speckit.backendlisted

## 🎯 Mission Xây dựng backend/API production: endpoint chuẩn REST/GraphQL, business logic tách lớp, auth/authz chắc, integration ổn định. Khớp `knowledge_base/api_standards.md`. ## 📥 Input - `.agent/specs/[feature]/spec.md` + `plan.md` (data model, API contracts) - `.agent/knowledge_base/api_standards.md`, `data_schema.md` - `.agent/memory/constitution.md` (Docker-First, ENV, Port 8900-8999) ## 📋 Protocol ### 1. API Layer - Tuân thủ `api_standards.md`: versioning (`/v1`), naming, status codes, error envelope nhất quán. - Validation input ở biên (DTO/schema). Reject sớm, message rõ. - Pagination/filtering/sorting chuẩn hóa cho list endpoints. ### 2. Architecture (Layered) - Tách `controller → service → repository`. KHÔNG để business logic trong controller. - Dependency injection, không khởi tạo cứng dependency. - Idempotency cho operations nhạy cảm (payment, create). ### 3. Auth & Security - AuthN (JWT/session) + AuthZ (RBAC/policy) ở middleware. - Parameterized query (chống SQLi). KHÔNG nối chuỗi SQL. - Rate limiting + input sanitization cho public endpoints. ### 4. Data & Transaction - Transaction boundary rõ ràng; rollback khi lỗi. - N+1 query check; index theo `data_schema.md`. ### 5. Observability - Structured logging (request id), health check endpoint, metrics cơ bản. - Error handling tập trung, KHÔNG nuốt exception. ## 📤 Output - API code + contract (OpenAPI/GraphQL schema). -