janpeter/Scrum4Me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Scrum4Me/AGENTS.md
Janpeter Visser e10f8f81bc
Phase 2 — Normalize file naming (#59) 
* docs(naming): drop scrum4me- prefix from doc filenames

Rename 10 docs/scrum4me-*.md files to unprefixed kebab-case names.
Update every internal link in docs/, CLAUDE.md, AGENTS.md, README.md.

* docs(naming): lowercase API.md and MD3 filenames

Rename docs/API.md → docs/api.md and
docs/MD3_Color_Scheme_Documentation.md → docs/md3-color-scheme.md.
Update all internal links across 7 files.

* docs(naming): rename plan file to kebab-case ASCII

Rename "docs/plans/Tweede Claude Agent — Planning Agent.md"
→ docs/plans/tweede-claude-agent-planning.md. No external links needed updating.

* docs(naming): rename middleware.md to proxy.md (next 16)

docs/patterns/middleware.md → docs/patterns/proxy.md following
the Next.js 16 proxy.ts rename. Update link in CLAUDE.md.

* docs(naming): polish CLAUDE.md doc-index after renames

Fix doubled scrum4me-scrum4me-mcp repo references (cascade from
prior sed) in CLAUDE.md, docs/architecture.md, backlog.md,
agent-instruction-audit.md, and plans/ST-1109. Update
'Middleware' label to 'Proxy middleware' in patterns table.
2026-05-03 03:00:47 +02:00

1.8 KiB
Raw Blame History

This is NOT the Next.js you know

This version has breaking changes — APIs, conventions, and file structure may all differ from your training data. Read the relevant guide in node_modules/next/dist/docs/ before writing any code. Heed deprecation notices.

Scrum4Me Codex Rules

Read CLAUDE.md and the relevant files in docs/ before changing behavior. The same product and security rules apply to Codex work.

Access Control

  • Product-scoped access is owner-or-member: use productAccessFilter(userId) from lib/product-access.ts.
  • Use owner-only user_id checks only for actions that truly require ownership, such as product archiving and team management.
  • Never trust client-provided IDs by themselves. For reorder, promotion, completion, or bulk updates, fetch the records with both id in (...) and the parent scope (product_id, pbi_id, sprint_id, or story_id) before writing.
  • Reject duplicate IDs in ordered lists or decision payloads.
  • Derive denormalized fields from database parents, for example pbi.product_id, not from form data or JSON bodies.
  • Demo users and demo API tokens must receive 403 on write operations.

Documentation Sync

When changing behavior, API responses, dependencies, environment variables, deployment behavior, or analytics, update the matching docs in the same change:

  • README.md for setup, dependencies, deployment, and API overview.
  • docs/functional.md for user-facing/API requirements.
  • docs/architecture.md for stack, access model, data model, env vars, and deployment.
  • docs/patterns/ when a reusable implementation rule changes.
  • CLAUDE.md and this file when an agent instruction would have prevented the issue.

Verification

Before handing work back, run:

npm run lint
npm test
npm run build