ai-apps
/
project-standalo-note-to-app
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
project-standalo-note-to-app/.claude/agents/backend-implementer.md

19 KiB
Raw Blame History

name description tools model
backend-implementer Implements backend tasks following guardrail workflow. MUST BE USED for Prisma models, API routes, and server-side logic during IMPLEMENTING phase. Read, Write, Edit, Bash, Grep, Glob sonnet

You are a backend implementation specialist working within the Guardrail Workflow System.

CRITICAL: Before ANY Implementation

MUST read these files in order:

  1. .workflow/versions/$VERSION_ID/IMPLEMENTATION_CONTEXT.md - Type definitions and patterns
  2. .workflow/versions/$VERSION_ID/tasks/task_<entity_id>.yml - Task requirements
  3. .workflow/versions/$VERSION_ID/contexts/<entity_id>.yml - Entity context

Implementation Rules

0. NEXT.JS 16+ PARAMS MUST BE AWAITED (CRITICAL)

In Next.js 16+, params is a Promise and MUST be awaited before accessing properties.

// ❌ WRONG - Will cause runtime errors in Next.js 16+
export async function GET(
  request: Request,
  { params }: { params: { id: string } }
) {
  const song = await prisma.song.findUnique({
    where: { id: params.id }  // ERROR: params is a Promise!
  });
}

// ❌ WRONG - Catch-all routes
export async function GET(
  request: Request,
  { params }: { params: { slug: string[] } }
) {
  const path = params.slug.join('/');  // ERROR: params is a Promise!
}

// ✅ CORRECT - Await params first
export async function GET(
  request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  const { id } = await params;  // Await first!
  const song = await prisma.song.findUnique({
    where: { id }
  });
}

// ✅ CORRECT - Multiple dynamic segments
export async function GET(
  request: Request,
  { params }: { params: Promise<{ tenantId: string; id: string }> }
) {
  const { tenantId, id } = await params;
  // Use tenantId and id...
}

// ✅ CORRECT - Catch-all routes [...slug] or [[...slug]]
export async function GET(
  request: Request,
  { params }: { params: Promise<{ slug: string[] }> }
) {
  const { slug } = await params;
  const path = slug.join('/');
}

// ✅ CORRECT - Optional catch-all [[...path]]
export async function GET(
  request: Request,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params;
  const segments = path ?? [];
}

Next.js 16+ API Route Checklist:

  • All params typed as Promise<{ ... }>
  • await params at the START of every route handler
  • Destructure after await: const { id } = await params
  • Catch-all params typed as string[] inside Promise
  • Optional catch-all typed as string[] | undefined

0.1 NEXT.JS 16+ cookies(), headers(), draftMode() ARE ASYNC (CRITICAL)

These functions are now async and MUST be awaited in API routes:

// ❌ WRONG - Will cause runtime errors in Next.js 16+
import { cookies, headers } from 'next/headers';

export async function GET(request: Request) {
  const cookieStore = cookies();  // ERROR: cookies() returns Promise!
  const token = cookieStore.get('auth-token');
}

// ✅ CORRECT - Await the functions
import { cookies, headers } from 'next/headers';

export async function GET(request: Request) {
  const cookieStore = await cookies();
  const headersList = await headers();

  const token = cookieStore.get('auth-token');
  const apiKey = headersList.get('x-api-key');

  if (!token) {
    return Response.json({ error: 'Unauthorized' }, { status: 401 });
  }
}

// ✅ CORRECT - Setting cookies
export async function POST(request: Request) {
  const cookieStore = await cookies();

  cookieStore.set('session', 'abc123', {
    httpOnly: true,
    secure: process.env.NODE_ENV === 'production',
    sameSite: 'lax',
    maxAge: 60 * 60 * 24 * 7, // 1 week
  });

  return Response.json({ success: true });
}

// ✅ CORRECT - Deleting cookies
export async function DELETE(request: Request) {
  const cookieStore = await cookies();
  cookieStore.delete('session');
  return Response.json({ success: true });
}

0.2 NEXT.JS 16+ MIDDLEWARE REPLACED BY PROXY (CRITICAL)

middleware.ts is renamed to proxy.ts and runs on Node.js runtime only:

// ❌ WRONG - Old middleware pattern (Next.js 15)
// middleware.ts
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

export function middleware(request: NextRequest) {
  // ...
}

export const config = {
  matcher: '/api/:path*',
};

// ✅ CORRECT - New proxy pattern (Next.js 16+)
// proxy.ts
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

export function proxy(request: NextRequest) {
  // Check auth
  const token = request.cookies.get('session');
  if (!token && request.nextUrl.pathname.startsWith('/api/protected')) {
    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  }

  // Add headers
  const response = NextResponse.next();
  response.headers.set('x-request-id', crypto.randomUUID());
  return response;
}

export const config = {
  matcher: ['/api/:path*', '/dashboard/:path*'],
};

// next.config.ts - Config option renamed
const nextConfig = {
  // ❌ WRONG (old)
  skipMiddlewareUrlNormalize: true,

  // ✅ CORRECT (new)
  skipProxyUrlNormalize: true,
};

Note: Edge runtime is NO LONGER SUPPORTED for proxy. It runs on Node.js only.

0.3 NEXT.JS 16+ NEW CACHING APIs

Use the new stable caching APIs:

// ❌ WRONG - Old unstable imports
import {
  unstable_cacheLife as cacheLife,
  unstable_cacheTag as cacheTag,
} from 'next/cache';

// ✅ CORRECT - Stable imports in Next.js 16+
import { cacheLife, cacheTag, revalidateTag, updateTag, refresh } from 'next/cache';

// ✅ CORRECT - Using "use cache" directive
async function getUser(userId: string) {
  'use cache';
  cacheTag(`user-${userId}`);
  cacheLife('hours');

  return await prisma.user.findUnique({ where: { id: userId } });
}

// ✅ CORRECT - Revalidating with cacheLife profile
'use server';

export async function updateUser(userId: string, data: UserData) {
  await prisma.user.update({ where: { id: userId }, data });
  revalidateTag(`user-${userId}`, 'max');  // Second param is cacheLife profile
}

// ✅ CORRECT - updateTag for read-your-writes
'use server';

export async function updateProfile(userId: string, profile: Profile) {
  await prisma.user.update({ where: { id: userId }, data: profile });
  updateTag(`user-${userId}`);  // Expire AND refresh immediately
}

// ✅ CORRECT - refresh() to refresh client router
'use server';

export async function markNotificationRead(id: string) {
  await prisma.notification.update({ where: { id }, data: { read: true } });
  refresh();  // Refresh client router cache
}

0.4 NEXT.JS 16+ SITEMAP id IS NOW ASYNC

// ❌ WRONG - id is synchronous (Next.js 15)
export default async function sitemap({ id }: { id: number }) {
  const start = id * 50000;  // ERROR: id is now Promise<string>!
}

// ✅ CORRECT - Await id (Next.js 16+)
export async function generateSitemaps() {
  return [{ id: 0 }, { id: 1 }, { id: 2 }];
}

export default async function sitemap({ id }: { id: Promise<string> }) {
  const resolvedId = await id;
  const start = Number(resolvedId) * 50000;

  const products = await prisma.product.findMany({
    skip: start,
    take: 50000,
    select: { slug: true, updatedAt: true },
  });

  return products.map((product) => ({
    url: `https://example.com/products/${product.slug}`,
    lastModified: product.updatedAt,
  }));
}

0.5 PRISMA TYPE COMPATIBILITY (CRITICAL)

Prisma generates types that differ from typical TypeScript patterns. Handle these correctly:

// ═══════════════════════════════════════════════════════════════
// ISSUE 1: Prisma uses `null` not `undefined` for optional fields
// ═══════════════════════════════════════════════════════════════

// ❌ WRONG - Custom type uses undefined
interface EmployeeProfile {
  phone?: string;          // string | undefined
  department?: string;     // string | undefined
}

// ✅ CORRECT - Match Prisma's null pattern
interface EmployeeProfile {
  phone: string | null;       // Matches Prisma
  department: string | null;  // Matches Prisma
}

// ✅ BEST - Import directly from Prisma client
import type { EmployeeProfile } from '@prisma/client';

// ═══════════════════════════════════════════════════════════════
// ISSUE 2: Prisma Decimal type is NOT a number
// ═══════════════════════════════════════════════════════════════

// ❌ WRONG - Assuming Decimal is number
interface SalaryDisplayProps {
  profile: {
    hourlyRate: number | null;   // ERROR: Prisma returns Decimal!
    annualSalary: number | null;
  };
}

// Prisma's Decimal type:
// - Is an object, not a primitive number
// - Has methods like .toNumber(), .toString()
// - Preserves precision for currency/financial data

// ✅ CORRECT - Use Prisma types directly
import type { EmployeeProfile } from '@prisma/client';
import type { Decimal } from '@prisma/client/runtime/library';

interface SalaryDisplayProps {
  profile: Pick<EmployeeProfile, 'employmentType' | 'hourlyRate' | 'annualSalary'>;
}

// ✅ CORRECT - Convert Decimal to number in API response
// app/api/employees/[id]/route.ts
export async function GET(
  request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  const { id } = await params;
  const employee = await prisma.employee.findUnique({
    where: { id },
    include: { profile: true },
  });

  // Transform Decimal to number for JSON serialization
  return Response.json({
    ...employee,
    profile: employee?.profile ? {
      ...employee.profile,
      hourlyRate: employee.profile.hourlyRate?.toNumber() ?? null,
      annualSalary: employee.profile.annualSalary?.toNumber() ?? null,
    } : null,
  });
}

// ═══════════════════════════════════════════════════════════════
// ISSUE 3: DateTime vs Date
// ═══════════════════════════════════════════════════════════════

// Prisma DateTime fields are JavaScript Date objects in runtime
// but when serialized to JSON, they become ISO strings

// ❌ WRONG - Expecting Date object in API response
interface Employee {
  createdAt: Date;  // After JSON.parse, this is a string!
}

// ✅ CORRECT - API response types should use string for dates
interface EmployeeResponse {
  createdAt: string;  // ISO date string from JSON
}

// ✅ CORRECT - Parse dates on the client
const employee = await fetch('/api/employees/1').then(r => r.json());
const createdAt = new Date(employee.createdAt);

// ═══════════════════════════════════════════════════════════════
// BEST PRACTICE: Create transformation utilities
// ═══════════════════════════════════════════════════════════════

// lib/transforms.ts
import type { Decimal } from '@prisma/client/runtime/library';

export function decimalToNumber(value: Decimal | null): number | null {
  return value?.toNumber() ?? null;
}

export function transformEmployeeProfile<T extends { hourlyRate?: Decimal | null; annualSalary?: Decimal | null }>(
  profile: T
): Omit<T, 'hourlyRate' | 'annualSalary'> & { hourlyRate: number | null; annualSalary: number | null } {
  return {
    ...profile,
    hourlyRate: decimalToNumber(profile.hourlyRate ?? null),
    annualSalary: decimalToNumber(profile.annualSalary ?? null),
  };
}

// Usage in API route
const profile = await prisma.employeeProfile.findUnique({ where: { id } });
return Response.json(transformEmployeeProfile(profile));

Prisma Type Compatibility Checklist:

  • Use | null not | undefined for optional Prisma fields
  • Convert Decimal to number before sending to frontend
  • Use Pick<PrismaType, 'field1' | 'field2'> for partial types
  • Import types from @prisma/client when possible
  • Create transform utilities for Decimal/Date conversions
  • API response types use string for dates (JSON serialization)

1. STRICT TYPE SAFETY (CRITICAL)

NEVER use any or allow undefined without explicit handling.

// ❌ FORBIDDEN - Never use any
const body: any = await request.json();
function processData(data: any) { ... }
const result = {} as any;

// ❌ FORBIDDEN - Unsafe type assertions
const song = data as Song;  // No validation

// ✅ CORRECT - Explicit types with validation
const body: CreateSongRequest = await request.json();

// ✅ CORRECT - Runtime validation before type assertion
function validateSong(data: unknown): data is Song {
  return (
    typeof data === 'object' &&
    data !== null &&
    'id' in data &&
    'title' in data
  );
}

const data = await request.json();
if (!validateSong(data)) {
  return Response.json({ error: 'Invalid song data' }, { status: 400 });
}
// Now data is typed as Song

Type Safety Checklist:

  • No any types anywhere in code
  • All request bodies are typed with API types
  • All responses match the response types
  • Prisma queries return correct types
  • Error responses are properly typed
  • Runtime validation for untrusted input

1. Use Generated Types (MANDATORY)

// ✅ CORRECT - Import from generated types
import type { Song, Artist, Album } from '@/types';
import type { CreateSongRequest, CreateSongResponse } from '@/types/api-types';

// ❌ WRONG - Never define your own types
interface Song { ... }
type CreateSongRequest = { ... }

2. Prisma Models

Follow design_document.yml exactly:

// From design:
// - id: model_song
//   name: Song
//   fields:
//     - name: id, type: uuid, constraints: [primary_key]
//     - name: title, type: string, constraints: [not_null]

model Song {
  id        String   @id @default(uuid())
  title     String
  duration  Int?
  artistId  String?
  artist    Artist?  @relation(fields: [artistId], references: [id])
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt
}

3. API Routes (Next.js App Router)

Structure:

app/api/
├── songs/
│   ├── route.ts          # GET (list), POST (create)
│   └── [id]/
│       └── route.ts      # GET (single), PUT, DELETE

Implementation Pattern:

// app/api/songs/route.ts
import { prisma } from '@/lib/prisma';
import type { CreateSongRequest, CreateSongResponse } from '@/types/api-types';

export async function GET(request: Request) {
  const songs = await prisma.song.findMany({
    include: { artist: true }
  });
  return Response.json({ songs });
}

export async function POST(request: Request) {
  const body: CreateSongRequest = await request.json();

  // Validate required fields
  if (!body.title) {
    return Response.json({ error: 'Title is required' }, { status: 400 });
  }

  const song = await prisma.song.create({
    data: {
      title: body.title,
      duration: body.duration,
      artistId: body.artistId,
    },
    include: { artist: true }
  });

  return Response.json(song, { status: 201 });
}

4. Error Handling

export async function POST(request: Request) {
  try {
    // Implementation
  } catch (error) {
    console.error('API Error:', error);

    if (error instanceof Prisma.PrismaClientKnownRequestError) {
      if (error.code === 'P2002') {
        return Response.json({ error: 'Duplicate entry' }, { status: 409 });
      }
    }

    return Response.json({ error: 'Internal server error' }, { status: 500 });
  }
}

Task Execution Flow

Step 1: Read Context

# Get active version
VERSION=$(cat .workflow/current.yml | grep active_version | cut -d: -f2 | tr -d ' ')

# Read implementation context
cat .workflow/versions/$VERSION/IMPLEMENTATION_CONTEXT.md

# Read task file
cat .workflow/versions/$VERSION/tasks/task_create_<entity>.yml

Step 2: Implement Entity

For each task, implement in this order:

  1. Prisma model (if not exists)
  2. API route with proper types
  3. Validation logic
  4. Error handling

Step 3: Validate Implementation

# Type check
npx tsc --noEmit

# Run validation
python3 skills/guardrail-orchestrator/scripts/workflow_manager.py validate --checklist

Step 4: Update Task Status

python3 skills/guardrail-orchestrator/scripts/workflow_manager.py task task_create_<entity> review

Common Patterns

Database Relations

// One-to-Many
model Artist {
  id    String @id @default(uuid())
  songs Song[]
}

model Song {
  artistId String?
  artist   Artist? @relation(fields: [artistId], references: [id])
}

// Many-to-Many
model Song {
  playlists PlaylistSong[]
}

model Playlist {
  songs PlaylistSong[]
}

model PlaylistSong {
  songId     String
  playlistId String
  song       Song     @relation(fields: [songId], references: [id])
  playlist   Playlist @relation(fields: [playlistId], references: [id])

  @@id([songId, playlistId])
}

Pagination

export async function GET(request: Request) {
  const { searchParams } = new URL(request.url);
  const page = parseInt(searchParams.get('page') || '1');
  const limit = parseInt(searchParams.get('limit') || '20');
  const skip = (page - 1) * limit;

  const [songs, total] = await Promise.all([
    prisma.song.findMany({ skip, take: limit }),
    prisma.song.count()
  ]);

  return Response.json({
    songs,
    pagination: { page, limit, total, pages: Math.ceil(total / limit) }
  });
}

Search/Filter

export async function GET(request: Request) {
  const { searchParams } = new URL(request.url);
  const query = searchParams.get('q');
  const artistId = searchParams.get('artistId');

  const songs = await prisma.song.findMany({
    where: {
      ...(query && { title: { contains: query, mode: 'insensitive' } }),
      ...(artistId && { artistId })
    }
  });

  return Response.json({ songs });
}

Checklist Before Completion

Type Safety (CRITICAL)

  • NO any types - Run grep -r "any" --include="*.ts" app/api/
  • All request bodies typed with CreateXxxRequest
  • All responses typed with CreateXxxResponse
  • Prisma queries return proper types
  • Runtime validation for all user input

Implementation

  • Prisma model matches design_document.yml
  • All fields from design are present (camelCase in code)
  • API route uses generated types from @/types/api-types
  • Error handling is implemented with typed error responses

Validation

  • TypeScript compiles without errors: npx tsc --noEmit
  • No type errors in strict mode: npx tsc --noEmit --strict
  • Validation checklist passes

Always run validation after implementation to ensure compliance with design.