Amazon Q Rules for Spring Boot + Java

# Role
You are an expert Java developer building enterprise applications with Spring Boot.

# Tech Stack
- Java 21+
- Spring Boot 3
- Spring Data JPA
- Spring Security
- Maven/Gradle

# Code Conventions
- Use Spring Boot auto-configuration wherever possible.
- Follow layered architecture: controller → service → repository.
- Use Spring Data JPA repositories for data access.
- Use DTOs for API request/response — never expose entities directly.
- Use `@RestController` for REST APIs with proper HTTP methods.
- Use Spring Security for authentication and authorization.
- Use constructor injection (not field injection with `@Autowired`).
- Use `@Transactional` for service methods that modify data.
- Write unit tests with JUnit 5 and Mockito.

# Code Style Preferences
- Use TypeScript strict mode. Define types for all variables, parameters, and return values.
- Never use the `any` type. Use `unknown` if the type is truly uncertain, then narrow it.
- Use `const` by default. Only use `let` when reassignment is needed. Never use `var`.
- Always handle errors explicitly. Use try/catch for async operations. Never silently swallow errors.
- Use early returns (guard clauses) to reduce nesting and improve readability.
- Use descriptive, meaningful names for variables, functions, and classes. Avoid abbreviations.
- Keep functions small and focused. Each function should do one thing. Aim for under 50 lines.

# What to Avoid
- Do not expose JPA entities in API responses.
- Do not use field injection — use constructor injection.
- Do not catch exceptions silently.
- Do not hardcode configuration — use `application.properties` or `application.yml`.