chore: update CI workflow and agent configuration (#143)

- docker-build.yml: build on tags + main, set latest only on tags
- release-manager.agent.md: add one-PR-per-feature/fix rule

.github/agents/release-manager.agent.md

@@ -18,6 +18,38 @@ You are the release manager for **MedAssist-ng**. Your job is to guide code from
 
 ---
 
+## PR Strategy: One PR per Feature/Fix
+
+**Each feature or bug fix MUST be submitted as its own separate PR.** Do NOT bundle multiple unrelated changes into a single PR.
+
+**Why:**
+- Each change gets its own PR number for release notes (e.g., `(#140)`, `(#141)`)
+- CI tests each change in isolation — failures are easy to trace
+- Git blame and rollbacks are precise
+- Code review stays focused
+
+**Rules:**
+- One logical change = one branch = one PR
+- If a bug fix is discovered while working on a feature, create a **separate branch and PR** for the fix
+- Related changes (e.g., a feature + its tests) belong in the **same** PR
+- Squash-merge is still used — keeps `main` history clean with one commit per PR
+- Branch naming reflects the change: `fix/bottle-stock-calc`, `feat/theme-dropdown`, etc.
+
+**Example — bad (bundled):**
+```
+PR #138: "feat: theme dropdown, fix bottle bugs, fix planner, fix reminders"
+```
+
+**Example — good (separate):**
+```
+PR #138: "fix: bottle-type stock calculations across all subsystems"
+PR #139: "fix: intake reminder past-intake seeding"
+PR #140: "feat: theme dropdown with Light/Dark/System options"
+PR #141: "fix: planner checkbox layout on single line"
+```
+
+---
+
 ## Task 1: Branch, PR, and Merge Workflow
 
 When code changes (features or bug fixes) are complete and tested locally:

.github/workflows/docker-build.yml

@@ -3,11 +3,6 @@ name: Build and Push Docker Images
 on:
   push:
     branches: [main]
-    paths:
-      - 'backend/**'
-      - 'frontend/**'
-      - 'docker-compose*.yml'
-      - '.github/workflows/docker-build.yml'
     tags: ['v*']
   workflow_dispatch:
     inputs:
@@ -26,12 +21,13 @@ env:
 jobs:
   # =============================================================================
   # Build and Push Docker Images
+  # Triggered on pushes to main (tagged as "main") and version tags (v*).
   # Tests are NOT run here — branch protection on main requires all PR checks
   # (backend-test + frontend-build from test.yml) to pass before merge.
   # Tags are created from main, so code is already tested.
   #
-  # Tag builds (v*) always set "latest" in addition to the semver tags.
-  # This ensures "latest" always points to the most recent release.
+  # main push  → "main" tag only (for testing before release)
+  # Tag builds → semver tags (e.g., 1.9.0, 1.9) plus "latest"
   # =============================================================================
   build-and-push:
     runs-on: ubuntu-latest
@@ -71,7 +67,7 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
             type=raw,value=${{ github.event.inputs.tag || 'latest' }},enable=${{ github.event_name == 'workflow_dispatch' }}
-            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }}
+            type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
 
       - name: Build and push
         uses: docker/build-push-action@v5