Menu
Implement a specification (or specific phases) using coordinated subagents with unit tests, integration tests, docs, and code-review compliance. Tracks progress by updating the spec. Triggers on "implement spec", "implement phases", "build from spec", "code the spec".
| name | om-implement-spec |
| description | Implement a specification (or specific phases) using coordinated subagents with unit tests, integration tests, docs, and code-review compliance. Tracks progress by updating the spec. Triggers on "implement spec", "implement phases", "build from spec", "code the spec". |
Implements a specification (or selected phases) end-to-end using a team of coordinated subagents. Every code change MUST pass the code-review checklist before the phase is considered done.
.ai/specs/ or .ai/specs/enterprise/..ai/skills/om-code-review/references/review-checklist.md — this is the acceptance gate for every phase..ai/lessons.md for known pitfalls.Before writing any code, ask the user:
Where should this feature live?
- External extension (npm package / standalone repo) — uses UMES extension points (widgets, events, enrichers, API interceptors) to add functionality without modifying Open Mercato core. Best for: custom business logic, vertical features, third-party integrations. Preserves upgrade path.
- Core modification (inside
packages/orapps/mercato/) — directly modifies the platform. Best for: foundational platform capabilities that all users need.
create-mercato-app scaffolded repo or wants a standalone npm package in packages/.packages/<extension-name>/ with proper @open-mercato/<extension-name> naming and package.json.apps/mercato/src/modules/<module>/ (or the user's app repo).packages/core/, packages/ui/, packages/shared/ etc. unless absolutely necessary for a missing extension point — and if so, the missing extension point itself becomes a prerequisite spec.Ask a confirmation:
Are you sure? Modifying core means:
- Third-party modules depending on changed surfaces may break
- Backward compatibility contract applies (13 frozen/stable categories)
- Users who forked or extended these files will have merge conflicts on upgrade
- Changes require deprecation protocol if touching any contract surface
Proceed with core modification?
Only continue with core changes after explicit confirmation.
For each phase in the spec, execute these steps:
Read the phase from the spec. For each step within the phase:
BACKWARD_COMPATIBILITY.md contract surfaces)Present a brief plan to the user before coding.
Use subagents liberally to parallelize independent work:
For every piece of code, enforce these code-review rules inline:
| Area | Rule |
|---|---|
| Types | No any — use zod + z.infer |
| API routes | Export openApi and per-method metadata with requireAuth / requireFeatures (no top-level export const requireAuth) |
| CRUD APIs | Use makeCrudRoute({ entity, entityId, operations, schema, indexer: { entityType } }) from @open-mercato/shared/lib/crud/factory. Custom (non-makeCrudRoute) write routes MUST call validateCrudMutationGuard before the mutation and runCrudMutationGuardAfterSuccess after success. See packages/core/AGENTS.md → API Routes / CRUD Factory. |
| Entities | Standard columns, snake_case, UUID PKs, indexed organization_id + tenant_id |
| Security | findWithDecryption, tenant scoping, zod validation |
| Encryption maps | For every PII / GDPR-relevant column the phase touches, declare in <module>/encryption.ts exporting defaultEncryptionMaps (type from @open-mercato/shared/modules/encryption). Reads via findWithDecryption / findOneWithDecryption (5-arg (em, entity, where, options?, scope?)). Equality-lookup columns declare a sibling hashField. NEVER hand-rolled AES/KMS, crypto.subtle, or "encrypt later" stubs. See packages/core/AGENTS.md → Encryption + apps/docs/docs/user-guide/encryption.mdx. |
| UI | CrudForm/DataTable (with stable entityId + extensionTableId), apiCall (never raw fetch), flash(), LoadingMessage/ErrorMessage |
| Frontend performance boundaries | Implement the spec's Frontend Architecture Contract. Generated Next.js page.tsx/layout.tsx roots default to server components. Every "use client" needs a ledger justification. Split large client blobs into local leaves, lazy-scope provider/bootstrap registries, dynamically/local-import heavy browser libraries, and capture hydration/interactivity + performance evidence before merge. Run yarn check:client-boundaries for generated frontend/app shell changes. |
| Design System | Semantic status tokens (no text-red-* / bg-green-*); Tailwind text scale (no text-[13px] / text-[11px]); shared primitives StatusBadge / Alert / FormField / SectionHeader / CollapsibleSection / LoadingMessage / Spinner / DataLoader / EmptyState; lucide-react icons in PAGE BODY (never inline <svg>); aria-label on every icon-only button; Boy Scout rule on touched lines. See root AGENTS.md → Design System Rules + .ai/ds-rules.md + .ai/ui-components.md. |
| Cache | Resolve via DI (container.resolve('cache')); tag with tenant:<id> / org:<id>; declare invalidation per write path. NEVER new Redis(...) or raw SQLite. See packages/cache/AGENTS.md. |
| Transaction safety | Multi-phase scalar + relation mutations use withAtomicFlush(em, phases, { transaction: true }) from @open-mercato/shared/lib/commands/flush; never run em.find/em.findOne between a scalar mutation and em.flush(). Side effects + cache invalidation fire AFTER commit, outside withAtomicFlush. See packages/core/AGENTS.md → Entity Update Safety. |
| Commands | registerCommand, undoable, extractUndoPayload() |
| Events | createModuleEvents() with as const; subscribers export metadata; cross-module side effects via subscribers, never direct imports |
| i18n | useT() client, resolveTranslations() server, no hardcoded strings |
| Imports | Package-level @open-mercato/<pkg>/... for cross-module |
| Mutations | useGuardedMutation when not using CrudForm; pass retryLastMutation in injection context |
| Keyboard | Cmd/Ctrl+Enter submit, Escape cancel on dialogs |
| Naming | Modules plural snake_case, events module.entity.past_tense, features module.action |
For every new feature/function implemented in the phase:
*.test.ts or __tests__/)yarn test --filter <module>If the spec defines integration test scenarios (or the phase adds API endpoints / UI flows):
om-integration-tests skill workflow (.ai/skills/om-integration-tests/SKILL.md)<module>/__integration__/TC-{CATEGORY}-{XXX}.spec.tsnpx playwright test --config .ai/qa/tests/playwright.config.ts <path> --retries=0If the spec does not explicitly list integration scenarios but the phase adds significant API or UI behavior, propose test scenarios to the user before writing them.
For each new feature:
translations.tsyarn generateBefore marking a phase complete, run a self-review against the full checklist:
"use client" is justified, no large client-side blob was introduced, provider/bootstrap registries are scoped, hydration/interactivity tests cover changed routes, performance evidence is attached, and yarn check:client-boundaries was run or explicitly waived.Fix any violations before proceeding to the next phase.
After completing each phase, update the spec file:
## Implementation Status section at the bottom (or update it if it exists)## Implementation Status
| Phase | Status | Date | Notes |
|-------|--------|------|-------|
| Phase A — Foundation | Done | 2026-02-20 | All steps implemented, tests passing |
| Phase B — Menu Injection | Done | 2026-02-21 | 3/3 steps complete |
| Phase C — Events Bridge | In Progress | 2026-02-22 | Step 1-2 done, step 3 pending |
| Phase D — Enrichers | Not Started | — | — |
### Phase C — Detailed Progress
- [x] Step 1: Create event definitions
- [x] Step 2: Implement SSE bridge
- [ ] Step 3: Add client-side hooks
After all targeted phases are complete:
yarn build:packages — must passyarn lint — must passyarn test — must passyarn generate — if any convention files changedyarn db:generate — if any entities changed (verify generated migration is scoped correctly)Report results to the user. If any check fails, fix and re-verify.
| Task | Agent Type | When |
|---|---|---|
| Research existing patterns | Explore | Before implementing unfamiliar patterns |
| Implement independent files | Bash/general-purpose | When files have no dependencies on each other |
| Run tests | Bash | After each phase |
| Self-review | general-purpose | After each phase, against checklist |
| Integration tests | general-purpose | After phases with API/UI changes |
Concurrency rule: Launch parallel subagents only for truly independent work. Sequential for dependent files.
When implementing component replacement features (as in SPEC-041h pattern):
DataTable instance gets a replacement handle: data-table:<module>.<entity>CrudForm instance gets a replacement handle: crud-form:<module>.<entity>NotesSection, ActivitySection) gets a replacement handle: section:<module>.<sectionName>yarn build:packages after final phase to verify no build breaksany types, hardcoded strings, raw fetch, or other anti-patternsApprove (submit an approving review) and squash-merge a GitHub PR given only its number. Optionally file a follow-up issue at the same time. Use when the user says "approve and merge PR 123", "ship PR 123", "om-approve-merge 123", or gives a PR number with intent to merge.
Turn a review comment into a follow-up GitHub issue assigned to the PR author. Paste a link to a PR or a PR comment; the skill extracts the actionable ask from the comment, gathers PR context, and opens a tracking issue. Assignee is the comment's @-mention if present, otherwise the PR author. Use during code review when the user says "make a follow-up issue", "create an issue for this", "om-followup", or pastes a PR/comment link with that intent.
Browser-first GitHub issue fix workflow. Claims a GitHub issue, checks for existing solutions, creates an isolated worktree, reproduces the bug through the Browser against the ephemeral integration environment, records a failing Playwright integration test, fixes the bug, makes the test green, runs validation/review gates, pushes a branch, and opens a PR linked to the issue.
Scaffold a new module from scratch with all required files and conventions. Use when creating a new module, adding a new entity with CRUD, or bootstrapping module features (API routes, backend pages, DI, ACL, events, search). Triggers on "create module", "new module", "scaffold module", "add module", "bootstrap module", "generate module".
Review code changes for architecture, security, conventions, and quality compliance. Use when reviewing pull requests, code changes, or auditing code quality.
Design entities, relationships, and manage the migration lifecycle. Use when planning a data model, designing entities, choosing relationship patterns, adding cross-module references, or managing database migrations. Triggers on "design entity", "data model", "add entity", "database schema", "migration", "relationship", "many-to-many", "junction table", "foreign key", "jsonb", "add column".