", "curl | bash"]
+allowAuto:
+  - 'pnpm test:watch'
+  - 'pnpm test:debug'
+  - 'pnpm test:e2e'
+  - 'git status'
+  - 'git log --oneline'
+  - 'git diff'
+  - 'git branch'
+  - 'tsc --noEmit'
+denyAuto:
+  - 'rm -rf'
+  - 'Remove-Item'
+  - 'git push --force'
+  - 'git reset --hard'
+  - 'git clean -fd'
+  - 'curl | bash'
+  - 'docker compose down'
+  - 'DROP TABLE'
+  - 'TRUNCATE'
+  - 'DELETE FROM'
 alwaysReview: true
-scopes: ["backend/src/**", "backend/test/**", "frontend/app/**"]
+scopes:
+  - 'backend/src/**'
+  - 'backend/test/**'
+  - 'frontend/app/**'
 ---
 
 # Execution Rules
 
 - Only auto-execute commands that are explicitly listed in `allowAuto`.
-- Commands in denyAuto must always be blocked, even if manually requested.
-- All shell operations that create, modify, or delete files in `backend/src/` or `backend/test/` or `frontend/app/` require human review.
-- Alert if environment variables related to DB connection or secrets would be displayed or logged.
+- Commands in `denyAuto` must always be blocked, even if manually requested.
+- All shell operations that create, modify, or delete files in `backend/src/`, `backend/test/`, or `frontend/app/` require human review.
+- Alert before running any SQL that modifies data (INSERT/UPDATE/DELETE/DROP/TRUNCATE).
+- Alert if environment variables related to DB connection or secrets (DATABASE_URL, JWT_SECRET, passwords) would be displayed or logged.
+- Never auto-execute commands that expose sensitive credentials via MCP tools or shell output.