platformplatform · tjementum · May 14, 2026 · May 14, 2026 · May 14, 2026 · May 14, 2026
diff --git a/.claude/skills/format/SKILL.md b/.claude/skills/format/SKILL.md
@@ -6,7 +6,7 @@ description: Auto-format code via the developer CLI - backend (.NET via JetBrain
 # Format
 
 ```bash
-dotnet run --project developer-cli -- format [--backend] [--frontend] [--cli] [--self-contained-system <name>] [--no-build] --quiet
+dotnet run --project developer-cli -- format [--backend] [--frontend] [--cli] [--self-contained-system <name>] [--no-build] [--all-files] --quiet
 ```
 
 Use `developer-cli` exactly as written - do not expand to an absolute worktree path.
@@ -16,8 +16,9 @@ Use `developer-cli` exactly as written - do not expand to an absolute worktree p
 - `--cli` - the developer CLI itself
 - `--self-contained-system <name>` - narrows backend formatting to one SCS (e.g. `account`, `main`)
 - `--no-build` - skip the `dotnet tool restore` step (faster after a recent run)
+- `--all-files` - format every file in the solution. Default is to format only `.cs` files changed against `origin/main` (faster).
 
-No arguments formats everything. Unformatted code fails CI - commit all changes, never revert.
+No arguments formats everything (changed-only by default). Unformatted code fails CI - commit all changes, never revert.
 
 After `build` succeeds, run `format`, `lint`, `test` in parallel with `--no-build`.
 

diff --git a/.claude/skills/lint/SKILL.md b/.claude/skills/lint/SKILL.md
@@ -6,7 +6,7 @@ description: Lint code via the developer CLI - backend (.NET via JetBrains inspe
 # Lint
 
 ```bash
-dotnet run --project developer-cli -- lint [--backend] [--frontend] [--cli] [--self-contained-system <name>] [--no-build] --quiet
+dotnet run --project developer-cli -- lint [--backend] [--frontend] [--cli] [--self-contained-system <name>] [--no-build] [--changed-only] --quiet
 ```
 
 Use `developer-cli` exactly as written - do not expand to an absolute worktree path.
@@ -16,18 +16,28 @@ Use `developer-cli` exactly as written - do not expand to an absolute worktree p
 - `--cli` - the developer CLI itself
 - `--self-contained-system <name>` - narrows backend linting to one SCS (e.g. `account`, `main`)
 - `--no-build` - skip the rebuild step (faster after a recent build)
+- `--changed-only` - lint only `.cs` files changed against `origin/main` (much faster; see guidance below)
 
-No arguments lints everything. Every finding fails CI regardless of severity - fix all of them.
+No arguments lints the whole solution. Every finding fails CI regardless of severity - fix all of them.
 
 After `build` succeeds, run `format`, `lint`, `test` in parallel with `--no-build`. Backend lint is slow - run last. Frontend lint often needs code rewrites - run after each bigger change.
 
+## When to use `--changed-only`
+
+Inspectcode has cross-file rules ("unused public method", "member can be private", flow analysis across method calls). `--changed-only` only inspects the listed files - it doesn't catch issues in untouched files that became invalid because of edits elsewhere.
+
+- **Routine work:** use `--changed-only`. Most lint findings are local (style, naming, hints) and the saving is large (~4m → ~30s).
+- **Larger changes that affect other files** (refactoring a public API, deleting a method's only caller, changing a widely-used type): omit `--changed-only` and lint the full solution.
+
+CI always lints the full solution, so anything missed by a local `--changed-only` run gets caught before merge.
+
 ## Examples
 
 ```bash
-dotnet run --project developer-cli -- lint --quiet                                          # everything
-dotnet run --project developer-cli -- lint --backend --quiet                                # all backend
-dotnet run --project developer-cli -- lint --frontend --quiet                               # frontend
-dotnet run --project developer-cli -- lint --backend --self-contained-system main --quiet   # one SCS
+dotnet run --project developer-cli -- lint --quiet                                                # everything (full solution)
+dotnet run --project developer-cli -- lint --backend --changed-only --quiet                       # backend, changed files only (recommended for routine work)
+dotnet run --project developer-cli -- lint --frontend --quiet                                     # frontend
+dotnet run --project developer-cli -- lint --backend --self-contained-system main --quiet         # one SCS, full
 ```
 
 ## Always pass --quiet

@@ -38,6 +38,10 @@ on:
         required: true
         type: string
 
+concurrency:
+  group: ${{ inputs.image_name }}-${{ inputs.azure_environment }}-deploy
+  cancel-in-progress: false
+
 jobs:
   deploy:
     name: Deploy

@@ -49,6 +49,10 @@ on:
         type: string
         default: "-"
 
+concurrency:
+  group: ${{ inputs.unique_prefix }}-${{ inputs.azure_environment }}-infrastructure
+  cancel-in-progress: false
+
 jobs:
   plan:
     name: Plan
@@ -67,6 +71,7 @@ jobs:
             should_deploy="false"
           fi
           echo "should_deploy=$should_deploy" >> $GITHUB_OUTPUT
+
       - name: Checkout Code
         uses: actions/checkout@v6
 

@@ -32,6 +32,10 @@ on:
       apply_migrations:
         required: true
         type: boolean
+      build_artifact_name:
+        description: "Name of the artifact uploaded by the caller's build-and-test job that contains application/**/bin and application/**/obj"
+        required: true
+        type: string
 
     outputs:
       has_migrations_to_apply:
@@ -68,9 +72,18 @@ jobs:
         working-directory: application
         run: dotnet tool restore
 
-      - name: Build Backend Solution
+      - name: Download Backend Build Artifacts
+        uses: actions/download-artifact@v8
+        with:
+          name: ${{ inputs.build_artifact_name }}
+          path: application
+
+      # The artifact carries bin/ and obj/ but not the global NuGet package cache.
+      # `dotnet ef --no-build` loads compiled assemblies that reference packages by
+      # absolute path under ~/.nuget/packages — those must exist on this runner.
+      - name: Restore .NET Dependencies
         working-directory: application
-        run: dotnet build ${{ inputs.relative_startup_project }}
+        run: dotnet restore ${{ inputs.relative_startup_project }}
 
       - name: Login to Azure
         uses: azure/login@v3
@@ -93,7 +106,7 @@ jobs:
         run: |
           ENTRA_USER=$(az postgres flexible-server microsoft-entra-admin list --resource-group ${{ env.CLUSTER_RESOURCE_GROUP_NAME }} --server-name ${{ env.POSTGRES_SERVER_NAME }} --query "[0].principalName" --output tsv)
           CONNECTION_STRING="Host=${{ env.POSTGRES_HOST }};Database=${{ inputs.database_name }};Username=$ENTRA_USER;Password=$(az account get-access-token --resource-type oss-rdbms --query accessToken --output tsv);Ssl Mode=VerifyFull;"
-          
+
           echo "Checking for pending migrations..."
           MIGRATION_INFO=$(dotnet ef migrations list \
             --project ${{ inputs.relative_project_path }} \
@@ -102,12 +115,12 @@ jobs:
             --connection "$CONNECTION_STRING" \
             --no-build \
             --json)
-          
+
           MIGRATION_JSON=$(echo "$MIGRATION_INFO" | sed -n '/^[{[]/,$p')
           PENDING_MIGRATIONS_JSON=$(echo "$MIGRATION_JSON" | jq '[.[] | select(.applied == false)]')
           PENDING_MIGRATIONS_COUNT=$(echo "$PENDING_MIGRATIONS_JSON" | jq '. | length')
           LAST_APPLIED_MIGRATION=$(echo "$MIGRATION_JSON" | jq -r '[.[] | select(.applied == true) | .id] | sort | last // "0"')
-          
+
           if [ "$PENDING_MIGRATIONS_COUNT" -gt "0" ]; then
             LAST_PENDING_MIGRATION=$(echo "$PENDING_MIGRATIONS_JSON" | jq -r '.[-1].id')
             echo "$PENDING_MIGRATIONS_COUNT pending migration(s) detected:"
@@ -122,13 +135,13 @@ jobs:
               --idempotent \
               --no-build \
               --output migration.sql
-            
+
             echo "has_migrations_to_apply=true" >> $GITHUB_OUTPUT
-            
+
             echo "migration_script<<EOF" >> $GITHUB_OUTPUT
             cat migration.sql >> $GITHUB_OUTPUT
             echo "EOF" >> $GITHUB_OUTPUT
-            
+
             echo "migration_json<<EOF" >> $GITHUB_OUTPUT
             echo "$PENDING_MIGRATIONS_JSON" >> $GITHUB_OUTPUT
             echo "EOF" >> $GITHUB_OUTPUT
@@ -165,22 +178,22 @@ jobs:
         with:
           script: |
             const migrationJson = JSON.parse(process.env.MIGRATION_JSON);
-            
+
             const migrationsList = migrationJson.map(m => `- ${m.name} (${m.id})`).join('\n');
-            
+
             const migrationInfo = `## Approve Database Migration \`${{ inputs.database_name }}\` database on \`${{ inputs.azure_environment }}\`
-            
+
             The following pending migration(s) will be applied to the database when approved:
             ${migrationsList}
-            
+
             ### Migration Script
             \`\`\`sql
             ${process.env.MIGRATION_SCRIPT}
             \`\`\`
             `;
-            
+
             console.log(migrationInfo);
-            
+
             core.setOutput('markdown', migrationInfo);
 
       - name: Add Migration Information to Pull Request