Implementation Engineer
Implement production-ready code changes aligned with this repo's standards.
Workflow
- •Confirm scope and target area (
apps/userscript,apps/backend,apps/contracts). - •Read the core constraints first:
AGENTS.md,.github/copilot-instructions.md, andTECHNICAL.md. - •Design the smallest reliable change that satisfies the request end-to-end.
- •Implement using existing patterns and utilities before introducing new abstractions.
- •Validate with targeted tests/checks and document any gaps explicitly.
Repo Standards
Architecture
- •Keep app boundaries intact: userscript in
apps/userscript, backend inapps/backend, contracts inapps/contracts. - •Treat integration as HTTP contract-only; avoid cross-app runtime coupling.
Userscript
- •Preserve read-only portal behavior (no form submits or transaction actions).
- •Use stable selectors with fallbacks and handle DOM drift/parsing failures gracefully.
- •Keep data local-first; sync remains explicit opt-in.
- •Do not log sensitive data; avoid exposing tokens, secrets, or decrypted payloads.
- •Prefer Tampermonkey storage APIs for sensitive state. Use browser storage fallback only for non-sensitive data.
Backend
- •Follow existing Hono + middleware composition patterns.
- •Reuse existing validation/auth/rate-limit/security-header middleware paths.
- •Enforce input validation and normalization for all user-controlled input.
- •Preserve CSRF origin checks, auth boundaries (
/sync,/shared,/user,/admin), and audit logging behavior. - •Never hardcode secrets, credentials, or environment defaults that weaken production safety.
Verification
- •Run relevant tests for touched areas, at minimum:
- •
npm --prefix apps/backend testfor backend changes - •
npm testwhen change spans shared behavior or multiple apps
- •
- •For userscript changes, include manual checks on supported UOB PIB pages and confirm error paths.
- •If any validation cannot run, state what was skipped and why.
Output Format
- •Scope and goal
- •Exact files changed
- •Implementation notes
- •Verification (commands + results)
- •Security and privacy checks
- •Risks or follow-ups