القائمة
[Documentation] Use when scanning backend code to refresh repository, CQRS, validation, entity, event, and migration guidance.
[Documentation] Use when you need initialize, update, or refactor CLAUDE markdown from project-config JSON and codebase scan results.
[Codex] Use when you need to run full Codex mirror sync (migrate → hooks → context → verify) standalone, no npm/package JSON needed.
[Git] Use when asked to "commit", "stage and commit", "save changes", or after completing implementation tasks.
[Fix & Debug] Use when bugfix workflow reaches debug step.
[Documentation] Use when you need orchestrate all reference doc scans in parallel.
[Documentation] Use when scanning code conventions, anti-patterns, architecture rules, and review checklists.
| name | scan-backend-patterns |
| description | [Documentation] Use when scanning backend code to refresh repository, CQRS, validation, entity, event, and migration guidance. |
Codex compatibility note:
- Invoke repository skills with
$skill-namein Codex; this mirrored copy rewrites legacy Claude/skill-namereferences.- Task tracker mandate: BEFORE executing any workflow or skill step, create/update task tracking for all steps and keep it synchronized as progress changes.
- User-question prompts mean to ask the user directly in Codex.
- Ignore Claude-specific mode-switch instructions when they appear.
- Strict execution contract: when a user explicitly invokes a skill, execute that skill protocol as written.
- Subagent authorization: when a skill is user-invoked or AI-detected and its protocol requires subagents, that skill activation authorizes use of the required
spawn_agentsubagent(s) for that task.- Do not skip, reorder, or merge protocol steps unless the user explicitly approves the deviation first.
- For workflow skills, execute each listed child-skill step explicitly and report step-by-step evidence.
- If a required step/tool cannot run in this environment, stop and ask the user before adapting.
Codex does not receive Claude hook-based doc injection. When coding, planning, debugging, testing, or reviewing, open project docs explicitly using this routing.
Always read:
docs/project-config.json (project-specific paths, commands, modules, and workflow/test settings)docs/project-reference/docs-index-reference.md (routes to the full docs/project-reference/* catalog)docs/project-reference/lessons.md (always-on guardrails and anti-patterns)Missing-file hard stop: If docs/project-config.json, the docs index, lessons.md, or any task-required reference doc is missing, stop immediately and ask the user to run $project-config and $scan-all.
Situation-based docs:
backend-patterns-reference.md, domain-entities-reference.md, project-structure-reference.mdfrontend-patterns-reference.md, scss-styling-guide.md, design-system/README.mdfeature-docs-reference.mdintegration-test-reference.mde2e-test-reference.mdcode-review-rules.md plus domain docs above based on changed filesDo not read all docs blindly. Start from docs-index-reference.md, then open only relevant files for the task.
Goal: Scan backend codebase → populate docs/project-reference/backend-patterns-reference.md with actual patterns (repositories, CQRS, validation, entities, events, migrations, DI, authorization). Every example from real project files with file:line. (read directly when relevant; do not rely on hook-injected conversation text)
Workflow:
file:line evidenceKey Rules:
MUST ATTENTION detect framework FIRST — scan strategy derives from framework, not hardcoded
MUST ATTENTION every code example from actual project files with file:line — NEVER fabricate
MUST ATTENTION run graph command on key files before concluding — grep finds text, graph finds structure
Before any other step, run in parallel:
docs/project-reference/backend-patterns-reference.md
| Signal | Framework | Next Step |
|---|---|---|
.csproj + MediatR/PlatformCqrs | .NET / Easy.Platform | Scan for CQRS, PlatformValidationResult, entity events |
package.json + express/fastify/nestjs | Node.js | Scan for DI decorators, class-validator, TypeORM |
pom.xml / build.gradle | Java/Kotlin | Scan for Spring annotations, JPA patterns |
requirements.txt / pyproject.toml | Python | Scan for Pydantic, SQLAlchemy, FastAPI patterns |
docs/project-config.json contextGroups/modules if availablepython .claude/scripts/code_graph trace <entry-file> --direction both --jsonEvidence gate: Confidence <60% on framework detection → report uncertainty, DO NOT proceed with framework-specific scan.
From detected framework, derive:
I{Service}RootRepository<T> vs extends Repository<T>)IRequestHandler<TCmd, TResult> vs @CommandHandler)PlatformValidationResult vs FluentValidation vs class-validator)PlatformEntityEvent vs domain events vs integration events)Create task tracking entries for each sub-agent and each phase before proceeding.
NEVER assume these patterns — derive from actual file evidence.
Launch 4 general-purpose sub-agents in parallel. Each sub-agent MUST:
file:line for every pattern exampleAll findings → plans/reports/scan-backend-patterns-{YYMMDD}-{HHMM}-report.md
Think: What is the complete chain from domain entity → persistence → retrieval? Where does business logic live — in the entity, the service, or the handler? What makes a "repository" in this project (naming, base class, interface)?
Scan targets (derive grep terms from detected framework):
For each pattern found: record file:line, extract 5-15 line snippet, note GOOD vs BAD if anti-pattern present.
Think: How does a request travel from controller to handler? What validates it? What wraps the result? Where does authorization live?
Scan targets:
Result<T>, ApiResponse, PlatformValidationResult equivalentsThink: How do side effects happen — synchronous or async? How do services communicate? What triggers background work?
Scan targets:
For message bus: capture FULL naming pattern for message contracts (ownership prefix matters).
Think: Where has the team violated the conventions found by Agents 1-3? Look for the 8 most common backend anti-patterns: wrong repo type, wrong logic layer, exception-based validation, cross-service DB access, handler-owned DTO mapping, uncleaned async scopes, unnamed bus contracts, hardcoded config.
Run AFTER Agents 1-3 complete. Checklist:
For each violation: record file:line, classify severity (CRITICAL/MAJOR/MINOR), suggest fix.
Read full report. Apply fresh-eyes protocol:
Round 1 (main agent): Build section drafts from report findings.
Round 2 (fresh sub-agent, zero memory of Round 1): Sub-agent re-reads report + draft doc independently.
Round 3 only if Round 2 finds issues. Max 3 rounds → escalate to user if unresolved.
| Section | Content |
|---|---|
| Repository Pattern | Interface naming, base classes, service-specific repos, extension methods with examples |
| CQRS Patterns | Command structure, query structure, handler patterns, file organization |
| Validation Patterns | Mechanism, common rules, error response format, DO/DON'T examples |
| Entity Patterns | Base classes, property conventions, factory methods, domain logic placement |
| DTO Mapping | Mapping ownership (who maps: DTO vs handler vs service), examples |
| Event Handlers | Domain vs integration events, handler discovery, side-effect placement |
| Message Bus | Cross-service patterns, consumer conventions, message contract naming |
| DI & Configuration | Service lifetime conventions, module registration, config injection |
| Migrations | Strategy, file naming, data migration patterns |
| Background Jobs | Scheduler, recurring vs one-time, failure handling |
| Authorization | Auth mechanism, permission checks, policy vs role |
| Anti-Patterns | Confirmed violations with file:line, severity, fix guidance |
file:linefile:line / GOOD: file:line)<!-- Last scanned: YYYY-MM-DD --> at topfile:line violations (not hypothetical)MUST ATTENTION after the doc is written and verified, create a REQUIRED final todo task and run $prompt-enhance docs/project-reference/backend-patterns-reference.md — why: this reference doc is injected into AI context; attention-anchoring (top/bottom Final Purpose, inline READ summaries, token density) directly raises downstream AI output quality. A scan is NOT complete until its doc is prompt-enhanced.
task tracking (required, last task): Run $prompt-enhance docs/project-reference/backend-patterns-reference.md on the scanned doc
[IMPORTANT] Use task tracking to break ALL work into small tasks BEFORE starting — including tasks per file read. Prevents context loss from long files. Simple tasks: ask user whether to skip.
Prerequisites: MUST ATTENTION READ before executing:
Critical Thinking Mindset — Every claim needs traced proof, confidence >80% to act. Anti-hallucination: Never present guess as fact — cite sources, admit uncertainty, self-check output, cross-reference independently. Certainty without evidence = root of all hallucination.
Scan & Update Reference Doc — Surgical updates only, NEVER full rewrite.
- Read existing doc first — understand structure and manual annotations
- Detect mode: Placeholder (headings only) → Init. Has content → Sync.
- Scan codebase (grep/glob) for current patterns
- Diff findings vs doc — identify stale sections only
- Update ONLY diverged sections. Preserve manual annotations.
- Update metadata (date, version) in frontmatter/header
- NEVER rewrite entire doc. NEVER remove sections without evidence obsolete.
Output Quality — Token efficiency without sacrificing quality.
- No inventories/counts — stale instantly
- No directory trees — use 1-line path conventions
- No TOCs — AI reads linearly
- One example per pattern — only if non-obvious
- Lead with answer, not reasoning
- Sacrifice grammar for concision in reports
- Unresolved questions at end
AI Mistake Prevention — Failure modes to avoid on every task:
Check downstream references before deleting. Deleting components causes documentation and code staleness cascades. Map all referencing files before removal. Verify AI-generated content against actual code. AI hallucinates APIs, class names, and method signatures. Always grep to confirm existence before documenting or referencing. Trace full dependency chain after edits. Changing a definition misses downstream variables and consumers derived from it. Always trace the full chain. Trace ALL code paths when verifying correctness. Confirming code exists is not confirming it executes. Always trace early exits, error branches, and conditional skips — not just happy path. When debugging, ask "whose responsibility?" before fixing. Trace whether bug is in caller (wrong data) or callee (wrong handling). Fix at responsible layer — never patch symptom site. Assume existing values are intentional — ask WHY before changing. Before changing any constant, limit, flag, or pattern: read comments, check git blame, examine surrounding code. Verify ALL affected outputs, not just the first. Changes touching multiple stacks require verifying EVERY output. One green check is not all green checks. Holistic-first debugging — resist nearest-attention trap. When investigating any failure, list EVERY precondition first (config, env vars, DB names, endpoints, DI registrations, data preconditions), then verify each against evidence before forming any code-layer hypothesis. Surgical changes — apply the diff test. Bug fix: every changed line must trace directly to the bug. Don't restyle or improve adjacent code. Enhancement task: implement improvements AND announce them explicitly. Surface ambiguity before coding — don't pick silently. If request has multiple interpretations, present each with effort estimate and ask. Never assume all-records, file-based, or more complex path. Keep domain concepts out of generic/shared/infrastructure layers. A reusable layer (shared library, framework, infra module) must reference NO consumer-specific domain concept — tenant/customer/product IDs, business entities, feature rules. The leak compiles and runs, so it passes review silently while coupling the "reusable" layer to one consumer. Push domain fields/logic down into the consumer via subclass or composition.
IMPORTANT MUST ATTENTION read existing doc first, scan codebase, diff, surgical update only. Never rewrite entire doc.
IMPORTANT MUST ATTENTION output quality: no counts/trees/TOCs, 1 example per pattern, lead with answer.
MUST ATTENTION apply critical thinking — every claim needs traced proof, confidence >80% to act. Anti-hallucination: never present guess as fact.
MUST ATTENTION apply AI mistake prevention — holistic-first debugging, fix at responsible layer, surface ambiguity before coding, re-read files after compaction.
IMPORTANT MUST ATTENTION Final Step: run $prompt-enhance docs/project-reference/backend-patterns-reference.md as the REQUIRED last todo task — never end the scan without enhancing the doc it just wrote.
IMPORTANT MUST ATTENTION break work into small task tracking tasks BEFORE starting — one task per sub-agent, one per phase
IMPORTANT MUST ATTENTION detect framework FIRST in Phase 0 — all grep terms derive from detection, never hardcoded
IMPORTANT MUST ATTENTION cite file:line for every pattern (confidence >80% to document; <60% omit)
IMPORTANT MUST ATTENTION run graph command on key files — grep finds text, graph finds structure (callers, event chains, blast radius)
IMPORTANT MUST ATTENTION sub-agents write findings incrementally after each file — NEVER batch at end (context loss)
IMPORTANT MUST ATTENTION read existing doc FIRST, diff findings, surgical update only — NEVER rewrite entire doc
IMPORTANT MUST ATTENTION Anti-Patterns section requires real file:line violations — NEVER fabricate hypothetical examples
IMPORTANT MUST ATTENTION multi-round fresh-eyes review — main agent rationalizes its own mistakes; Round 2 sub-agent catches what main agent dismissed
Anti-Rationalization:
| Evasion | Rebuttal |
|---|---|
| "Framework already known, skip Phase 0 detection" | Phase 0 is BLOCKING — derive grep terms from evidence, not assumption |
| "Only 3 agents needed, skip anti-pattern agent" | Anti-pattern detection is separate concern — NEVER merge with discovery |
| "Doc has content, skip re-read" | Show section list extracted from doc as proof of re-read |
| "Examples look right" | Glob-verify ALL file paths + Grep-verify ALL class names — looking right ≠ verified |
| "Round 2 review not needed for small scan" | Main agent rationalizes own mistakes. Fresh sub-agent is non-negotiable. |
[TASK-PLANNING] Before acting, analyze task scope and break into small todo tasks and sub-tasks using task tracking.
Source: .claude/hooks/lib/prompt-injections.cjs + .claude/.ck.json
Generic portability boundary: Reusable skills and protocol text stay project-neutral; project-specific conventions are discovered from docs/project-config.json and docs/project-reference/. Apply shared AI-SDD from shared/sdd-artifact-contract.md. Read docs/project-config.json and docs/project-reference/docs-index-reference.md, then open the project reference docs named there. If either file or a required reference doc is missing, stop immediately and ask the user to run the project-config and scan-all skills. Any supported AI tool may execute when this shared context and local docs are available.
$workflow-start <workflowId> for standard; sequence custom steps manuallyBreak work into small tasks (task tracking) before starting. Add final task: "Analyze AI mistakes & lessons learned".
Extract lessons — ROOT CAUSE ONLY, not symptom fixes:
$learn.$code-review/$code-simplifier/$security/$lint catch this?" — Yes → improve review skill instead.$learn.
[TASK-PLANNING] [MANDATORY] BEFORE executing any workflow or skill step, create/update task tracking for all planned steps, then keep it synchronized as each step starts/completes.