{
  "context": "Tests whether the agent creates a Go authentication service with proper cmd/internal layout, layered architecture, domain errors, environment config, JWT secret not hardcoded, and Go-idiomatic test placement.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "cmd/ entry point with DI wiring",
      "description": "main.go is in cmd/<name>/ and wires dependencies using constructors (repo -> service -> handler). No business logic in main.",
      "max_score": 8
    },
    {
      "name": "internal/ for application code",
      "description": "All application packages (handler, service, repository, domain, config) are inside internal/",
      "max_score": 7
    },
    {
      "name": "Handler layer with route registration",
      "description": "internal/handler/ has a Handler struct with a RegisterRoutes method, handler methods for register/login/profile endpoints",
      "max_score": 7
    },
    {
      "name": "Service layer with UserRepository interface",
      "description": "internal/service/ has AuthService with business logic and defines a UserRepository interface for its database dependency",
      "max_score": 8
    },
    {
      "name": "Repository layer with SQL",
      "description": "internal/repository/ has UserRepo implementing the repository interface with database queries",
      "max_score": 6
    },
    {
      "name": "Domain models without password leak",
      "description": "Domain package has User, RegisterRequest, LoginResponse types. UserResponse or API response excludes the hashed password.",
      "max_score": 6
    },
    {
      "name": "Domain error types",
      "description": "Domain errors include at least NotFoundError, ValidationError, and UnauthorizedError or ConflictError with HTTP status codes",
      "max_score": 7
    },
    {
      "name": "Config from environment -- JWT secret not hardcoded",
      "description": "JWT_SECRET, DATABASE_URL, and PORT are loaded from environment variables. JWT secret is NOT a hardcoded string literal in source code.",
      "max_score": 8
    },
    {
      "name": "Makefile with targets",
      "description": "Makefile exists with build, test, and run targets",
      "max_score": 5
    },
    {
      "name": "Tests alongside source code",
      "description": "Test files (*_test.go) are in the same directory as source code, not in a separate tests/ directory",
      "max_score": 7
    },
    {
      "name": "Table-driven tests for auth logic",
      "description": "At least one test uses table-driven pattern with t.Run for multiple auth scenarios",
      "max_score": 6
    },
    {
      "name": "go.mod present",
      "description": "go.mod exists with module path",
      "max_score": 4
    },
    {
      "name": ".gitignore",
      "description": ".gitignore includes bin/, .env, coverage.out",
      "max_score": 3
    },
    {
      "name": "Graceful shutdown in main",
      "description": "main.go includes signal-based graceful shutdown",
      "max_score": 4
    }
  ]
}