first-fluke
diff --git a/‎.agent/mcp.json‎
Lines changed: 20 additions & 0 deletions b/‎.agent/mcp.json‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎.agent/skills/_shared/api-contracts/README.md‎
Lines changed: 50 additions & 0 deletions b/‎.agent/skills/_shared/api-contracts/README.md‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎.agent/skills/_shared/api-contracts/template.md‎
Lines changed: 88 additions & 0 deletions b/‎.agent/skills/_shared/api-contracts/template.md‎
Lines changed: 88 additions & 0 deletions
diff --git a/‎.agent/skills/_shared/clarification-protocol.md‎
Lines changed: 130 additions & 0 deletions b/‎.agent/skills/_shared/clarification-protocol.md‎
Lines changed: 130 additions & 0 deletions
diff --git a/‎.agent/skills/_shared/common-checklist.md‎
Lines changed: 31 additions & 0 deletions b/‎.agent/skills/_shared/common-checklist.md‎
Lines changed: 31 additions & 0 deletions
@@ -0,0 +1,20 @@
+{
+  "mcpServers": {
+    "serena": {
+      "command": "uvx",
+      "args": [
+        "--from",
+        "git+https://github.com/oraios/serena",
+        "serena",
+        "start-mcp-server",
+        "--context",
+        "antigravity",
+        "--project",
+        "."
+      ],
+      "env": {
+        "SERENA_LOG_LEVEL": "info"
+      }
+    }
+  }
+}
@@ -0,0 +1,50 @@
+# API Contracts
+
+This directory contains API contracts created by PM Agent and referenced by backend/frontend/mobile agents.
+
+## Usage
+
+### PM Agent (Author)
+Create API contracts here during planning phase:
+```
+write_memory("api-contracts/{domain}.md", contract content)
+```
+
+Or create files directly in this directory if Serena is not available.
+
+### Backend Agent (Implementer)
+Read contracts and implement exactly as specified:
+```
+read_memory("api-contracts/{domain}.md")
+```
+
+### Frontend / Mobile Agent (Consumer)
+Read contracts and integrate API client exactly as specified:
+```
+read_memory("api-contracts/{domain}.md")
+```
+
+## Contract Format
+
+```markdown
+# {Domain} API Contract
+
+## POST /api/{resource}
+- **Auth**: Required (JWT Bearer)
+- **Request Body**:
+  ```json
+  { "field": "type", "field2": "type" }
+  ```
+- **Response 200**:
+  ```json
+  { "id": "uuid", "field": "value", "created_at": "ISO8601" }
+  ```
+- **Response 401**: `{ "detail": "Not authenticated" }`
+- **Response 422**: `{ "detail": [{ "field": "error message" }] }`
+```
+
+## Rules
+1. PM Agent must create during planning
+2. Backend Agent must not implement differently from contract
+3. Frontend/Mobile Agent defines types based on contract
+4. If changes needed, request re-planning from PM Agent
@@ -0,0 +1,88 @@
+# {Domain} API Contract
+
+> Generated by PM Agent | Session: {session-id} | Date: {YYYY-MM-DD}
+
+## Base URL
+`/api/{domain}`
+
+## Authentication
+All endpoints require JWT Bearer token unless marked as `Public`.
+
+---
+
+## Endpoints
+
+### POST /api/{domain}
+- **Description**: Create a new {resource}
+- **Auth**: Required
+- **Request Body**:
+  ```json
+  {
+    "field1": "string (required)",
+    "field2": "number (optional, default: 0)"
+  }
+  ```
+- **Response 201**:
+  ```json
+  {
+    "id": "uuid",
+    "field1": "string",
+    "field2": 0,
+    "created_at": "2024-01-01T00:00:00Z"
+  }
+  ```
+- **Errors**: 401, 422
+
+### GET /api/{domain}
+- **Description**: List {resources} (paginated)
+- **Auth**: Required
+- **Query Params**: `page` (default: 1), `size` (default: 20)
+- **Response 200**:
+  ```json
+  {
+    "items": [...],
+    "total": 100,
+    "page": 1,
+    "size": 20
+  }
+  ```
+
+### GET /api/{domain}/{id}
+- **Description**: Get single {resource}
+- **Auth**: Required
+- **Response 200**: Single resource object
+- **Errors**: 401, 404
+
+### PATCH /api/{domain}/{id}
+- **Description**: Update {resource}
+- **Auth**: Required (owner only)
+- **Request Body**: Partial update fields
+- **Response 200**: Updated resource object
+- **Errors**: 401, 403, 404, 422
+
+### DELETE /api/{domain}/{id}
+- **Description**: Delete {resource}
+- **Auth**: Required (owner only)
+- **Response 204**: No content
+- **Errors**: 401, 403, 404
+
+---
+
+## Data Models
+
+### {Resource}
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| id | UUID | auto | Primary key |
+| field1 | string | yes | Description |
+| field2 | number | no | Default: 0 |
+| user_id | UUID | auto | Owner (FK to users) |
+| created_at | datetime | auto | ISO 8601 |
+| updated_at | datetime | auto | ISO 8601 |
+
+---
+
+## Notes
+- Pagination: offset-based (page/size)
+- Sorting: `?sort=created_at&order=desc` (optional)
+- Filtering: `?field1=value` (optional)
@@ -0,0 +1,130 @@
+# Clarification Protocol
+
+When requirements are ambiguous, "assuming and proceeding" usually leads to the wrong direction.
+Follow this protocol to secure clear requirements before execution.
+
+---
+
+## Required Confirmation Items
+
+If any of the items below are unclear, **do not assume** — explicitly document them.
+
+### Common to All Agents
+| Item | Confirmation Question | Default (when assuming) |
+|------|----------------------|------------------------|
+| Target Users | Who will use this service? | General web users |
+| Core Features | What are the 3 must-have features? | Infer from task description |
+| Tech Stack | Are there specific framework constraints? | Project default stack |
+| Authentication | Is login required? | Include JWT auth |
+| Scope | Is this MVP or full feature? | MVP |
+
+### Backend Agent Additional Confirmations
+| Item | Confirmation Question | Default |
+|------|----------------------|---------|
+| DB Choice | PostgreSQL? MongoDB? SQLite? | PostgreSQL |
+| API Style | REST? GraphQL? | REST |
+| Auth Method | JWT? Session? OAuth? | JWT (access + refresh) |
+| File Upload | Required? Size limit? | Not required |
+
+### Frontend Agent Additional Confirmations
+| Item | Confirmation Question | Default |
+|------|----------------------|---------|
+| SSR/CSR | Server-side rendering needed? | Next.js App Router (SSR) |
+| Dark Mode | Support required? | Supported |
+| i18n | Multi-language support? | Not required |
+| Existing Design System | UI library to use? | shadcn/ui |
+
+### Mobile Agent Additional Confirmations
+| Item | Confirmation Question | Default |
+|------|----------------------|---------|
+| Platform | iOS only? Android only? Both? | Both |
+| Offline | Offline support needed? | Not required |
+| Push Notifications | Required? | Not required |
+| Minimum OS | iOS/Android minimum version? | iOS 14+, Android API 24+ |
+
+---
+
+## Response by Ambiguity Level
+
+### Level 1: Slightly Ambiguous (Core is clear, details missing)
+Example: "Create a TODO app"
+
+**Response**: Apply defaults and record assumptions in result
+```
+⚠️ Assumptions:
+- JWT authentication included
+- PostgreSQL database
+- REST API
+- MVP scope (CRUD only)
+```
+
+### Level 2: Considerably Ambiguous (Core features unclear)
+Example: "Create a user management system"
+
+**Response**: Narrow down to 3 core features and proceed
+```
+⚠️ Interpreted scope (3 core features):
+1. User registration + login (JWT)
+2. Profile management (view/edit)
+3. Admin user list (admin role only)
+
+NOT included (would need separate task):
+- Role-based access control (beyond admin/user)
+- Social login (OAuth)
+- Email verification
+```
+
+### Level 3: Highly Ambiguous (Direction itself unclear)
+Example: "Make a good app", "Improve this"
+
+**Response**: Do not proceed, record clarification request in result
+```
+❌ Cannot proceed: Requirements too ambiguous
+
+Questions needed:
+1. What is the app's primary purpose?
+2. Who are the target users?
+3. What are the 3 must-have features?
+4. Are there existing designs or wireframes?
+
+Status: blocked (awaiting clarification)
+```
+
+---
+
+## PM Agent Exclusive: Requirements Specification Framework
+
+When PM Agent receives an ambiguous request, use this framework to clarify:
+
+```
+=== Requirements Specification ===
+
+Original Request: "{user's original text}"
+
+1. Core Goal: {define in one sentence}
+2. User Stories:
+   - "As a {user}, I want to {action} so that {benefit}"
+   - (minimum 3)
+3. Feature Scope:
+   - Must-have: {list}
+   - Nice-to-have: {list}
+   - Out-of-scope: {list}
+4. Technical Constraints:
+   - {existing code / stack / compatibility}
+5. Success Criteria:
+   - {measurable conditions}
+```
+
+---
+
+## Application in Subagent Mode
+
+CLI subagents cannot ask questions directly to users.
+Therefore:
+
+1. **Level 1**: Apply defaults + record assumptions → proceed
+2. **Level 2**: Narrow and interpret scope + document → proceed
+3. **Level 3**: `Status: blocked` + question list → do not proceed
+
+When Orchestrator receives a Level 3 result, it forwards the questions to the user,
+and after receiving answers, re-runs the agent.
@@ -0,0 +1,31 @@
+# Common Code Quality Checklist
+
+Apply these checks to ALL code before submitting, regardless of domain.
+
+## Code Quality
+- [ ] No hardcoded secrets (API keys, passwords, tokens)
+- [ ] No `TODO`/`FIXME` left unresolved
+- [ ] Meaningful variable and function names
+- [ ] Functions < 50 lines, files < 500 lines
+- [ ] Cyclomatic complexity < 10 per function
+- [ ] No deeply nested code (< 4 levels)
+
+## Error Handling
+- [ ] All async operations have try/catch or error boundaries
+- [ ] User-facing error messages are clear and actionable
+- [ ] No silent failures (errors logged or surfaced)
+
+## Security
+- [ ] No user input directly in SQL/shell/HTML
+- [ ] Authentication checked on protected endpoints
+- [ ] Sensitive data not in logs or error messages
+
+## Testing
+- [ ] Unit tests for new business logic
+- [ ] Edge cases covered (empty, null, boundary values)
+- [ ] Tests actually assert meaningful behavior
+
+## Git Hygiene
+- [ ] Commit message describes the "why", not the "what"
+- [ ] No unrelated changes bundled
+- [ ] No generated files or secrets committed