chore: add AGENTS.md for development instructions

AGENTS.md

@@ -0,0 +1,39 @@
+# serve
+
+Spring Boot 3.5 + Java 17 + MyBatis-Plus + PostgreSQL + JWT auth backend.
+
+## Quick start
+
+```bash
+# env vars required by application.yaml
+export databaseHost=localhost databaseUsername=postgres databasePassword=postgres
+
+# build & test
+./gradlew build
+
+# run
+./gradlew bootRun
+
+# run a single test class
+./gradlew test --tests 'space.anyi.serve.ServeApplicationTests'
+```
+
+## Architecture
+
+- **Single module**, root package `space.anyi.serve`.
+- **Entrypoint**: `src/main/java/space/anyi/serve/ServeApplication.java`
+- **Security**: Stateless JWT in `Authorization: Bearer <token>` header. Public endpoints: `/auth/login`, `/auth/register`, `/swagger-ui/**`, `/v3/api-docs/**`. Everything else requires auth. Roles: `ROLE_admin`, `ROLE_user`, `ROLE_expert`. Method-level security via `@PreAuthorize`.
+- **ORM**: MyBatis-Plus `BaseMapper<T>` + `ServiceImpl<M,T>`. Logical delete field = `deleteFlag`. Mapper XML at `src/main/resources/mapper/`.
+- **DB**: PostgreSQL, schema `dev`. Credentials from env vars. Druid connection pool.
+- **API docs**: Swagger UI at `http://localhost:8080/swagger-ui.html` (SpringDoc OpenAPI).
+- **CORS**: Allows `http://localhost:5173` (Vite dev server).
+- **Exception handling**: `GlobalExceptionHandler` returns `Response<T>` JSON (`code`, `message`, `data`).
+- **Pagination**: `PageVo<T>` wraps MyBatis-Plus `Page<T>`.
+
+## Conventions
+
+- `@PreAuthorize("hasRole('admin')")` for admin-only endpoints.
+- `application.yaml` uses `${placeholder}` for secrets; never hardcode credentials.
+- SQL logging to stdout via MyBatis-Plus `log-impl: StdOutImpl`.
+- Actuator endpoints fully exposed (`management.endpoints.web.exposure.include: "*"`).
+- No Dockerfile, no CI, no Makefile.