diff --git a/.claude/agents/bootstrap-script.md b/.claude/agents/bootstrap-script.md new file mode 100644 index 0000000..c122c11 --- /dev/null +++ b/.claude/agents/bootstrap-script.md @@ -0,0 +1,34 @@ +# Bootstrap Script Agent + +Create a bash script that automates the setup and running of this application. + +## Instructions + +1. Follow the README.md file and create a bash script called `bootstrap.sh` saved in the `/scripts` folder +2. The script should follow all commands under "Running the app on host" and "Build and run" sections +3. For each command, write out a log that appends a line indicating: + - The command to be run + - Success or failure of that command + - If there was an error, write the error or error code to that line + - If it is an error code, attempt to map that to the text of the error code + +## Requirements + +- Add the option to run non-interactively, passing a flagged override variable +- Create logic to determine which operating system is running (macOS, Windows, Linux) +- Provide usage information when given a `-h` or `--help` flag +- If any prerequisites are missing, add those to the script +- If there are steps that require human intervention, note that as a comment and log message + +## Testing + +- Create a `/tests` directory under `/scripts` +- Create a suite of unit tests that covers all script functionality, input options, and error cases +- Use BATS (Bash Automated Testing System) or similar shell testing framework +- Execute tests and report the pass rate + +## Documentation + +- Update the README.md to use the shell script as an alternative to running all steps manually +- Document any prerequisites or steps that require human intervention +- Add a README.md under `scripts/tests` describing setup, install steps, and how to execute tests diff --git a/.claude/agents/feature-discovery.md b/.claude/agents/feature-discovery.md new file mode 100644 index 0000000..ab433ae --- /dev/null +++ b/.claude/agents/feature-discovery.md @@ -0,0 +1,59 @@ +# Feature Discovery Agent + +Analyze the application to derive and document all major features and subfeatures. + +## Instructions + +1. Browse the application (localhost:8080) and recursively analyze links and pages +2. Perform multiple "random walks" through the website structure +3. Create a file called `high_level_features.md` in the repository root + +## Methodology + +Feature discovery should include: + +### 1. Frontend Route Analysis +- Examine React Router configuration to identify all navigable pages +- Document URL patterns and route parameters + +### 2. Navigation Component Inspection +- Analyze NavBar and Footer components +- Discover all user-facing navigation links + +### 3. API Endpoint Mapping +- Trace REST API controllers in microservices +- Document controller responsibilities + +### 4. Component Deep Dive +- Read individual React components +- Understand feature implementation details + +### 5. Data Model Analysis +- Examine domain objects and entities +- Understand data relationships + +### 6. Service Logic Review +- Analyze backend service implementations +- Document business logic flows + +## Output Format + +The `high_level_features.md` should include: + +1. **Methodology Section** - Explain the approach used for discovery +2. **Major Feature Areas** - Numbered sections for each major feature +3. **Subfeatures** - Detailed breakdown under each major feature +4. **Microservices Architecture** - Table of services and responsibilities +5. **Data Storage** - Database layer documentation +6. **Feature Summary Matrix** - Table showing implemented vs not implemented features + +## Categories to Consider + +- Product Catalog +- Shopping Cart +- Checkout & Orders +- User Authentication +- Homepage & Marketing +- Navigation & UI +- Search functionality +- Recommendations diff --git a/.claude/agents/gh-issue.md b/.claude/agents/gh-issue.md new file mode 100644 index 0000000..cee4a15 --- /dev/null +++ b/.claude/agents/gh-issue.md @@ -0,0 +1,29 @@ +# GitHub Issue Creation Agent + +Create a new GitHub issue in the active repository with an `issue_ingestion` label. + +## Instructions + +1. Ask the user for: + - **Title**: A concise title for the issue + - **Description**: A detailed description of the issue + +2. Create the issue using the GitHub CLI (`gh`) with: + - The provided title + - The provided description as the body + - The label `issue_ingestion` + +## Command + +```bash +gh issue create --title "" --body "<description>" --label "issue_ingestion" +``` + +## Notes + +- If the `issue_ingestion` label does not exist in the repository, create it first: + ```bash + gh label create "issue_ingestion" --description "Issue created via ingestion process" --color "0E8A16" + ``` +- Ensure the user is authenticated with `gh auth status` +- Return the issue URL upon successful creation diff --git a/.claude/agents/issue-implementor.md b/.claude/agents/issue-implementor.md new file mode 100644 index 0000000..57e7045 --- /dev/null +++ b/.claude/agents/issue-implementor.md @@ -0,0 +1,175 @@ +# Issue Implementor Agent + +Implement GitHub issues that have been processed and labeled `ingested`. + +## Instructions + +### 1. Issue Selection (Auto-Prioritization Mode) + +List all open issues with the `ingested` label: +```bash +gh issue list --label "ingested" --state open --json number,title,body,labels +``` + +Analyze each issue and score complexity based on: +- Number of files likely to be modified +- Number of services affected +- Dependencies on other features +- Estimated lines of code +- Integration complexity + +Select the **least complex** issue to implement first. + +### 2. Issue Selection (Chooser Mode) + +Skip prioritization and implement the specific issue number provided by the user. + +### 3. Branch Creation + +Create a feature branch named after the issue number: +```bash +git checkout -b issue-<number> +``` + +### 4. Implementation + +#### Backend Changes (Python) +All backend changes go in the `python_services/` directory: +- Follow existing patterns in the codebase +- Create or modify service files +- Update API endpoints as needed +- Add database migrations if required + +#### Frontend Changes (Next.js) +All frontend changes go in the `nextjs-frontend/` directory: +- Follow existing component patterns +- Update pages/routes as needed +- Add/modify API client calls +- Update styles following existing conventions + +### 5. Test-Driven Development + +#### Unit Tests First +Before writing implementation code: +1. Create unit test files following project conventions +2. Write tests that cover: + - Happy path scenarios + - Edge cases + - Error handling + - Boundary conditions + +#### Backend Tests (`python_services/`) +```python +# tests/test_<feature>.py +import pytest + +class Test<Feature>: + def test_<scenario>(self): + # Arrange, Act, Assert + pass +``` + +#### Frontend Tests (`nextjs-frontend/`) +```javascript +// __tests__/<component>.test.tsx +import { render, screen } from '@testing-library/react' + +describe('<Component>', () => { + it('should <behavior>', () => { + // Test implementation + }) +}) +``` + +### 6. Implementation Iteration + +Iterate until: +- [ ] All unit tests pass +- [ ] Code coverage > 80% for files touched +- [ ] No linting errors +- [ ] Type checks pass (if applicable) + +#### Check Coverage + +**Python:** +```bash +cd python_services +pytest --cov=. --cov-report=term-missing --cov-fail-under=80 +``` + +**Next.js:** +```bash +cd nextjs-frontend +npm run test -- --coverage --coverageThreshold='{"global":{"lines":80}}' +``` + +### 7. Verification Loop + +``` +while (tests_failing OR coverage < 80%): + if tests_failing: + analyze_failure() + fix_code_or_test() + if coverage < 80%: + identify_uncovered_lines() + add_tests_for_uncovered_code() + run_tests() +``` + +### 8. Completion + +Once all criteria are met: +1. Stage all changes: `git add .` +2. Create commit with descriptive message referencing the issue: + ```bash + git commit -m "Implement #<number>: <issue title> + + - <summary of changes> + - Tests added with >80% coverage + + Closes #<number>" + ``` +3. Report summary of: + - Files created/modified + - Test count and pass rate + - Coverage percentage + - Any notes or follow-up items + +### 9. Label Update + +Update the issue label: +```bash +gh issue edit <number> --remove-label "ingested" --add-label "implemented" +``` + +Create the label if it doesn't exist: +```bash +gh label create "implemented" --description "Issue has been implemented and is ready for review" --color "0E8A16" +``` + +## Directory Structure Reference + +``` +python_services/ +├── src/ +│ └── <service>/ +├── tests/ +│ └── test_<feature>.py +└── requirements.txt + +nextjs-frontend/ +├── src/ +│ ├── components/ +│ ├── pages/ +│ └── lib/ +├── __tests__/ +└── package.json +``` + +## Quality Gates + +- [ ] All tests pass +- [ ] Coverage > 80% on touched files +- [ ] No new linting errors +- [ ] Code follows existing patterns +- [ ] Acceptance criteria from issue are met diff --git a/.claude/agents/issue-inquisitor.md b/.claude/agents/issue-inquisitor.md new file mode 100644 index 0000000..604027c --- /dev/null +++ b/.claude/agents/issue-inquisitor.md @@ -0,0 +1,200 @@ +# Issue Inquisitor Agent + +Process GitHub issues labeled `issue_ingestion` and transform them into detailed user stories with technical specifications. + +## Instructions + +1. **Enumerate Issues**: List all open issues in the repository with the label `issue_ingestion` + ```bash + gh issue list --label "issue_ingestion" --state open --json number,title,body,url + ``` + +2. **For Each Issue**, analyze and attempt to expand it into a comprehensive user story + +3. **Research Context**: Before writing specs, gather context from: + - `README.md` files throughout the codebase + - Files under `generated_docs/` directory + - Relevant source code related to the issue + - OpenAPI/Swagger specifications if applicable + - Existing test files for patterns + +4. **Evaluate Completeness**: Determine if sufficient information exists to create a satisfactory user story. + +--- + +## Path A: Sufficient Information (Can Create User Story) + +If enough context exists, create a **User Story** with the following sections: + +### User Story Format +``` +## User Story +As a [type of user], I want [goal] so that [benefit]. + +## Technical Specifications +- Architecture impact +- Services/components affected +- API changes required +- Database/schema changes +- Configuration changes + +## Prerequisites +- Required dependencies +- Environment setup +- Required services running +- Access/permissions needed + +## Dependencies +- Other issues/features this depends on +- External libraries or services +- Blocking items + +## Implementation Notes +- Suggested approach +- Files likely to be modified +- Patterns to follow from existing code + +## Acceptance Criteria +- [ ] Criterion 1 +- [ ] Criterion 2 +- [ ] Criterion 3 +- [ ] Unit tests added +- [ ] Integration tests pass +- [ ] Documentation updated +``` + +### Update the Issue (Success Path): +```bash +gh issue edit <number> --body "<new_body>" +gh issue edit <number> --remove-label "issue_ingestion" --add-label "ingested" +``` + +--- + +## Path B: Insufficient Information (Needs Clarification) + +If the issue **cannot** create a satisfactory user story given the relevant docs and codebase: + +### Step 1: Enumerate Missing Information +Identify what is missing to craft a complete user story: +- Missing business requirements +- Unclear acceptance criteria +- Undefined user personas +- Missing technical context +- Ambiguous scope +- Unknown dependencies +- Missing design/UX specifications + +### Step 2: Create Clarification Branch +```bash +git checkout -b clarification_<issue_number> +``` + +### Step 3: Document Deficits +Create or update documentation files to indicate what is missing: + +**Create `generated_docs/clarifications/issue_<number>_clarification.md`:** +```markdown +# Clarification Needed: Issue #<number> + +## Original Issue +<title> + +## Missing Information + +### 1. [Category of Missing Info] +- What is missing: <description> +- Why it's needed: <explanation> +- Suggested source: <where this info should come from> +- Hints/Suggestions: <any partial information or guesses> + +### 2. [Category of Missing Info] +... + +## Suggested Resources to Update +| Resource | What Should Be Added | +|----------|---------------------| +| `README.md` | <suggestion> | +| `generated_docs/<file>` | <suggestion> | +| `high_level_features.md` | <suggestion> | + +## Questions for Stakeholder +1. <specific question> +2. <specific question> +3. <specific question> +``` + +### Step 4: Commit and Push Branch +```bash +git add . +git commit -m "Clarification needed for issue #<number>: <title> + +Documents missing information required to create user story. +See generated_docs/clarifications/issue_<number>_clarification.md" +git push -u origin clarification_<issue_number> +``` + +### Step 5: Update the Issue +Add a **Clarification Needed** section to the issue body: + +```markdown +--- + +## ⚠️ Clarification Needed + +This issue requires additional information before implementation can proceed. + +### Summary of Deficits +- <deficit 1> +- <deficit 2> +- <deficit 3> + +### Clarification Branch +See branch [`clarification_<issue_number>`](../../tree/clarification_<issue_number>) for detailed documentation of missing information. + +### Questions +1. <question 1> +2. <question 2> + +### Suggested Resources +The following resources may need to be updated with the missing information: +- `<resource 1>` +- `<resource 2>` + +--- +``` + +### Step 6: Update Labels +```bash +gh issue edit <number> --remove-label "issue_ingestion" --add-label "needs_clarification" +``` + +--- + +## Label Setup + +Create labels if they don't exist: +```bash +gh label create "ingested" --description "Issue has been processed and expanded into user story" --color "5319E7" +gh label create "needs_clarification" --description "Issue requires additional information before proceeding" --color "FBCA04" +``` + +## Context Sources + +When researching, prioritize these sources: +1. `README.md` - Project overview and setup +2. `generated_docs/` - Auto-generated documentation +3. `high_level_features.md` - Feature inventory +4. `**/openapi.yaml` - API specifications +5. Service-specific READMEs in each microservice directory +6. `scripts/tests/README.md` - Testing patterns + +## Output + +For each processed issue, report: +- Issue number and title +- Path taken (A: User Story Created, or B: Needs Clarification) +- If Path A: Show the generated user story +- If Path B: List missing information and link to clarification branch +- Confirm the label update +- Report any issues that couldn't be processed diff --git a/.claude/agents/parity-tests.md b/.claude/agents/parity-tests.md new file mode 100644 index 0000000..14dbf87 --- /dev/null +++ b/.claude/agents/parity-tests.md @@ -0,0 +1,40 @@ +# Parity Tests Agent + +Create functional/parity tests in Python to cover all API endpoints defined in the Swagger documentation. + +## Instructions + +1. For each service represented in the Swagger documentation, create a test folder +2. Folder naming convention: `parity-tests/{service}-tests/` where `{service}` is the name of the swagger document +3. Create Python unit tests to cover all endpoints + +## Test Structure + +For each service create: +- `test_{service}.py` - Main test file with all endpoint tests +- `conftest.py` - Pytest fixtures and configuration +- `requirements.txt` - Python dependencies (pytest, requests, etc.) + +## Test Coverage + +Each test file should include tests for: +- All GET endpoints with expected responses +- All POST endpoints with valid payloads +- Error cases (invalid input, missing parameters) +- Response schema validation against OpenAPI specs + +## Requirements + +- Use pytest as the testing framework +- Use requests library for HTTP calls +- Base URL should be configurable (default to localhost) +- Tests should be runnable independently +- Include setup/teardown for test data where needed + +## Running Tests + +Create a `run_all_tests.sh` script at the root of `parity-tests/` that: +- Sets up a Python virtual environment +- Installs dependencies +- Runs all test suites +- Reports pass/fail summary diff --git a/.claude/agents/run-local.md b/.claude/agents/run-local.md new file mode 100644 index 0000000..644eeea --- /dev/null +++ b/.claude/agents/run-local.md @@ -0,0 +1,101 @@ +# Run Local Agent + +Start all Python microservices and the Next.js frontend locally for development. + +## Instructions + +### 1. Prerequisites Check + +Verify required tools are installed: +```bash +python3 --version +node --version +npm --version +``` + +### 2. Start Infrastructure (Docker) + +Start PostgreSQL and Eureka server using Docker: +```bash +cd python-services +docker-compose up -d postgres eureka-server +``` + +Wait for services to be healthy before proceeding. + +### 3. Start Python Microservices + +Start each Python service in the background. Each service runs on its designated port: + +| Service | Port | Directory | +|---------|------|-----------| +| products-service | 8082 | python-services/products-service | +| cart-service | 8083 | python-services/cart-service | +| checkout-service | 8084 | python-services/checkout-service | +| login-service | 8085 | python-services/login-service | +| api-gateway | 8081 | python-services/api-gateway | + +For each service: +```bash +cd python-services/<service-name> +pip install -r requirements.txt # if needed +python -m uvicorn main:app --host 0.0.0.0 --port <PORT> & +``` + +Environment variables needed: +- `DATABASE_URL=postgresql://postgres:password@localhost:5432/bookstore` +- `EUREKA_URI=http://localhost:8761/eureka` + +### 4. Start Next.js Frontend + +Start the frontend on port 1123: +```bash +cd nextjs-frontend +npm install # if needed +npm run dev -- -p 1123 +``` + +### 5. Open Browser + +After all services are running, open Chrome to the frontend: +```bash +# macOS +open -a "Google Chrome" http://localhost:1123 + +# Linux +google-chrome http://localhost:1123 || xdg-open http://localhost:1123 + +# Windows +start chrome http://localhost:1123 +``` + +### 6. Health Checks + +Verify services are running: +- Frontend: http://localhost:1123 +- API Gateway: http://localhost:8081/health +- Products: http://localhost:8082/health +- Cart: http://localhost:8083/health +- Checkout: http://localhost:8084/health +- Login: http://localhost:8085/health +- Eureka: http://localhost:8761 + +## Cleanup + +To stop all services: +```bash +# Kill Python services +pkill -f "uvicorn" + +# Stop Docker services +cd python-services && docker-compose down + +# Kill Next.js +pkill -f "next dev" +``` + +## Troubleshooting + +- If a port is already in use, kill the process: `lsof -ti:<PORT> | xargs kill -9` +- If database connection fails, ensure PostgreSQL is running and healthy +- If Eureka registration fails, services will still work but won't be discoverable diff --git a/.claude/agents/swagger-docs.md b/.claude/agents/swagger-docs.md new file mode 100644 index 0000000..1e1a8a1 --- /dev/null +++ b/.claude/agents/swagger-docs.md @@ -0,0 +1,40 @@ +# Swagger Documentation Agent + +Create OpenAPI/Swagger definitions for all microservices in this application. + +## Instructions + +1. Iterate through the Java code and identify all services +2. Create OpenAPI 3.0 specifications for each service +3. Save each specification in the service's directory as `openapi.yaml` + +## Services to Document + +Analyze and document all microservices found in the codebase, typically including: +- API Gateway +- Products Microservice +- Cart Microservice +- Checkout Microservice +- Login Microservice +- React UI BFF (Backend for Frontend) + +## Specification Requirements + +For each service, the OpenAPI spec should include: +- Service title and description +- Server URL (localhost port) +- All REST endpoints with: + - HTTP method + - Path and path parameters + - Query parameters + - Request body schemas + - Response schemas and status codes + - Operation IDs and tags +- Component schemas for all domain objects +- Authentication/security schemes if applicable + +## Output + +- Create `openapi.yaml` in each microservice directory +- Ensure specs are valid OpenAPI 3.0 format +- Include meaningful descriptions for all endpoints and schemas diff --git a/.claude/agents/verification.md b/.claude/agents/verification.md new file mode 100644 index 0000000..590e5ca --- /dev/null +++ b/.claude/agents/verification.md @@ -0,0 +1,322 @@ +# Verification Agent + +Perform quality checks on GitHub issues labeled `ingested` by running functional tests and identifying defects. + +## Instructions + +### 1. Enumerate Issues + +List all open issues with the `ingested` label: +```bash +gh issue list --label "ingested" --state open --json number,title,body,url,labels +``` + +### 2. For Each Issue + +#### Step 1: Checkout the Implementation Branch +```bash +git fetch origin +git checkout issue-<number> +``` + +If no branch exists, skip this issue and report it. + +#### Step 2: Start Required Services + +**Python Backend Services (`python_services/`):** +```bash +cd python_services +python -m venv venv +source venv/bin/activate # or venv\Scripts\activate on Windows +pip install -r requirements.txt +python -m uvicorn main:app --host 0.0.0.0 --port 8000 & +``` + +**Next.js Frontend (`nextjs-frontend/`):** +```bash +cd nextjs-frontend +npm install +npm run dev & +``` + +**Wait for services to be ready:** +```bash +# Health check endpoints +curl --retry 10 --retry-delay 2 http://localhost:8000/health +curl --retry 10 --retry-delay 2 http://localhost:3000 +``` + +#### Step 3: Identify Test Scope + +Based on the issue's technical specifications and acceptance criteria: +- Identify which services/components were modified +- Determine relevant API endpoints to test +- Identify UI flows to validate +- Review acceptance criteria for testable assertions + +#### Step 4: Create/Update Test Assets + +**Create functional tests in `parity-tests/verification/`:** + +```python +# parity-tests/verification/test_issue_<number>.py +import pytest +import requests + +class TestIssue<Number>: + """ + Verification tests for Issue #<number>: <title> + + Acceptance Criteria: + - [ ] Criterion 1 + - [ ] Criterion 2 + """ + + BASE_URL = "http://localhost:8000" + FRONTEND_URL = "http://localhost:3000" + + @pytest.fixture(autouse=True) + def setup(self): + """Setup test data and preconditions""" + pass + + def test_acceptance_criterion_1(self): + """Verify: <criterion 1>""" + # Arrange + # Act + # Assert + pass + + def test_acceptance_criterion_2(self): + """Verify: <criterion 2>""" + pass + + def test_edge_case_1(self): + """Edge case: <description>""" + pass + + def test_error_handling(self): + """Verify proper error handling""" + pass +``` + +**For UI tests, use Playwright or Selenium:** +```python +# parity-tests/verification/test_issue_<number>_ui.py +from playwright.sync_api import sync_playwright +import pytest + +class TestIssue<Number>UI: + def test_ui_flow(self): + with sync_playwright() as p: + browser = p.chromium.launch() + page = browser.new_page() + page.goto("http://localhost:3000") + # UI assertions + browser.close() +``` + +#### Step 5: Execute Tests + +```bash +cd parity-tests/verification +pytest test_issue_<number>.py -v --tb=long 2>&1 | tee test_output_<number>.log +``` + +#### Step 6: Debug Loop + +``` +while tests_failing: + analyze_failure(test_output) + + if is_test_issue: + fix_test() + elif is_code_bug: + document_bug() + break # Exit loop to create bug issue + + run_tests_again() +``` + +### 3. Handle Test Results + +#### Path A: All Tests Pass +- Mark verification as complete +- Add comment to original issue with test results +- Update issue label from `ingested` to `verified` + +```bash +gh issue comment <number> --body "## ✅ Verification Complete + +All functional tests passed. + +**Test Results:** +- Tests run: X +- Passed: X +- Failed: 0 + +**Services Tested:** +- Backend API: ✅ +- Frontend UI: ✅ + +**Coverage:** +- Acceptance criteria verified: X/X +" + +gh issue edit <number> --remove-label "ingested" --add-label "verified" +``` + +#### Path B: Bugs Found + +For each bug discovered: + +##### Step 1: Root Cause Analysis +- Identify the failing test and error message +- Trace through code to find the root cause +- Determine if it's a regression, new bug, or edge case +- Document the code path that leads to the failure + +##### Step 2: Create Reproduction Steps +```markdown +## Steps to Reproduce +1. Start the application with `<command>` +2. Navigate to <location> or call <endpoint> +3. Perform <action> +4. Observe <unexpected behavior> + +## Expected Behavior +<what should happen> + +## Actual Behavior +<what actually happens> + +## Error Output +``` +<stack trace or error message> +``` +``` + +##### Step 3: Create Bug Issue + +```bash +gh issue create \ + --title "Bug: <concise description>" \ + --label "ingested" \ + --label "bug" \ + --body "$(cat <<'EOF' +## Bug Report + +**Found during verification of:** Issue #<original_number> +**Branch:** `issue-<original_number>` + +## Summary +<brief description of the bug> + +## Root Cause Analysis +**Location:** `<file_path>:<line_number>` +**Cause:** <explanation of why the bug occurs> +**Code Path:** +1. <step 1 in code execution> +2. <step 2> +3. <failure point> + +## Steps to Reproduce +1. Start services: `<command>` +2. <step 2> +3. <step 3> +4. Observe: <unexpected behavior> + +## Expected Behavior +<what should happen> + +## Actual Behavior +<what actually happens> + +## Error Output +``` +<stack trace or error message> +``` + +## Failing Test +```python +<test code that demonstrates the bug> +``` + +## Suggested Fix +<if apparent, suggest how to fix> + +## Environment +- Branch: `issue-<original_number>` +- Python version: <version> +- Node version: <version> + +## Related Issues +- Parent issue: #<original_number> +EOF +)" +``` + +##### Step 4: Update Original Issue + +```bash +gh issue comment <original_number> --body "## ⚠️ Verification Found Issues + +Functional testing discovered the following bugs: + +| Bug | Description | Severity | +|-----|-------------|----------| +| #<bug_number> | <description> | <high/medium/low> | + +Verification cannot complete until these issues are resolved. +" + +gh issue edit <original_number> --remove-label "ingested" --add-label "blocked" +``` + +### 4. Cleanup + +After verification (pass or fail): +```bash +# Stop background services +pkill -f "uvicorn main:app" +pkill -f "npm run dev" + +# Return to main branch +git checkout main +``` + +--- + +## Label Setup + +Create labels if they don't exist: +```bash +gh label create "verified" --description "Issue has passed verification testing" --color "0E8A16" +gh label create "bug" --description "Bug or defect found" --color "D73A4A" +gh label create "blocked" --description "Issue is blocked by dependencies or bugs" --color "B60205" +``` + +## Directory Structure + +``` +parity-tests/ +├── verification/ +│ ├── conftest.py +│ ├── requirements.txt +│ ├── test_issue_<number>.py +│ ├── test_issue_<number>_ui.py +│ └── test_output_<number>.log +``` + +## Output + +For each processed issue, report: +- Issue number and title +- Services started and health status +- Tests created and executed +- Test results (pass/fail counts) +- If bugs found: + - Bug issue numbers created + - Root cause summaries + - Reproduction steps +- Final label status diff --git a/.claude/commands/bootstrap.md b/.claude/commands/bootstrap.md new file mode 100644 index 0000000..46e6af5 --- /dev/null +++ b/.claude/commands/bootstrap.md @@ -0,0 +1,13 @@ +Create or update the bootstrap script for this application. + +Follow the instructions in `.claude/agents/bootstrap-script.md` to: + +1. Create a bash script (`scripts/bootstrap.sh`) that automates the setup and running of the application +2. Follow all commands from the README.md "Running the app on host" and "Build and run" sections +3. Add logging for each command with success/failure status +4. Support cross-platform execution (macOS, Windows, Linux) +5. Add `-h`/`--help` flag for usage information +6. Create unit tests in `scripts/tests/` using BATS framework +7. Update documentation as needed + +Run the script and tests, fixing any issues until all tests pass. diff --git a/.claude/commands/features.md b/.claude/commands/features.md new file mode 100644 index 0000000..cbdd196 --- /dev/null +++ b/.claude/commands/features.md @@ -0,0 +1,16 @@ +Analyze the application and document all major features. + +Follow the instructions in `.claude/agents/feature-discovery.md` to: + +1. Analyze the frontend routes, components, and navigation +2. Map API endpoints and controllers +3. Review data models and service logic +4. Create `high_level_features.md` in the repository root + +The document should include: +- Methodology section explaining the discovery approach +- Major feature areas (Product Catalog, Shopping Cart, Checkout, Auth, etc.) +- Detailed subfeatures under each area +- Microservices architecture table +- Data storage documentation +- Feature summary matrix (implemented vs not implemented) diff --git a/.claude/commands/gh_issue.md b/.claude/commands/gh_issue.md new file mode 100644 index 0000000..0bed15d --- /dev/null +++ b/.claude/commands/gh_issue.md @@ -0,0 +1,11 @@ +Create a new GitHub issue in the active repository. + +Ask the user for: +1. **Title**: What should be the issue title? +2. **Description**: What is the detailed description of the issue? + +Then create the issue with the label `issue_ingestion` using the GitHub CLI. + +If the `issue_ingestion` label doesn't exist, create it first with a green color. + +Return the URL of the created issue. diff --git a/.claude/commands/issue_implementor.md b/.claude/commands/issue_implementor.md new file mode 100644 index 0000000..3490292 --- /dev/null +++ b/.claude/commands/issue_implementor.md @@ -0,0 +1,18 @@ +Implement the least complex GitHub issue labeled `ingested`. + +Follow the instructions in `.claude/agents/issue-implementor.md` to: + +1. **List all `ingested` issues** and analyze their complexity +2. **Select the least complex** issue to implement +3. **Create a branch** named `issue-<number>` +4. **Implement the feature**: + - Backend changes in `python_services/` + - Frontend changes in `nextjs-frontend/` +5. **Write unit tests first** (TDD approach) +6. **Iterate** until: + - All tests pass + - Coverage > 80% for files touched +7. **Commit changes** with a message referencing the issue +8. **Update label** from `ingested` to `implemented` + +Report the final test results, coverage percentage, and files modified. diff --git a/.claude/commands/issue_implementor_chooser.md b/.claude/commands/issue_implementor_chooser.md new file mode 100644 index 0000000..c9053dd --- /dev/null +++ b/.claude/commands/issue_implementor_chooser.md @@ -0,0 +1,19 @@ +Implement a specific GitHub issue by number. + +Ask the user: **What is the issue number to implement?** + +Then follow the instructions in `.claude/agents/issue-implementor.md` to: + +1. **Fetch the specified issue** (skip complexity prioritization) +2. **Create a branch** named `issue-<number>` +3. **Implement the feature**: + - Backend changes in `python_services/` + - Frontend changes in `nextjs-frontend/` +4. **Write unit tests first** (TDD approach) +5. **Iterate** until: + - All tests pass + - Coverage > 80% for files touched +6. **Commit changes** with a message referencing the issue +7. **Update label** from `ingested` to `implemented` + +Report the final test results, coverage percentage, and files modified. diff --git a/.claude/commands/issue_inquisitor.md b/.claude/commands/issue_inquisitor.md new file mode 100644 index 0000000..cd26415 --- /dev/null +++ b/.claude/commands/issue_inquisitor.md @@ -0,0 +1,37 @@ +Process GitHub issues labeled `issue_ingestion` and expand them into detailed user stories. + +Follow the instructions in `.claude/agents/issue-inquisitor.md` to: + +1. **List all issues** with the `issue_ingestion` label + +2. **For each issue**, research context from `README.md` files, `generated_docs/`, and the codebase + +3. **Evaluate if sufficient information exists** to create a complete user story + +4. **If sufficient information (Path A)**: + - Create a comprehensive user story including: + - User story statement (As a... I want... so that...) + - Technical specifications + - Prerequisites + - Dependencies + - Implementation notes + - Acceptance criteria with checkboxes + - Update the issue body with the expanded content + - Change the label from `issue_ingestion` to `ingested` + +5. **If insufficient information (Path B)**: + - Enumerate what information is missing + - Create a branch named `clarification_<issue_number>` + - Document deficits in `generated_docs/clarifications/issue_<number>_clarification.md` + - Indicate which resources should contain the missing information + - Include suggestions and hints for filling gaps + - Push the branch to remote + - Update the issue with a **Clarification Needed** section summarizing deficits + - Reference the clarification branch in the issue + - Change the label from `issue_ingestion` to `needs_clarification` + +6. **Report** on all processed issues: + - Which path was taken (user story created vs needs clarification) + - Links to updated issues and any clarification branches created + +Create labels (`ingested`, `needs_clarification`) if they don't exist. diff --git a/.claude/commands/parity-tests.md b/.claude/commands/parity-tests.md new file mode 100644 index 0000000..7273402 --- /dev/null +++ b/.claude/commands/parity-tests.md @@ -0,0 +1,11 @@ +Create or update Python parity tests for all API endpoints. + +Follow the instructions in `.claude/agents/parity-tests.md` to: + +1. For each service in the Swagger documentation, create a test folder under `parity-tests/{service}-tests/` +2. Create Python pytest tests covering all endpoints +3. Include tests for success cases, error cases, and schema validation +4. Create `conftest.py` with fixtures and `requirements.txt` for dependencies +5. Create `run_all_tests.sh` script to execute all test suites + +Run the tests and report the pass/fail summary. diff --git a/.claude/commands/run_local.md b/.claude/commands/run_local.md new file mode 100644 index 0000000..8104d53 --- /dev/null +++ b/.claude/commands/run_local.md @@ -0,0 +1,15 @@ +Start all services locally and open Chrome to the website. + +Follow the instructions in `.claude/agents/run-local.md` to: + +1. **Start Docker infrastructure** (PostgreSQL, Eureka) +2. **Start Python microservices** in background: + - products-service (port 8082) + - cart-service (port 8083) + - checkout-service (port 8084) + - login-service (port 8085) + - api-gateway (port 8081) +3. **Start Next.js frontend** on port **1123** +4. **Open Chrome** to http://localhost:1123 + +Run services in background where possible to avoid blocking. Report the status of each service as it starts. diff --git a/.claude/commands/swagger.md b/.claude/commands/swagger.md new file mode 100644 index 0000000..a4be929 --- /dev/null +++ b/.claude/commands/swagger.md @@ -0,0 +1,17 @@ +Create or update OpenAPI/Swagger documentation for all microservices. + +Follow the instructions in `.claude/agents/swagger-docs.md` to: + +1. Iterate through the Java code and identify all services +2. Create OpenAPI 3.0 specifications for each service +3. Save each specification as `openapi.yaml` in the respective service directory + +Services to document: +- API Gateway Microservice +- Products Microservice +- Cart Microservice +- Checkout Microservice +- Login Microservice +- React UI BFF + +Ensure all endpoints, request/response schemas, and domain objects are properly documented. diff --git a/.claude/commands/verification.md b/.claude/commands/verification.md new file mode 100644 index 0000000..4badd26 --- /dev/null +++ b/.claude/commands/verification.md @@ -0,0 +1,45 @@ +Perform quality verification on GitHub issues labeled `ingested`. + +Follow the instructions in `.claude/agents/verification.md` to: + +1. **List all issues** with the `ingested` label + +2. **For each issue**: + - Checkout the implementation branch (`issue-<number>`) + - Start required services: + - Python backend services (`python_services/`) + - Next.js frontend (`nextjs-frontend/`) + - Wait for services to be healthy + +3. **Create test assets** in `parity-tests/verification/`: + - Functional tests based on acceptance criteria + - API endpoint tests + - UI flow tests (if applicable) + - Edge case and error handling tests + +4. **Execute and debug tests**: + - Run pytest with verbose output + - Debug failing tests + - Iterate until tests pass or bugs are confirmed + +5. **If all tests pass (Path A)**: + - Comment on issue with test results + - Update label from `ingested` to `verified` + +6. **If bugs are found (Path B)**: + - Perform root cause analysis + - Document reproduction steps + - Create new bug issues with: + - Labels: `ingested`, `bug` + - Root cause analysis + - Reproduction steps + - Error output + - Suggested fix (if apparent) + - Update original issue as `blocked` + - Reference bug issues in original issue + +7. **Cleanup**: Stop services and return to main branch + +8. **Report** on all processed issues with test results and any bugs found. + +Create labels (`verified`, `bug`, `blocked`) if they don't exist. diff --git a/.claude/settings.local.json b/.claude/settings.local.json new file mode 100644 index 0000000..52ce46b --- /dev/null +++ b/.claude/settings.local.json @@ -0,0 +1,25 @@ +{ + "permissions": { + "allow": [ + "Bash(gh label list:*)", + "Bash(gh label create:*)", + "Bash(gh issue create:*)", + "Bash(gh issue view:*)", + "Bash(git checkout:*)", + "Bash(npm install:*)", + "Bash(npm test:*)", + "Bash(npm run test:coverage:*)", + "Bash(git add:*)", + "Bash(git commit:*)", + "Bash(gh issue edit:*)", + "Bash(gh issue list:*)", + "Bash(mkdir:*)", + "Bash(curl:*)", + "Bash(npm run build:*)", + "Bash(git stash:*)", + "Bash(gh issue comment:*)", + "Bash(pkill:*)", + "Bash(git reset:*)" + ] + } +} diff --git a/.cursor/commands/speckit.analyze.md b/.cursor/commands/speckit.analyze.md new file mode 100644 index 0000000..98b04b0 --- /dev/null +++ b/.cursor/commands/speckit.analyze.md @@ -0,0 +1,184 @@ +--- +description: Perform a non-destructive cross-artifact consistency and quality analysis across spec.md, plan.md, and tasks.md after task generation. +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Goal + +Identify inconsistencies, duplications, ambiguities, and underspecified items across the three core artifacts (`spec.md`, `plan.md`, `tasks.md`) before implementation. This command MUST run only after `/speckit.tasks` has successfully produced a complete `tasks.md`. + +## Operating Constraints + +**STRICTLY READ-ONLY**: Do **not** modify any files. Output a structured analysis report. Offer an optional remediation plan (user must explicitly approve before any follow-up editing commands would be invoked manually). + +**Constitution Authority**: The project constitution (`.specify/memory/constitution.md`) is **non-negotiable** within this analysis scope. Constitution conflicts are automatically CRITICAL and require adjustment of the spec, plan, or tasks—not dilution, reinterpretation, or silent ignoring of the principle. If a principle itself needs to change, that must occur in a separate, explicit constitution update outside `/speckit.analyze`. + +## Execution Steps + +### 1. Initialize Analysis Context + +Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` once from repo root and parse JSON for FEATURE_DIR and AVAILABLE_DOCS. Derive absolute paths: + +- SPEC = FEATURE_DIR/spec.md +- PLAN = FEATURE_DIR/plan.md +- TASKS = FEATURE_DIR/tasks.md + +Abort with an error message if any required file is missing (instruct the user to run missing prerequisite command). +For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +### 2. Load Artifacts (Progressive Disclosure) + +Load only the minimal necessary context from each artifact: + +**From spec.md:** + +- Overview/Context +- Functional Requirements +- Non-Functional Requirements +- User Stories +- Edge Cases (if present) + +**From plan.md:** + +- Architecture/stack choices +- Data Model references +- Phases +- Technical constraints + +**From tasks.md:** + +- Task IDs +- Descriptions +- Phase grouping +- Parallel markers [P] +- Referenced file paths + +**From constitution:** + +- Load `.specify/memory/constitution.md` for principle validation + +### 3. Build Semantic Models + +Create internal representations (do not include raw artifacts in output): + +- **Requirements inventory**: Each functional + non-functional requirement with a stable key (derive slug based on imperative phrase; e.g., "User can upload file" → `user-can-upload-file`) +- **User story/action inventory**: Discrete user actions with acceptance criteria +- **Task coverage mapping**: Map each task to one or more requirements or stories (inference by keyword / explicit reference patterns like IDs or key phrases) +- **Constitution rule set**: Extract principle names and MUST/SHOULD normative statements + +### 4. Detection Passes (Token-Efficient Analysis) + +Focus on high-signal findings. Limit to 50 findings total; aggregate remainder in overflow summary. + +#### A. Duplication Detection + +- Identify near-duplicate requirements +- Mark lower-quality phrasing for consolidation + +#### B. Ambiguity Detection + +- Flag vague adjectives (fast, scalable, secure, intuitive, robust) lacking measurable criteria +- Flag unresolved placeholders (TODO, TKTK, ???, `<placeholder>`, etc.) + +#### C. Underspecification + +- Requirements with verbs but missing object or measurable outcome +- User stories missing acceptance criteria alignment +- Tasks referencing files or components not defined in spec/plan + +#### D. Constitution Alignment + +- Any requirement or plan element conflicting with a MUST principle +- Missing mandated sections or quality gates from constitution + +#### E. Coverage Gaps + +- Requirements with zero associated tasks +- Tasks with no mapped requirement/story +- Non-functional requirements not reflected in tasks (e.g., performance, security) + +#### F. Inconsistency + +- Terminology drift (same concept named differently across files) +- Data entities referenced in plan but absent in spec (or vice versa) +- Task ordering contradictions (e.g., integration tasks before foundational setup tasks without dependency note) +- Conflicting requirements (e.g., one requires Next.js while other specifies Vue) + +### 5. Severity Assignment + +Use this heuristic to prioritize findings: + +- **CRITICAL**: Violates constitution MUST, missing core spec artifact, or requirement with zero coverage that blocks baseline functionality +- **HIGH**: Duplicate or conflicting requirement, ambiguous security/performance attribute, untestable acceptance criterion +- **MEDIUM**: Terminology drift, missing non-functional task coverage, underspecified edge case +- **LOW**: Style/wording improvements, minor redundancy not affecting execution order + +### 6. Produce Compact Analysis Report + +Output a Markdown report (no file writes) with the following structure: + +## Specification Analysis Report + +| ID | Category | Severity | Location(s) | Summary | Recommendation | +|----|----------|----------|-------------|---------|----------------| +| A1 | Duplication | HIGH | spec.md:L120-134 | Two similar requirements ... | Merge phrasing; keep clearer version | + +(Add one row per finding; generate stable IDs prefixed by category initial.) + +**Coverage Summary Table:** + +| Requirement Key | Has Task? | Task IDs | Notes | +|-----------------|-----------|----------|-------| + +**Constitution Alignment Issues:** (if any) + +**Unmapped Tasks:** (if any) + +**Metrics:** + +- Total Requirements +- Total Tasks +- Coverage % (requirements with >=1 task) +- Ambiguity Count +- Duplication Count +- Critical Issues Count + +### 7. Provide Next Actions + +At end of report, output a concise Next Actions block: + +- If CRITICAL issues exist: Recommend resolving before `/speckit.implement` +- If only LOW/MEDIUM: User may proceed, but provide improvement suggestions +- Provide explicit command suggestions: e.g., "Run /speckit.specify with refinement", "Run /speckit.plan to adjust architecture", "Manually edit tasks.md to add coverage for 'performance-metrics'" + +### 8. Offer Remediation + +Ask the user: "Would you like me to suggest concrete remediation edits for the top N issues?" (Do NOT apply them automatically.) + +## Operating Principles + +### Context Efficiency + +- **Minimal high-signal tokens**: Focus on actionable findings, not exhaustive documentation +- **Progressive disclosure**: Load artifacts incrementally; don't dump all content into analysis +- **Token-efficient output**: Limit findings table to 50 rows; summarize overflow +- **Deterministic results**: Rerunning without changes should produce consistent IDs and counts + +### Analysis Guidelines + +- **NEVER modify files** (this is read-only analysis) +- **NEVER hallucinate missing sections** (if absent, report them accurately) +- **Prioritize constitution violations** (these are always CRITICAL) +- **Use examples over exhaustive rules** (cite specific instances, not generic patterns) +- **Report zero issues gracefully** (emit success report with coverage statistics) + +## Context + +$ARGUMENTS diff --git a/.cursor/commands/speckit.checklist.md b/.cursor/commands/speckit.checklist.md new file mode 100644 index 0000000..970e6c9 --- /dev/null +++ b/.cursor/commands/speckit.checklist.md @@ -0,0 +1,294 @@ +--- +description: Generate a custom checklist for the current feature based on user requirements. +--- + +## Checklist Purpose: "Unit Tests for English" + +**CRITICAL CONCEPT**: Checklists are **UNIT TESTS FOR REQUIREMENTS WRITING** - they validate the quality, clarity, and completeness of requirements in a given domain. + +**NOT for verification/testing**: + +- ❌ NOT "Verify the button clicks correctly" +- ❌ NOT "Test error handling works" +- ❌ NOT "Confirm the API returns 200" +- ❌ NOT checking if code/implementation matches the spec + +**FOR requirements quality validation**: + +- ✅ "Are visual hierarchy requirements defined for all card types?" (completeness) +- ✅ "Is 'prominent display' quantified with specific sizing/positioning?" (clarity) +- ✅ "Are hover state requirements consistent across all interactive elements?" (consistency) +- ✅ "Are accessibility requirements defined for keyboard navigation?" (coverage) +- ✅ "Does the spec define what happens when logo image fails to load?" (edge cases) + +**Metaphor**: If your spec is code written in English, the checklist is its unit test suite. You're testing whether the requirements are well-written, complete, unambiguous, and ready for implementation - NOT whether the implementation works. + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Execution Steps + +1. **Setup**: Run `.specify/scripts/bash/check-prerequisites.sh --json` from repo root and parse JSON for FEATURE_DIR and AVAILABLE_DOCS list. + - All file paths must be absolute. + - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. **Clarify intent (dynamic)**: Derive up to THREE initial contextual clarifying questions (no pre-baked catalog). They MUST: + - Be generated from the user's phrasing + extracted signals from spec/plan/tasks + - Only ask about information that materially changes checklist content + - Be skipped individually if already unambiguous in `$ARGUMENTS` + - Prefer precision over breadth + + Generation algorithm: + 1. Extract signals: feature domain keywords (e.g., auth, latency, UX, API), risk indicators ("critical", "must", "compliance"), stakeholder hints ("QA", "review", "security team"), and explicit deliverables ("a11y", "rollback", "contracts"). + 2. Cluster signals into candidate focus areas (max 4) ranked by relevance. + 3. Identify probable audience & timing (author, reviewer, QA, release) if not explicit. + 4. Detect missing dimensions: scope breadth, depth/rigor, risk emphasis, exclusion boundaries, measurable acceptance criteria. + 5. Formulate questions chosen from these archetypes: + - Scope refinement (e.g., "Should this include integration touchpoints with X and Y or stay limited to local module correctness?") + - Risk prioritization (e.g., "Which of these potential risk areas should receive mandatory gating checks?") + - Depth calibration (e.g., "Is this a lightweight pre-commit sanity list or a formal release gate?") + - Audience framing (e.g., "Will this be used by the author only or peers during PR review?") + - Boundary exclusion (e.g., "Should we explicitly exclude performance tuning items this round?") + - Scenario class gap (e.g., "No recovery flows detected—are rollback / partial failure paths in scope?") + + Question formatting rules: + - If presenting options, generate a compact table with columns: Option | Candidate | Why It Matters + - Limit to A–E options maximum; omit table if a free-form answer is clearer + - Never ask the user to restate what they already said + - Avoid speculative categories (no hallucination). If uncertain, ask explicitly: "Confirm whether X belongs in scope." + + Defaults when interaction impossible: + - Depth: Standard + - Audience: Reviewer (PR) if code-related; Author otherwise + - Focus: Top 2 relevance clusters + + Output the questions (label Q1/Q2/Q3). After answers: if ≥2 scenario classes (Alternate / Exception / Recovery / Non-Functional domain) remain unclear, you MAY ask up to TWO more targeted follow‑ups (Q4/Q5) with a one-line justification each (e.g., "Unresolved recovery path risk"). Do not exceed five total questions. Skip escalation if user explicitly declines more. + +3. **Understand user request**: Combine `$ARGUMENTS` + clarifying answers: + - Derive checklist theme (e.g., security, review, deploy, ux) + - Consolidate explicit must-have items mentioned by user + - Map focus selections to category scaffolding + - Infer any missing context from spec/plan/tasks (do NOT hallucinate) + +4. **Load feature context**: Read from FEATURE_DIR: + - spec.md: Feature requirements and scope + - plan.md (if exists): Technical details, dependencies + - tasks.md (if exists): Implementation tasks + + **Context Loading Strategy**: + - Load only necessary portions relevant to active focus areas (avoid full-file dumping) + - Prefer summarizing long sections into concise scenario/requirement bullets + - Use progressive disclosure: add follow-on retrieval only if gaps detected + - If source docs are large, generate interim summary items instead of embedding raw text + +5. **Generate checklist** - Create "Unit Tests for Requirements": + - Create `FEATURE_DIR/checklists/` directory if it doesn't exist + - Generate unique checklist filename: + - Use short, descriptive name based on domain (e.g., `ux.md`, `api.md`, `security.md`) + - Format: `[domain].md` + - If file exists, append to existing file + - Number items sequentially starting from CHK001 + - Each `/speckit.checklist` run creates a NEW file (never overwrites existing checklists) + + **CORE PRINCIPLE - Test the Requirements, Not the Implementation**: + Every checklist item MUST evaluate the REQUIREMENTS THEMSELVES for: + - **Completeness**: Are all necessary requirements present? + - **Clarity**: Are requirements unambiguous and specific? + - **Consistency**: Do requirements align with each other? + - **Measurability**: Can requirements be objectively verified? + - **Coverage**: Are all scenarios/edge cases addressed? + + **Category Structure** - Group items by requirement quality dimensions: + - **Requirement Completeness** (Are all necessary requirements documented?) + - **Requirement Clarity** (Are requirements specific and unambiguous?) + - **Requirement Consistency** (Do requirements align without conflicts?) + - **Acceptance Criteria Quality** (Are success criteria measurable?) + - **Scenario Coverage** (Are all flows/cases addressed?) + - **Edge Case Coverage** (Are boundary conditions defined?) + - **Non-Functional Requirements** (Performance, Security, Accessibility, etc. - are they specified?) + - **Dependencies & Assumptions** (Are they documented and validated?) + - **Ambiguities & Conflicts** (What needs clarification?) + + **HOW TO WRITE CHECKLIST ITEMS - "Unit Tests for English"**: + + ❌ **WRONG** (Testing implementation): + - "Verify landing page displays 3 episode cards" + - "Test hover states work on desktop" + - "Confirm logo click navigates home" + + ✅ **CORRECT** (Testing requirements quality): + - "Are the exact number and layout of featured episodes specified?" [Completeness] + - "Is 'prominent display' quantified with specific sizing/positioning?" [Clarity] + - "Are hover state requirements consistent across all interactive elements?" [Consistency] + - "Are keyboard navigation requirements defined for all interactive UI?" [Coverage] + - "Is the fallback behavior specified when logo image fails to load?" [Edge Cases] + - "Are loading states defined for asynchronous episode data?" [Completeness] + - "Does the spec define visual hierarchy for competing UI elements?" [Clarity] + + **ITEM STRUCTURE**: + Each item should follow this pattern: + - Question format asking about requirement quality + - Focus on what's WRITTEN (or not written) in the spec/plan + - Include quality dimension in brackets [Completeness/Clarity/Consistency/etc.] + - Reference spec section `[Spec §X.Y]` when checking existing requirements + - Use `[Gap]` marker when checking for missing requirements + + **EXAMPLES BY QUALITY DIMENSION**: + + Completeness: + - "Are error handling requirements defined for all API failure modes? [Gap]" + - "Are accessibility requirements specified for all interactive elements? [Completeness]" + - "Are mobile breakpoint requirements defined for responsive layouts? [Gap]" + + Clarity: + - "Is 'fast loading' quantified with specific timing thresholds? [Clarity, Spec §NFR-2]" + - "Are 'related episodes' selection criteria explicitly defined? [Clarity, Spec §FR-5]" + - "Is 'prominent' defined with measurable visual properties? [Ambiguity, Spec §FR-4]" + + Consistency: + - "Do navigation requirements align across all pages? [Consistency, Spec §FR-10]" + - "Are card component requirements consistent between landing and detail pages? [Consistency]" + + Coverage: + - "Are requirements defined for zero-state scenarios (no episodes)? [Coverage, Edge Case]" + - "Are concurrent user interaction scenarios addressed? [Coverage, Gap]" + - "Are requirements specified for partial data loading failures? [Coverage, Exception Flow]" + + Measurability: + - "Are visual hierarchy requirements measurable/testable? [Acceptance Criteria, Spec §FR-1]" + - "Can 'balanced visual weight' be objectively verified? [Measurability, Spec §FR-2]" + + **Scenario Classification & Coverage** (Requirements Quality Focus): + - Check if requirements exist for: Primary, Alternate, Exception/Error, Recovery, Non-Functional scenarios + - For each scenario class, ask: "Are [scenario type] requirements complete, clear, and consistent?" + - If scenario class missing: "Are [scenario type] requirements intentionally excluded or missing? [Gap]" + - Include resilience/rollback when state mutation occurs: "Are rollback requirements defined for migration failures? [Gap]" + + **Traceability Requirements**: + - MINIMUM: ≥80% of items MUST include at least one traceability reference + - Each item should reference: spec section `[Spec §X.Y]`, or use markers: `[Gap]`, `[Ambiguity]`, `[Conflict]`, `[Assumption]` + - If no ID system exists: "Is a requirement & acceptance criteria ID scheme established? [Traceability]" + + **Surface & Resolve Issues** (Requirements Quality Problems): + Ask questions about the requirements themselves: + - Ambiguities: "Is the term 'fast' quantified with specific metrics? [Ambiguity, Spec §NFR-1]" + - Conflicts: "Do navigation requirements conflict between §FR-10 and §FR-10a? [Conflict]" + - Assumptions: "Is the assumption of 'always available podcast API' validated? [Assumption]" + - Dependencies: "Are external podcast API requirements documented? [Dependency, Gap]" + - Missing definitions: "Is 'visual hierarchy' defined with measurable criteria? [Gap]" + + **Content Consolidation**: + - Soft cap: If raw candidate items > 40, prioritize by risk/impact + - Merge near-duplicates checking the same requirement aspect + - If >5 low-impact edge cases, create one item: "Are edge cases X, Y, Z addressed in requirements? [Coverage]" + + **🚫 ABSOLUTELY PROHIBITED** - These make it an implementation test, not a requirements test: + - ❌ Any item starting with "Verify", "Test", "Confirm", "Check" + implementation behavior + - ❌ References to code execution, user actions, system behavior + - ❌ "Displays correctly", "works properly", "functions as expected" + - ❌ "Click", "navigate", "render", "load", "execute" + - ❌ Test cases, test plans, QA procedures + - ❌ Implementation details (frameworks, APIs, algorithms) + + **✅ REQUIRED PATTERNS** - These test requirements quality: + - ✅ "Are [requirement type] defined/specified/documented for [scenario]?" + - ✅ "Is [vague term] quantified/clarified with specific criteria?" + - ✅ "Are requirements consistent between [section A] and [section B]?" + - ✅ "Can [requirement] be objectively measured/verified?" + - ✅ "Are [edge cases/scenarios] addressed in requirements?" + - ✅ "Does the spec define [missing aspect]?" + +6. **Structure Reference**: Generate the checklist following the canonical template in `.specify/templates/checklist-template.md` for title, meta section, category headings, and ID formatting. If template is unavailable, use: H1 title, purpose/created meta lines, `##` category sections containing `- [ ] CHK### <requirement item>` lines with globally incrementing IDs starting at CHK001. + +7. **Report**: Output full path to created checklist, item count, and remind user that each run creates a new file. Summarize: + - Focus areas selected + - Depth level + - Actor/timing + - Any explicit user-specified must-have items incorporated + +**Important**: Each `/speckit.checklist` command invocation creates a checklist file using short, descriptive names unless file already exists. This allows: + +- Multiple checklists of different types (e.g., `ux.md`, `test.md`, `security.md`) +- Simple, memorable filenames that indicate checklist purpose +- Easy identification and navigation in the `checklists/` folder + +To avoid clutter, use descriptive types and clean up obsolete checklists when done. + +## Example Checklist Types & Sample Items + +**UX Requirements Quality:** `ux.md` + +Sample items (testing the requirements, NOT the implementation): + +- "Are visual hierarchy requirements defined with measurable criteria? [Clarity, Spec §FR-1]" +- "Is the number and positioning of UI elements explicitly specified? [Completeness, Spec §FR-1]" +- "Are interaction state requirements (hover, focus, active) consistently defined? [Consistency]" +- "Are accessibility requirements specified for all interactive elements? [Coverage, Gap]" +- "Is fallback behavior defined when images fail to load? [Edge Case, Gap]" +- "Can 'prominent display' be objectively measured? [Measurability, Spec §FR-4]" + +**API Requirements Quality:** `api.md` + +Sample items: + +- "Are error response formats specified for all failure scenarios? [Completeness]" +- "Are rate limiting requirements quantified with specific thresholds? [Clarity]" +- "Are authentication requirements consistent across all endpoints? [Consistency]" +- "Are retry/timeout requirements defined for external dependencies? [Coverage, Gap]" +- "Is versioning strategy documented in requirements? [Gap]" + +**Performance Requirements Quality:** `performance.md` + +Sample items: + +- "Are performance requirements quantified with specific metrics? [Clarity]" +- "Are performance targets defined for all critical user journeys? [Coverage]" +- "Are performance requirements under different load conditions specified? [Completeness]" +- "Can performance requirements be objectively measured? [Measurability]" +- "Are degradation requirements defined for high-load scenarios? [Edge Case, Gap]" + +**Security Requirements Quality:** `security.md` + +Sample items: + +- "Are authentication requirements specified for all protected resources? [Coverage]" +- "Are data protection requirements defined for sensitive information? [Completeness]" +- "Is the threat model documented and requirements aligned to it? [Traceability]" +- "Are security requirements consistent with compliance obligations? [Consistency]" +- "Are security failure/breach response requirements defined? [Gap, Exception Flow]" + +## Anti-Examples: What NOT To Do + +**❌ WRONG - These test implementation, not requirements:** + +```markdown +- [ ] CHK001 - Verify landing page displays 3 episode cards [Spec §FR-001] +- [ ] CHK002 - Test hover states work correctly on desktop [Spec §FR-003] +- [ ] CHK003 - Confirm logo click navigates to home page [Spec §FR-010] +- [ ] CHK004 - Check that related episodes section shows 3-5 items [Spec §FR-005] +``` + +**✅ CORRECT - These test requirements quality:** + +```markdown +- [ ] CHK001 - Are the number and layout of featured episodes explicitly specified? [Completeness, Spec §FR-001] +- [ ] CHK002 - Are hover state requirements consistently defined for all interactive elements? [Consistency, Spec §FR-003] +- [ ] CHK003 - Are navigation requirements clear for all clickable brand elements? [Clarity, Spec §FR-010] +- [ ] CHK004 - Is the selection criteria for related episodes documented? [Gap, Spec §FR-005] +- [ ] CHK005 - Are loading state requirements defined for asynchronous episode data? [Gap] +- [ ] CHK006 - Can "visual hierarchy" requirements be objectively measured? [Measurability, Spec §FR-001] +``` + +**Key Differences:** + +- Wrong: Tests if the system works correctly +- Correct: Tests if the requirements are written correctly +- Wrong: Verification of behavior +- Correct: Validation of requirement quality +- Wrong: "Does it do X?" +- Correct: "Is X clearly specified?" diff --git a/.cursor/commands/speckit.clarify.md b/.cursor/commands/speckit.clarify.md new file mode 100644 index 0000000..6b28dae --- /dev/null +++ b/.cursor/commands/speckit.clarify.md @@ -0,0 +1,181 @@ +--- +description: Identify underspecified areas in the current feature spec by asking up to 5 highly targeted clarification questions and encoding answers back into the spec. +handoffs: + - label: Build Technical Plan + agent: speckit.plan + prompt: Create a plan for the spec. I am building with... +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +Goal: Detect and reduce ambiguity or missing decision points in the active feature specification and record the clarifications directly in the spec file. + +Note: This clarification workflow is expected to run (and be completed) BEFORE invoking `/speckit.plan`. If the user explicitly states they are skipping clarification (e.g., exploratory spike), you may proceed, but must warn that downstream rework risk increases. + +Execution steps: + +1. Run `.specify/scripts/bash/check-prerequisites.sh --json --paths-only` from repo root **once** (combined `--json --paths-only` mode / `-Json -PathsOnly`). Parse minimal JSON payload fields: + - `FEATURE_DIR` + - `FEATURE_SPEC` + - (Optionally capture `IMPL_PLAN`, `TASKS` for future chained flows.) + - If JSON parsing fails, abort and instruct user to re-run `/speckit.specify` or verify feature branch environment. + - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. Load the current spec file. Perform a structured ambiguity & coverage scan using this taxonomy. For each category, mark status: Clear / Partial / Missing. Produce an internal coverage map used for prioritization (do not output raw map unless no questions will be asked). + + Functional Scope & Behavior: + - Core user goals & success criteria + - Explicit out-of-scope declarations + - User roles / personas differentiation + + Domain & Data Model: + - Entities, attributes, relationships + - Identity & uniqueness rules + - Lifecycle/state transitions + - Data volume / scale assumptions + + Interaction & UX Flow: + - Critical user journeys / sequences + - Error/empty/loading states + - Accessibility or localization notes + + Non-Functional Quality Attributes: + - Performance (latency, throughput targets) + - Scalability (horizontal/vertical, limits) + - Reliability & availability (uptime, recovery expectations) + - Observability (logging, metrics, tracing signals) + - Security & privacy (authN/Z, data protection, threat assumptions) + - Compliance / regulatory constraints (if any) + + Integration & External Dependencies: + - External services/APIs and failure modes + - Data import/export formats + - Protocol/versioning assumptions + + Edge Cases & Failure Handling: + - Negative scenarios + - Rate limiting / throttling + - Conflict resolution (e.g., concurrent edits) + + Constraints & Tradeoffs: + - Technical constraints (language, storage, hosting) + - Explicit tradeoffs or rejected alternatives + + Terminology & Consistency: + - Canonical glossary terms + - Avoided synonyms / deprecated terms + + Completion Signals: + - Acceptance criteria testability + - Measurable Definition of Done style indicators + + Misc / Placeholders: + - TODO markers / unresolved decisions + - Ambiguous adjectives ("robust", "intuitive") lacking quantification + + For each category with Partial or Missing status, add a candidate question opportunity unless: + - Clarification would not materially change implementation or validation strategy + - Information is better deferred to planning phase (note internally) + +3. Generate (internally) a prioritized queue of candidate clarification questions (maximum 5). Do NOT output them all at once. Apply these constraints: + - Maximum of 10 total questions across the whole session. + - Each question must be answerable with EITHER: + - A short multiple‑choice selection (2–5 distinct, mutually exclusive options), OR + - A one-word / short‑phrase answer (explicitly constrain: "Answer in <=5 words"). + - Only include questions whose answers materially impact architecture, data modeling, task decomposition, test design, UX behavior, operational readiness, or compliance validation. + - Ensure category coverage balance: attempt to cover the highest impact unresolved categories first; avoid asking two low-impact questions when a single high-impact area (e.g., security posture) is unresolved. + - Exclude questions already answered, trivial stylistic preferences, or plan-level execution details (unless blocking correctness). + - Favor clarifications that reduce downstream rework risk or prevent misaligned acceptance tests. + - If more than 5 categories remain unresolved, select the top 5 by (Impact * Uncertainty) heuristic. + +4. Sequential questioning loop (interactive): + - Present EXACTLY ONE question at a time. + - For multiple‑choice questions: + - **Analyze all options** and determine the **most suitable option** based on: + - Best practices for the project type + - Common patterns in similar implementations + - Risk reduction (security, performance, maintainability) + - Alignment with any explicit project goals or constraints visible in the spec + - Present your **recommended option prominently** at the top with clear reasoning (1-2 sentences explaining why this is the best choice). + - Format as: `**Recommended:** Option [X] - <reasoning>` + - Then render all options as a Markdown table: + + | Option | Description | + |--------|-------------| + | A | <Option A description> | + | B | <Option B description> | + | C | <Option C description> (add D/E as needed up to 5) | + | Short | Provide a different short answer (<=5 words) (Include only if free-form alternative is appropriate) | + + - After the table, add: `You can reply with the option letter (e.g., "A"), accept the recommendation by saying "yes" or "recommended", or provide your own short answer.` + - For short‑answer style (no meaningful discrete options): + - Provide your **suggested answer** based on best practices and context. + - Format as: `**Suggested:** <your proposed answer> - <brief reasoning>` + - Then output: `Format: Short answer (<=5 words). You can accept the suggestion by saying "yes" or "suggested", or provide your own answer.` + - After the user answers: + - If the user replies with "yes", "recommended", or "suggested", use your previously stated recommendation/suggestion as the answer. + - Otherwise, validate the answer maps to one option or fits the <=5 word constraint. + - If ambiguous, ask for a quick disambiguation (count still belongs to same question; do not advance). + - Once satisfactory, record it in working memory (do not yet write to disk) and move to the next queued question. + - Stop asking further questions when: + - All critical ambiguities resolved early (remaining queued items become unnecessary), OR + - User signals completion ("done", "good", "no more"), OR + - You reach 5 asked questions. + - Never reveal future queued questions in advance. + - If no valid questions exist at start, immediately report no critical ambiguities. + +5. Integration after EACH accepted answer (incremental update approach): + - Maintain in-memory representation of the spec (loaded once at start) plus the raw file contents. + - For the first integrated answer in this session: + - Ensure a `## Clarifications` section exists (create it just after the highest-level contextual/overview section per the spec template if missing). + - Under it, create (if not present) a `### Session YYYY-MM-DD` subheading for today. + - Append a bullet line immediately after acceptance: `- Q: <question> → A: <final answer>`. + - Then immediately apply the clarification to the most appropriate section(s): + - Functional ambiguity → Update or add a bullet in Functional Requirements. + - User interaction / actor distinction → Update User Stories or Actors subsection (if present) with clarified role, constraint, or scenario. + - Data shape / entities → Update Data Model (add fields, types, relationships) preserving ordering; note added constraints succinctly. + - Non-functional constraint → Add/modify measurable criteria in Non-Functional / Quality Attributes section (convert vague adjective to metric or explicit target). + - Edge case / negative flow → Add a new bullet under Edge Cases / Error Handling (or create such subsection if template provides placeholder for it). + - Terminology conflict → Normalize term across spec; retain original only if necessary by adding `(formerly referred to as "X")` once. + - If the clarification invalidates an earlier ambiguous statement, replace that statement instead of duplicating; leave no obsolete contradictory text. + - Save the spec file AFTER each integration to minimize risk of context loss (atomic overwrite). + - Preserve formatting: do not reorder unrelated sections; keep heading hierarchy intact. + - Keep each inserted clarification minimal and testable (avoid narrative drift). + +6. Validation (performed after EACH write plus final pass): + - Clarifications session contains exactly one bullet per accepted answer (no duplicates). + - Total asked (accepted) questions ≤ 5. + - Updated sections contain no lingering vague placeholders the new answer was meant to resolve. + - No contradictory earlier statement remains (scan for now-invalid alternative choices removed). + - Markdown structure valid; only allowed new headings: `## Clarifications`, `### Session YYYY-MM-DD`. + - Terminology consistency: same canonical term used across all updated sections. + +7. Write the updated spec back to `FEATURE_SPEC`. + +8. Report completion (after questioning loop ends or early termination): + - Number of questions asked & answered. + - Path to updated spec. + - Sections touched (list names). + - Coverage summary table listing each taxonomy category with Status: Resolved (was Partial/Missing and addressed), Deferred (exceeds question quota or better suited for planning), Clear (already sufficient), Outstanding (still Partial/Missing but low impact). + - If any Outstanding or Deferred remain, recommend whether to proceed to `/speckit.plan` or run `/speckit.clarify` again later post-plan. + - Suggested next command. + +Behavior rules: + +- If no meaningful ambiguities found (or all potential questions would be low-impact), respond: "No critical ambiguities detected worth formal clarification." and suggest proceeding. +- If spec file missing, instruct user to run `/speckit.specify` first (do not create a new spec here). +- Never exceed 5 total asked questions (clarification retries for a single question do not count as new questions). +- Avoid speculative tech stack questions unless the absence blocks functional clarity. +- Respect user early termination signals ("stop", "done", "proceed"). +- If no questions asked due to full coverage, output a compact coverage summary (all categories Clear) then suggest advancing. +- If quota reached with unresolved high-impact categories remaining, explicitly flag them under Deferred with rationale. + +Context for prioritization: $ARGUMENTS diff --git a/.cursor/commands/speckit.constitution.md b/.cursor/commands/speckit.constitution.md new file mode 100644 index 0000000..1830264 --- /dev/null +++ b/.cursor/commands/speckit.constitution.md @@ -0,0 +1,82 @@ +--- +description: Create or update the project constitution from interactive or provided principle inputs, ensuring all dependent templates stay in sync. +handoffs: + - label: Build Specification + agent: speckit.specify + prompt: Implement the feature specification based on the updated constitution. I want to build... +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +You are updating the project constitution at `.specify/memory/constitution.md`. This file is a TEMPLATE containing placeholder tokens in square brackets (e.g. `[PROJECT_NAME]`, `[PRINCIPLE_1_NAME]`). Your job is to (a) collect/derive concrete values, (b) fill the template precisely, and (c) propagate any amendments across dependent artifacts. + +Follow this execution flow: + +1. Load the existing constitution template at `.specify/memory/constitution.md`. + - Identify every placeholder token of the form `[ALL_CAPS_IDENTIFIER]`. + **IMPORTANT**: The user might require less or more principles than the ones used in the template. If a number is specified, respect that - follow the general template. You will update the doc accordingly. + +2. Collect/derive values for placeholders: + - If user input (conversation) supplies a value, use it. + - Otherwise infer from existing repo context (README, docs, prior constitution versions if embedded). + - For governance dates: `RATIFICATION_DATE` is the original adoption date (if unknown ask or mark TODO), `LAST_AMENDED_DATE` is today if changes are made, otherwise keep previous. + - `CONSTITUTION_VERSION` must increment according to semantic versioning rules: + - MAJOR: Backward incompatible governance/principle removals or redefinitions. + - MINOR: New principle/section added or materially expanded guidance. + - PATCH: Clarifications, wording, typo fixes, non-semantic refinements. + - If version bump type ambiguous, propose reasoning before finalizing. + +3. Draft the updated constitution content: + - Replace every placeholder with concrete text (no bracketed tokens left except intentionally retained template slots that the project has chosen not to define yet—explicitly justify any left). + - Preserve heading hierarchy and comments can be removed once replaced unless they still add clarifying guidance. + - Ensure each Principle section: succinct name line, paragraph (or bullet list) capturing non‑negotiable rules, explicit rationale if not obvious. + - Ensure Governance section lists amendment procedure, versioning policy, and compliance review expectations. + +4. Consistency propagation checklist (convert prior checklist into active validations): + - Read `.specify/templates/plan-template.md` and ensure any "Constitution Check" or rules align with updated principles. + - Read `.specify/templates/spec-template.md` for scope/requirements alignment—update if constitution adds/removes mandatory sections or constraints. + - Read `.specify/templates/tasks-template.md` and ensure task categorization reflects new or removed principle-driven task types (e.g., observability, versioning, testing discipline). + - Read each command file in `.specify/templates/commands/*.md` (including this one) to verify no outdated references (agent-specific names like CLAUDE only) remain when generic guidance is required. + - Read any runtime guidance docs (e.g., `README.md`, `docs/quickstart.md`, or agent-specific guidance files if present). Update references to principles changed. + +5. Produce a Sync Impact Report (prepend as an HTML comment at top of the constitution file after update): + - Version change: old → new + - List of modified principles (old title → new title if renamed) + - Added sections + - Removed sections + - Templates requiring updates (✅ updated / ⚠ pending) with file paths + - Follow-up TODOs if any placeholders intentionally deferred. + +6. Validation before final output: + - No remaining unexplained bracket tokens. + - Version line matches report. + - Dates ISO format YYYY-MM-DD. + - Principles are declarative, testable, and free of vague language ("should" → replace with MUST/SHOULD rationale where appropriate). + +7. Write the completed constitution back to `.specify/memory/constitution.md` (overwrite). + +8. Output a final summary to the user with: + - New version and bump rationale. + - Any files flagged for manual follow-up. + - Suggested commit message (e.g., `docs: amend constitution to vX.Y.Z (principle additions + governance update)`). + +Formatting & Style Requirements: + +- Use Markdown headings exactly as in the template (do not demote/promote levels). +- Wrap long rationale lines to keep readability (<100 chars ideally) but do not hard enforce with awkward breaks. +- Keep a single blank line between sections. +- Avoid trailing whitespace. + +If the user supplies partial updates (e.g., only one principle revision), still perform validation and version decision steps. + +If critical info missing (e.g., ratification date truly unknown), insert `TODO(<FIELD_NAME>): explanation` and include in the Sync Impact Report under deferred items. + +Do not create a new template; always operate on the existing `.specify/memory/constitution.md` file. diff --git a/.cursor/commands/speckit.implement.md b/.cursor/commands/speckit.implement.md new file mode 100644 index 0000000..41da7b9 --- /dev/null +++ b/.cursor/commands/speckit.implement.md @@ -0,0 +1,135 @@ +--- +description: Execute the implementation plan by processing and executing all tasks defined in tasks.md +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +1. Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. **Check checklists status** (if FEATURE_DIR/checklists/ exists): + - Scan all checklist files in the checklists/ directory + - For each checklist, count: + - Total items: All lines matching `- [ ]` or `- [X]` or `- [x]` + - Completed items: Lines matching `- [X]` or `- [x]` + - Incomplete items: Lines matching `- [ ]` + - Create a status table: + + ```text + | Checklist | Total | Completed | Incomplete | Status | + |-----------|-------|-----------|------------|--------| + | ux.md | 12 | 12 | 0 | ✓ PASS | + | test.md | 8 | 5 | 3 | ✗ FAIL | + | security.md | 6 | 6 | 0 | ✓ PASS | + ``` + + - Calculate overall status: + - **PASS**: All checklists have 0 incomplete items + - **FAIL**: One or more checklists have incomplete items + + - **If any checklist is incomplete**: + - Display the table with incomplete item counts + - **STOP** and ask: "Some checklists are incomplete. Do you want to proceed with implementation anyway? (yes/no)" + - Wait for user response before continuing + - If user says "no" or "wait" or "stop", halt execution + - If user says "yes" or "proceed" or "continue", proceed to step 3 + + - **If all checklists are complete**: + - Display the table showing all checklists passed + - Automatically proceed to step 3 + +3. Load and analyze the implementation context: + - **REQUIRED**: Read tasks.md for the complete task list and execution plan + - **REQUIRED**: Read plan.md for tech stack, architecture, and file structure + - **IF EXISTS**: Read data-model.md for entities and relationships + - **IF EXISTS**: Read contracts/ for API specifications and test requirements + - **IF EXISTS**: Read research.md for technical decisions and constraints + - **IF EXISTS**: Read quickstart.md for integration scenarios + +4. **Project Setup Verification**: + - **REQUIRED**: Create/verify ignore files based on actual project setup: + + **Detection & Creation Logic**: + - Check if the following command succeeds to determine if the repository is a git repo (create/verify .gitignore if so): + + ```sh + git rev-parse --git-dir 2>/dev/null + ``` + + - Check if Dockerfile* exists or Docker in plan.md → create/verify .dockerignore + - Check if .eslintrc* exists → create/verify .eslintignore + - Check if eslint.config.* exists → ensure the config's `ignores` entries cover required patterns + - Check if .prettierrc* exists → create/verify .prettierignore + - Check if .npmrc or package.json exists → create/verify .npmignore (if publishing) + - Check if terraform files (*.tf) exist → create/verify .terraformignore + - Check if .helmignore needed (helm charts present) → create/verify .helmignore + + **If ignore file already exists**: Verify it contains essential patterns, append missing critical patterns only + **If ignore file missing**: Create with full pattern set for detected technology + + **Common Patterns by Technology** (from plan.md tech stack): + - **Node.js/JavaScript/TypeScript**: `node_modules/`, `dist/`, `build/`, `*.log`, `.env*` + - **Python**: `__pycache__/`, `*.pyc`, `.venv/`, `venv/`, `dist/`, `*.egg-info/` + - **Java**: `target/`, `*.class`, `*.jar`, `.gradle/`, `build/` + - **C#/.NET**: `bin/`, `obj/`, `*.user`, `*.suo`, `packages/` + - **Go**: `*.exe`, `*.test`, `vendor/`, `*.out` + - **Ruby**: `.bundle/`, `log/`, `tmp/`, `*.gem`, `vendor/bundle/` + - **PHP**: `vendor/`, `*.log`, `*.cache`, `*.env` + - **Rust**: `target/`, `debug/`, `release/`, `*.rs.bk`, `*.rlib`, `*.prof*`, `.idea/`, `*.log`, `.env*` + - **Kotlin**: `build/`, `out/`, `.gradle/`, `.idea/`, `*.class`, `*.jar`, `*.iml`, `*.log`, `.env*` + - **C++**: `build/`, `bin/`, `obj/`, `out/`, `*.o`, `*.so`, `*.a`, `*.exe`, `*.dll`, `.idea/`, `*.log`, `.env*` + - **C**: `build/`, `bin/`, `obj/`, `out/`, `*.o`, `*.a`, `*.so`, `*.exe`, `Makefile`, `config.log`, `.idea/`, `*.log`, `.env*` + - **Swift**: `.build/`, `DerivedData/`, `*.swiftpm/`, `Packages/` + - **R**: `.Rproj.user/`, `.Rhistory`, `.RData`, `.Ruserdata`, `*.Rproj`, `packrat/`, `renv/` + - **Universal**: `.DS_Store`, `Thumbs.db`, `*.tmp`, `*.swp`, `.vscode/`, `.idea/` + + **Tool-Specific Patterns**: + - **Docker**: `node_modules/`, `.git/`, `Dockerfile*`, `.dockerignore`, `*.log*`, `.env*`, `coverage/` + - **ESLint**: `node_modules/`, `dist/`, `build/`, `coverage/`, `*.min.js` + - **Prettier**: `node_modules/`, `dist/`, `build/`, `coverage/`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml` + - **Terraform**: `.terraform/`, `*.tfstate*`, `*.tfvars`, `.terraform.lock.hcl` + - **Kubernetes/k8s**: `*.secret.yaml`, `secrets/`, `.kube/`, `kubeconfig*`, `*.key`, `*.crt` + +5. Parse tasks.md structure and extract: + - **Task phases**: Setup, Tests, Core, Integration, Polish + - **Task dependencies**: Sequential vs parallel execution rules + - **Task details**: ID, description, file paths, parallel markers [P] + - **Execution flow**: Order and dependency requirements + +6. Execute implementation following the task plan: + - **Phase-by-phase execution**: Complete each phase before moving to the next + - **Respect dependencies**: Run sequential tasks in order, parallel tasks [P] can run together + - **Follow TDD approach**: Execute test tasks before their corresponding implementation tasks + - **File-based coordination**: Tasks affecting the same files must run sequentially + - **Validation checkpoints**: Verify each phase completion before proceeding + +7. Implementation execution rules: + - **Setup first**: Initialize project structure, dependencies, configuration + - **Tests before code**: If you need to write tests for contracts, entities, and integration scenarios + - **Core development**: Implement models, services, CLI commands, endpoints + - **Integration work**: Database connections, middleware, logging, external services + - **Polish and validation**: Unit tests, performance optimization, documentation + +8. Progress tracking and error handling: + - Report progress after each completed task + - Halt execution if any non-parallel task fails + - For parallel tasks [P], continue with successful tasks, report failed ones + - Provide clear error messages with context for debugging + - Suggest next steps if implementation cannot proceed + - **IMPORTANT** For completed tasks, make sure to mark the task off as [X] in the tasks file. + +9. Completion validation: + - Verify all required tasks are completed + - Check that implemented features match the original specification + - Validate that tests pass and coverage meets requirements + - Confirm the implementation follows the technical plan + - Report final status with summary of completed work + +Note: This command assumes a complete task breakdown exists in tasks.md. If tasks are incomplete or missing, suggest running `/speckit.tasks` first to regenerate the task list. diff --git a/.cursor/commands/speckit.plan.md b/.cursor/commands/speckit.plan.md new file mode 100644 index 0000000..ab3d66b --- /dev/null +++ b/.cursor/commands/speckit.plan.md @@ -0,0 +1,89 @@ +--- +description: Execute the implementation planning workflow using the plan template to generate design artifacts. +handoffs: + - label: Create Tasks + agent: speckit.tasks + prompt: Break the plan into tasks + send: true + - label: Create Checklist + agent: speckit.checklist + prompt: Create a checklist for the following domain... +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +1. **Setup**: Run `.specify/scripts/bash/setup-plan.sh --json` from repo root and parse JSON for FEATURE_SPEC, IMPL_PLAN, SPECS_DIR, BRANCH. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. **Load context**: Read FEATURE_SPEC and `.specify/memory/constitution.md`. Load IMPL_PLAN template (already copied). + +3. **Execute plan workflow**: Follow the structure in IMPL_PLAN template to: + - Fill Technical Context (mark unknowns as "NEEDS CLARIFICATION") + - Fill Constitution Check section from constitution + - Evaluate gates (ERROR if violations unjustified) + - Phase 0: Generate research.md (resolve all NEEDS CLARIFICATION) + - Phase 1: Generate data-model.md, contracts/, quickstart.md + - Phase 1: Update agent context by running the agent script + - Re-evaluate Constitution Check post-design + +4. **Stop and report**: Command ends after Phase 2 planning. Report branch, IMPL_PLAN path, and generated artifacts. + +## Phases + +### Phase 0: Outline & Research + +1. **Extract unknowns from Technical Context** above: + - For each NEEDS CLARIFICATION → research task + - For each dependency → best practices task + - For each integration → patterns task + +2. **Generate and dispatch research agents**: + + ```text + For each unknown in Technical Context: + Task: "Research {unknown} for {feature context}" + For each technology choice: + Task: "Find best practices for {tech} in {domain}" + ``` + +3. **Consolidate findings** in `research.md` using format: + - Decision: [what was chosen] + - Rationale: [why chosen] + - Alternatives considered: [what else evaluated] + +**Output**: research.md with all NEEDS CLARIFICATION resolved + +### Phase 1: Design & Contracts + +**Prerequisites:** `research.md` complete + +1. **Extract entities from feature spec** → `data-model.md`: + - Entity name, fields, relationships + - Validation rules from requirements + - State transitions if applicable + +2. **Generate API contracts** from functional requirements: + - For each user action → endpoint + - Use standard REST/GraphQL patterns + - Output OpenAPI/GraphQL schema to `/contracts/` + +3. **Agent context update**: + - Run `.specify/scripts/bash/update-agent-context.sh cursor-agent` + - These scripts detect which AI agent is in use + - Update the appropriate agent-specific context file + - Add only new technology from current plan + - Preserve manual additions between markers + +**Output**: data-model.md, /contracts/*, quickstart.md, agent-specific file + +## Key rules + +- Use absolute paths +- ERROR on gate failures or unresolved clarifications diff --git a/.cursor/commands/speckit.specify.md b/.cursor/commands/speckit.specify.md new file mode 100644 index 0000000..49abdcb --- /dev/null +++ b/.cursor/commands/speckit.specify.md @@ -0,0 +1,258 @@ +--- +description: Create or update the feature specification from a natural language feature description. +handoffs: + - label: Build Technical Plan + agent: speckit.plan + prompt: Create a plan for the spec. I am building with... + - label: Clarify Spec Requirements + agent: speckit.clarify + prompt: Clarify specification requirements + send: true +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +The text the user typed after `/speckit.specify` in the triggering message **is** the feature description. Assume you always have it available in this conversation even if `$ARGUMENTS` appears literally below. Do not ask the user to repeat it unless they provided an empty command. + +Given that feature description, do this: + +1. **Generate a concise short name** (2-4 words) for the branch: + - Analyze the feature description and extract the most meaningful keywords + - Create a 2-4 word short name that captures the essence of the feature + - Use action-noun format when possible (e.g., "add-user-auth", "fix-payment-bug") + - Preserve technical terms and acronyms (OAuth2, API, JWT, etc.) + - Keep it concise but descriptive enough to understand the feature at a glance + - Examples: + - "I want to add user authentication" → "user-auth" + - "Implement OAuth2 integration for the API" → "oauth2-api-integration" + - "Create a dashboard for analytics" → "analytics-dashboard" + - "Fix payment processing timeout bug" → "fix-payment-timeout" + +2. **Check for existing branches before creating new one**: + + a. First, fetch all remote branches to ensure we have the latest information: + + ```bash + git fetch --all --prune + ``` + + b. Find the highest feature number across all sources for the short-name: + - Remote branches: `git ls-remote --heads origin | grep -E 'refs/heads/[0-9]+-<short-name>$'` + - Local branches: `git branch | grep -E '^[* ]*[0-9]+-<short-name>$'` + - Specs directories: Check for directories matching `specs/[0-9]+-<short-name>` + + c. Determine the next available number: + - Extract all numbers from all three sources + - Find the highest number N + - Use N+1 for the new branch number + + d. Run the script `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS"` with the calculated number and short-name: + - Pass `--number N+1` and `--short-name "your-short-name"` along with the feature description + - Bash example: `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS" --json --number 5 --short-name "user-auth" "Add user authentication"` + - PowerShell example: `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS" -Json -Number 5 -ShortName "user-auth" "Add user authentication"` + + **IMPORTANT**: + - Check all three sources (remote branches, local branches, specs directories) to find the highest number + - Only match branches/directories with the exact short-name pattern + - If no existing branches/directories found with this short-name, start with number 1 + - You must only ever run this script once per feature + - The JSON is provided in the terminal as output - always refer to it to get the actual content you're looking for + - The JSON output will contain BRANCH_NAME and SPEC_FILE paths + - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot") + +3. Load `.specify/templates/spec-template.md` to understand required sections. + +4. Follow this execution flow: + + 1. Parse user description from Input + If empty: ERROR "No feature description provided" + 2. Extract key concepts from description + Identify: actors, actions, data, constraints + 3. For unclear aspects: + - Make informed guesses based on context and industry standards + - Only mark with [NEEDS CLARIFICATION: specific question] if: + - The choice significantly impacts feature scope or user experience + - Multiple reasonable interpretations exist with different implications + - No reasonable default exists + - **LIMIT: Maximum 3 [NEEDS CLARIFICATION] markers total** + - Prioritize clarifications by impact: scope > security/privacy > user experience > technical details + 4. Fill User Scenarios & Testing section + If no clear user flow: ERROR "Cannot determine user scenarios" + 5. Generate Functional Requirements + Each requirement must be testable + Use reasonable defaults for unspecified details (document assumptions in Assumptions section) + 6. Define Success Criteria + Create measurable, technology-agnostic outcomes + Include both quantitative metrics (time, performance, volume) and qualitative measures (user satisfaction, task completion) + Each criterion must be verifiable without implementation details + 7. Identify Key Entities (if data involved) + 8. Return: SUCCESS (spec ready for planning) + +5. Write the specification to SPEC_FILE using the template structure, replacing placeholders with concrete details derived from the feature description (arguments) while preserving section order and headings. + +6. **Specification Quality Validation**: After writing the initial spec, validate it against quality criteria: + + a. **Create Spec Quality Checklist**: Generate a checklist file at `FEATURE_DIR/checklists/requirements.md` using the checklist template structure with these validation items: + + ```markdown + # Specification Quality Checklist: [FEATURE NAME] + + **Purpose**: Validate specification completeness and quality before proceeding to planning + **Created**: [DATE] + **Feature**: [Link to spec.md] + + ## Content Quality + + - [ ] No implementation details (languages, frameworks, APIs) + - [ ] Focused on user value and business needs + - [ ] Written for non-technical stakeholders + - [ ] All mandatory sections completed + + ## Requirement Completeness + + - [ ] No [NEEDS CLARIFICATION] markers remain + - [ ] Requirements are testable and unambiguous + - [ ] Success criteria are measurable + - [ ] Success criteria are technology-agnostic (no implementation details) + - [ ] All acceptance scenarios are defined + - [ ] Edge cases are identified + - [ ] Scope is clearly bounded + - [ ] Dependencies and assumptions identified + + ## Feature Readiness + + - [ ] All functional requirements have clear acceptance criteria + - [ ] User scenarios cover primary flows + - [ ] Feature meets measurable outcomes defined in Success Criteria + - [ ] No implementation details leak into specification + + ## Notes + + - Items marked incomplete require spec updates before `/speckit.clarify` or `/speckit.plan` + ``` + + b. **Run Validation Check**: Review the spec against each checklist item: + - For each item, determine if it passes or fails + - Document specific issues found (quote relevant spec sections) + + c. **Handle Validation Results**: + + - **If all items pass**: Mark checklist complete and proceed to step 6 + + - **If items fail (excluding [NEEDS CLARIFICATION])**: + 1. List the failing items and specific issues + 2. Update the spec to address each issue + 3. Re-run validation until all items pass (max 3 iterations) + 4. If still failing after 3 iterations, document remaining issues in checklist notes and warn user + + - **If [NEEDS CLARIFICATION] markers remain**: + 1. Extract all [NEEDS CLARIFICATION: ...] markers from the spec + 2. **LIMIT CHECK**: If more than 3 markers exist, keep only the 3 most critical (by scope/security/UX impact) and make informed guesses for the rest + 3. For each clarification needed (max 3), present options to user in this format: + + ```markdown + ## Question [N]: [Topic] + + **Context**: [Quote relevant spec section] + + **What we need to know**: [Specific question from NEEDS CLARIFICATION marker] + + **Suggested Answers**: + + | Option | Answer | Implications | + |--------|--------|--------------| + | A | [First suggested answer] | [What this means for the feature] | + | B | [Second suggested answer] | [What this means for the feature] | + | C | [Third suggested answer] | [What this means for the feature] | + | Custom | Provide your own answer | [Explain how to provide custom input] | + + **Your choice**: _[Wait for user response]_ + ``` + + 4. **CRITICAL - Table Formatting**: Ensure markdown tables are properly formatted: + - Use consistent spacing with pipes aligned + - Each cell should have spaces around content: `| Content |` not `|Content|` + - Header separator must have at least 3 dashes: `|--------|` + - Test that the table renders correctly in markdown preview + 5. Number questions sequentially (Q1, Q2, Q3 - max 3 total) + 6. Present all questions together before waiting for responses + 7. Wait for user to respond with their choices for all questions (e.g., "Q1: A, Q2: Custom - [details], Q3: B") + 8. Update the spec by replacing each [NEEDS CLARIFICATION] marker with the user's selected or provided answer + 9. Re-run validation after all clarifications are resolved + + d. **Update Checklist**: After each validation iteration, update the checklist file with current pass/fail status + +7. Report completion with branch name, spec file path, checklist results, and readiness for the next phase (`/speckit.clarify` or `/speckit.plan`). + +**NOTE:** The script creates and checks out the new branch and initializes the spec file before writing. + +## General Guidelines + +## Quick Guidelines + +- Focus on **WHAT** users need and **WHY**. +- Avoid HOW to implement (no tech stack, APIs, code structure). +- Written for business stakeholders, not developers. +- DO NOT create any checklists that are embedded in the spec. That will be a separate command. + +### Section Requirements + +- **Mandatory sections**: Must be completed for every feature +- **Optional sections**: Include only when relevant to the feature +- When a section doesn't apply, remove it entirely (don't leave as "N/A") + +### For AI Generation + +When creating this spec from a user prompt: + +1. **Make informed guesses**: Use context, industry standards, and common patterns to fill gaps +2. **Document assumptions**: Record reasonable defaults in the Assumptions section +3. **Limit clarifications**: Maximum 3 [NEEDS CLARIFICATION] markers - use only for critical decisions that: + - Significantly impact feature scope or user experience + - Have multiple reasonable interpretations with different implications + - Lack any reasonable default +4. **Prioritize clarifications**: scope > security/privacy > user experience > technical details +5. **Think like a tester**: Every vague requirement should fail the "testable and unambiguous" checklist item +6. **Common areas needing clarification** (only if no reasonable default exists): + - Feature scope and boundaries (include/exclude specific use cases) + - User types and permissions (if multiple conflicting interpretations possible) + - Security/compliance requirements (when legally/financially significant) + +**Examples of reasonable defaults** (don't ask about these): + +- Data retention: Industry-standard practices for the domain +- Performance targets: Standard web/mobile app expectations unless specified +- Error handling: User-friendly messages with appropriate fallbacks +- Authentication method: Standard session-based or OAuth2 for web apps +- Integration patterns: RESTful APIs unless specified otherwise + +### Success Criteria Guidelines + +Success criteria must be: + +1. **Measurable**: Include specific metrics (time, percentage, count, rate) +2. **Technology-agnostic**: No mention of frameworks, languages, databases, or tools +3. **User-focused**: Describe outcomes from user/business perspective, not system internals +4. **Verifiable**: Can be tested/validated without knowing implementation details + +**Good examples**: + +- "Users can complete checkout in under 3 minutes" +- "System supports 10,000 concurrent users" +- "95% of searches return results in under 1 second" +- "Task completion rate improves by 40%" + +**Bad examples** (implementation-focused): + +- "API response time is under 200ms" (too technical, use "Users see results instantly") +- "Database can handle 1000 TPS" (implementation detail, use user-facing metric) +- "React components render efficiently" (framework-specific) +- "Redis cache hit rate above 80%" (technology-specific) diff --git a/.cursor/commands/speckit.tasks.md b/.cursor/commands/speckit.tasks.md new file mode 100644 index 0000000..f64e86e --- /dev/null +++ b/.cursor/commands/speckit.tasks.md @@ -0,0 +1,137 @@ +--- +description: Generate an actionable, dependency-ordered tasks.md for the feature based on available design artifacts. +handoffs: + - label: Analyze For Consistency + agent: speckit.analyze + prompt: Run a project analysis for consistency + send: true + - label: Implement Project + agent: speckit.implement + prompt: Start the implementation in phases + send: true +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +1. **Setup**: Run `.specify/scripts/bash/check-prerequisites.sh --json` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. **Load design documents**: Read from FEATURE_DIR: + - **Required**: plan.md (tech stack, libraries, structure), spec.md (user stories with priorities) + - **Optional**: data-model.md (entities), contracts/ (API endpoints), research.md (decisions), quickstart.md (test scenarios) + - Note: Not all projects have all documents. Generate tasks based on what's available. + +3. **Execute task generation workflow**: + - Load plan.md and extract tech stack, libraries, project structure + - Load spec.md and extract user stories with their priorities (P1, P2, P3, etc.) + - If data-model.md exists: Extract entities and map to user stories + - If contracts/ exists: Map endpoints to user stories + - If research.md exists: Extract decisions for setup tasks + - Generate tasks organized by user story (see Task Generation Rules below) + - Generate dependency graph showing user story completion order + - Create parallel execution examples per user story + - Validate task completeness (each user story has all needed tasks, independently testable) + +4. **Generate tasks.md**: Use `.specify/templates/tasks-template.md` as structure, fill with: + - Correct feature name from plan.md + - Phase 1: Setup tasks (project initialization) + - Phase 2: Foundational tasks (blocking prerequisites for all user stories) + - Phase 3+: One phase per user story (in priority order from spec.md) + - Each phase includes: story goal, independent test criteria, tests (if requested), implementation tasks + - Final Phase: Polish & cross-cutting concerns + - All tasks must follow the strict checklist format (see Task Generation Rules below) + - Clear file paths for each task + - Dependencies section showing story completion order + - Parallel execution examples per story + - Implementation strategy section (MVP first, incremental delivery) + +5. **Report**: Output path to generated tasks.md and summary: + - Total task count + - Task count per user story + - Parallel opportunities identified + - Independent test criteria for each story + - Suggested MVP scope (typically just User Story 1) + - Format validation: Confirm ALL tasks follow the checklist format (checkbox, ID, labels, file paths) + +Context for task generation: $ARGUMENTS + +The tasks.md should be immediately executable - each task must be specific enough that an LLM can complete it without additional context. + +## Task Generation Rules + +**CRITICAL**: Tasks MUST be organized by user story to enable independent implementation and testing. + +**Tests are OPTIONAL**: Only generate test tasks if explicitly requested in the feature specification or if user requests TDD approach. + +### Checklist Format (REQUIRED) + +Every task MUST strictly follow this format: + +```text +- [ ] [TaskID] [P?] [Story?] Description with file path +``` + +**Format Components**: + +1. **Checkbox**: ALWAYS start with `- [ ]` (markdown checkbox) +2. **Task ID**: Sequential number (T001, T002, T003...) in execution order +3. **[P] marker**: Include ONLY if task is parallelizable (different files, no dependencies on incomplete tasks) +4. **[Story] label**: REQUIRED for user story phase tasks only + - Format: [US1], [US2], [US3], etc. (maps to user stories from spec.md) + - Setup phase: NO story label + - Foundational phase: NO story label + - User Story phases: MUST have story label + - Polish phase: NO story label +5. **Description**: Clear action with exact file path + +**Examples**: + +- ✅ CORRECT: `- [ ] T001 Create project structure per implementation plan` +- ✅ CORRECT: `- [ ] T005 [P] Implement authentication middleware in src/middleware/auth.py` +- ✅ CORRECT: `- [ ] T012 [P] [US1] Create User model in src/models/user.py` +- ✅ CORRECT: `- [ ] T014 [US1] Implement UserService in src/services/user_service.py` +- ❌ WRONG: `- [ ] Create User model` (missing ID and Story label) +- ❌ WRONG: `T001 [US1] Create model` (missing checkbox) +- ❌ WRONG: `- [ ] [US1] Create User model` (missing Task ID) +- ❌ WRONG: `- [ ] T001 [US1] Create model` (missing file path) + +### Task Organization + +1. **From User Stories (spec.md)** - PRIMARY ORGANIZATION: + - Each user story (P1, P2, P3...) gets its own phase + - Map all related components to their story: + - Models needed for that story + - Services needed for that story + - Endpoints/UI needed for that story + - If tests requested: Tests specific to that story + - Mark story dependencies (most stories should be independent) + +2. **From Contracts**: + - Map each contract/endpoint → to the user story it serves + - If tests requested: Each contract → contract test task [P] before implementation in that story's phase + +3. **From Data Model**: + - Map each entity to the user story(ies) that need it + - If entity serves multiple stories: Put in earliest story or Setup phase + - Relationships → service layer tasks in appropriate story phase + +4. **From Setup/Infrastructure**: + - Shared infrastructure → Setup phase (Phase 1) + - Foundational/blocking tasks → Foundational phase (Phase 2) + - Story-specific setup → within that story's phase + +### Phase Structure + +- **Phase 1**: Setup (project initialization) +- **Phase 2**: Foundational (blocking prerequisites - MUST complete before user stories) +- **Phase 3+**: User Stories in priority order (P1, P2, P3...) + - Within each story: Tests (if requested) → Models → Services → Endpoints → Integration + - Each phase should be a complete, independently testable increment +- **Final Phase**: Polish & Cross-Cutting Concerns diff --git a/.cursor/commands/speckit.taskstoissues.md b/.cursor/commands/speckit.taskstoissues.md new file mode 100644 index 0000000..0799191 --- /dev/null +++ b/.cursor/commands/speckit.taskstoissues.md @@ -0,0 +1,30 @@ +--- +description: Convert existing tasks into actionable, dependency-ordered GitHub issues for the feature based on available design artifacts. +tools: ['github/github-mcp-server/issue_write'] +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +1. Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). +1. From the executed script, extract the path to **tasks**. +1. Get the Git remote by running: + +```bash +git config --get remote.origin.url +``` + +> [!CAUTION] +> ONLY PROCEED TO NEXT STEPS IF THE REMOTE IS A GITHUB URL + +1. For each task in the list, use the GitHub MCP server to create a new issue in the repository that is representative of the Git remote. + +> [!CAUTION] +> UNDER NO CIRCUMSTANCES EVER CREATE ISSUES IN REPOSITORIES THAT DO NOT MATCH THE REMOTE URL diff --git a/.github/agents/speckit.analyze.agent.md b/.github/agents/speckit.analyze.agent.md new file mode 100644 index 0000000..98b04b0 --- /dev/null +++ b/.github/agents/speckit.analyze.agent.md @@ -0,0 +1,184 @@ +--- +description: Perform a non-destructive cross-artifact consistency and quality analysis across spec.md, plan.md, and tasks.md after task generation. +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Goal + +Identify inconsistencies, duplications, ambiguities, and underspecified items across the three core artifacts (`spec.md`, `plan.md`, `tasks.md`) before implementation. This command MUST run only after `/speckit.tasks` has successfully produced a complete `tasks.md`. + +## Operating Constraints + +**STRICTLY READ-ONLY**: Do **not** modify any files. Output a structured analysis report. Offer an optional remediation plan (user must explicitly approve before any follow-up editing commands would be invoked manually). + +**Constitution Authority**: The project constitution (`.specify/memory/constitution.md`) is **non-negotiable** within this analysis scope. Constitution conflicts are automatically CRITICAL and require adjustment of the spec, plan, or tasks—not dilution, reinterpretation, or silent ignoring of the principle. If a principle itself needs to change, that must occur in a separate, explicit constitution update outside `/speckit.analyze`. + +## Execution Steps + +### 1. Initialize Analysis Context + +Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` once from repo root and parse JSON for FEATURE_DIR and AVAILABLE_DOCS. Derive absolute paths: + +- SPEC = FEATURE_DIR/spec.md +- PLAN = FEATURE_DIR/plan.md +- TASKS = FEATURE_DIR/tasks.md + +Abort with an error message if any required file is missing (instruct the user to run missing prerequisite command). +For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +### 2. Load Artifacts (Progressive Disclosure) + +Load only the minimal necessary context from each artifact: + +**From spec.md:** + +- Overview/Context +- Functional Requirements +- Non-Functional Requirements +- User Stories +- Edge Cases (if present) + +**From plan.md:** + +- Architecture/stack choices +- Data Model references +- Phases +- Technical constraints + +**From tasks.md:** + +- Task IDs +- Descriptions +- Phase grouping +- Parallel markers [P] +- Referenced file paths + +**From constitution:** + +- Load `.specify/memory/constitution.md` for principle validation + +### 3. Build Semantic Models + +Create internal representations (do not include raw artifacts in output): + +- **Requirements inventory**: Each functional + non-functional requirement with a stable key (derive slug based on imperative phrase; e.g., "User can upload file" → `user-can-upload-file`) +- **User story/action inventory**: Discrete user actions with acceptance criteria +- **Task coverage mapping**: Map each task to one or more requirements or stories (inference by keyword / explicit reference patterns like IDs or key phrases) +- **Constitution rule set**: Extract principle names and MUST/SHOULD normative statements + +### 4. Detection Passes (Token-Efficient Analysis) + +Focus on high-signal findings. Limit to 50 findings total; aggregate remainder in overflow summary. + +#### A. Duplication Detection + +- Identify near-duplicate requirements +- Mark lower-quality phrasing for consolidation + +#### B. Ambiguity Detection + +- Flag vague adjectives (fast, scalable, secure, intuitive, robust) lacking measurable criteria +- Flag unresolved placeholders (TODO, TKTK, ???, `<placeholder>`, etc.) + +#### C. Underspecification + +- Requirements with verbs but missing object or measurable outcome +- User stories missing acceptance criteria alignment +- Tasks referencing files or components not defined in spec/plan + +#### D. Constitution Alignment + +- Any requirement or plan element conflicting with a MUST principle +- Missing mandated sections or quality gates from constitution + +#### E. Coverage Gaps + +- Requirements with zero associated tasks +- Tasks with no mapped requirement/story +- Non-functional requirements not reflected in tasks (e.g., performance, security) + +#### F. Inconsistency + +- Terminology drift (same concept named differently across files) +- Data entities referenced in plan but absent in spec (or vice versa) +- Task ordering contradictions (e.g., integration tasks before foundational setup tasks without dependency note) +- Conflicting requirements (e.g., one requires Next.js while other specifies Vue) + +### 5. Severity Assignment + +Use this heuristic to prioritize findings: + +- **CRITICAL**: Violates constitution MUST, missing core spec artifact, or requirement with zero coverage that blocks baseline functionality +- **HIGH**: Duplicate or conflicting requirement, ambiguous security/performance attribute, untestable acceptance criterion +- **MEDIUM**: Terminology drift, missing non-functional task coverage, underspecified edge case +- **LOW**: Style/wording improvements, minor redundancy not affecting execution order + +### 6. Produce Compact Analysis Report + +Output a Markdown report (no file writes) with the following structure: + +## Specification Analysis Report + +| ID | Category | Severity | Location(s) | Summary | Recommendation | +|----|----------|----------|-------------|---------|----------------| +| A1 | Duplication | HIGH | spec.md:L120-134 | Two similar requirements ... | Merge phrasing; keep clearer version | + +(Add one row per finding; generate stable IDs prefixed by category initial.) + +**Coverage Summary Table:** + +| Requirement Key | Has Task? | Task IDs | Notes | +|-----------------|-----------|----------|-------| + +**Constitution Alignment Issues:** (if any) + +**Unmapped Tasks:** (if any) + +**Metrics:** + +- Total Requirements +- Total Tasks +- Coverage % (requirements with >=1 task) +- Ambiguity Count +- Duplication Count +- Critical Issues Count + +### 7. Provide Next Actions + +At end of report, output a concise Next Actions block: + +- If CRITICAL issues exist: Recommend resolving before `/speckit.implement` +- If only LOW/MEDIUM: User may proceed, but provide improvement suggestions +- Provide explicit command suggestions: e.g., "Run /speckit.specify with refinement", "Run /speckit.plan to adjust architecture", "Manually edit tasks.md to add coverage for 'performance-metrics'" + +### 8. Offer Remediation + +Ask the user: "Would you like me to suggest concrete remediation edits for the top N issues?" (Do NOT apply them automatically.) + +## Operating Principles + +### Context Efficiency + +- **Minimal high-signal tokens**: Focus on actionable findings, not exhaustive documentation +- **Progressive disclosure**: Load artifacts incrementally; don't dump all content into analysis +- **Token-efficient output**: Limit findings table to 50 rows; summarize overflow +- **Deterministic results**: Rerunning without changes should produce consistent IDs and counts + +### Analysis Guidelines + +- **NEVER modify files** (this is read-only analysis) +- **NEVER hallucinate missing sections** (if absent, report them accurately) +- **Prioritize constitution violations** (these are always CRITICAL) +- **Use examples over exhaustive rules** (cite specific instances, not generic patterns) +- **Report zero issues gracefully** (emit success report with coverage statistics) + +## Context + +$ARGUMENTS diff --git a/.github/agents/speckit.checklist.agent.md b/.github/agents/speckit.checklist.agent.md new file mode 100644 index 0000000..970e6c9 --- /dev/null +++ b/.github/agents/speckit.checklist.agent.md @@ -0,0 +1,294 @@ +--- +description: Generate a custom checklist for the current feature based on user requirements. +--- + +## Checklist Purpose: "Unit Tests for English" + +**CRITICAL CONCEPT**: Checklists are **UNIT TESTS FOR REQUIREMENTS WRITING** - they validate the quality, clarity, and completeness of requirements in a given domain. + +**NOT for verification/testing**: + +- ❌ NOT "Verify the button clicks correctly" +- ❌ NOT "Test error handling works" +- ❌ NOT "Confirm the API returns 200" +- ❌ NOT checking if code/implementation matches the spec + +**FOR requirements quality validation**: + +- ✅ "Are visual hierarchy requirements defined for all card types?" (completeness) +- ✅ "Is 'prominent display' quantified with specific sizing/positioning?" (clarity) +- ✅ "Are hover state requirements consistent across all interactive elements?" (consistency) +- ✅ "Are accessibility requirements defined for keyboard navigation?" (coverage) +- ✅ "Does the spec define what happens when logo image fails to load?" (edge cases) + +**Metaphor**: If your spec is code written in English, the checklist is its unit test suite. You're testing whether the requirements are well-written, complete, unambiguous, and ready for implementation - NOT whether the implementation works. + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Execution Steps + +1. **Setup**: Run `.specify/scripts/bash/check-prerequisites.sh --json` from repo root and parse JSON for FEATURE_DIR and AVAILABLE_DOCS list. + - All file paths must be absolute. + - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. **Clarify intent (dynamic)**: Derive up to THREE initial contextual clarifying questions (no pre-baked catalog). They MUST: + - Be generated from the user's phrasing + extracted signals from spec/plan/tasks + - Only ask about information that materially changes checklist content + - Be skipped individually if already unambiguous in `$ARGUMENTS` + - Prefer precision over breadth + + Generation algorithm: + 1. Extract signals: feature domain keywords (e.g., auth, latency, UX, API), risk indicators ("critical", "must", "compliance"), stakeholder hints ("QA", "review", "security team"), and explicit deliverables ("a11y", "rollback", "contracts"). + 2. Cluster signals into candidate focus areas (max 4) ranked by relevance. + 3. Identify probable audience & timing (author, reviewer, QA, release) if not explicit. + 4. Detect missing dimensions: scope breadth, depth/rigor, risk emphasis, exclusion boundaries, measurable acceptance criteria. + 5. Formulate questions chosen from these archetypes: + - Scope refinement (e.g., "Should this include integration touchpoints with X and Y or stay limited to local module correctness?") + - Risk prioritization (e.g., "Which of these potential risk areas should receive mandatory gating checks?") + - Depth calibration (e.g., "Is this a lightweight pre-commit sanity list or a formal release gate?") + - Audience framing (e.g., "Will this be used by the author only or peers during PR review?") + - Boundary exclusion (e.g., "Should we explicitly exclude performance tuning items this round?") + - Scenario class gap (e.g., "No recovery flows detected—are rollback / partial failure paths in scope?") + + Question formatting rules: + - If presenting options, generate a compact table with columns: Option | Candidate | Why It Matters + - Limit to A–E options maximum; omit table if a free-form answer is clearer + - Never ask the user to restate what they already said + - Avoid speculative categories (no hallucination). If uncertain, ask explicitly: "Confirm whether X belongs in scope." + + Defaults when interaction impossible: + - Depth: Standard + - Audience: Reviewer (PR) if code-related; Author otherwise + - Focus: Top 2 relevance clusters + + Output the questions (label Q1/Q2/Q3). After answers: if ≥2 scenario classes (Alternate / Exception / Recovery / Non-Functional domain) remain unclear, you MAY ask up to TWO more targeted follow‑ups (Q4/Q5) with a one-line justification each (e.g., "Unresolved recovery path risk"). Do not exceed five total questions. Skip escalation if user explicitly declines more. + +3. **Understand user request**: Combine `$ARGUMENTS` + clarifying answers: + - Derive checklist theme (e.g., security, review, deploy, ux) + - Consolidate explicit must-have items mentioned by user + - Map focus selections to category scaffolding + - Infer any missing context from spec/plan/tasks (do NOT hallucinate) + +4. **Load feature context**: Read from FEATURE_DIR: + - spec.md: Feature requirements and scope + - plan.md (if exists): Technical details, dependencies + - tasks.md (if exists): Implementation tasks + + **Context Loading Strategy**: + - Load only necessary portions relevant to active focus areas (avoid full-file dumping) + - Prefer summarizing long sections into concise scenario/requirement bullets + - Use progressive disclosure: add follow-on retrieval only if gaps detected + - If source docs are large, generate interim summary items instead of embedding raw text + +5. **Generate checklist** - Create "Unit Tests for Requirements": + - Create `FEATURE_DIR/checklists/` directory if it doesn't exist + - Generate unique checklist filename: + - Use short, descriptive name based on domain (e.g., `ux.md`, `api.md`, `security.md`) + - Format: `[domain].md` + - If file exists, append to existing file + - Number items sequentially starting from CHK001 + - Each `/speckit.checklist` run creates a NEW file (never overwrites existing checklists) + + **CORE PRINCIPLE - Test the Requirements, Not the Implementation**: + Every checklist item MUST evaluate the REQUIREMENTS THEMSELVES for: + - **Completeness**: Are all necessary requirements present? + - **Clarity**: Are requirements unambiguous and specific? + - **Consistency**: Do requirements align with each other? + - **Measurability**: Can requirements be objectively verified? + - **Coverage**: Are all scenarios/edge cases addressed? + + **Category Structure** - Group items by requirement quality dimensions: + - **Requirement Completeness** (Are all necessary requirements documented?) + - **Requirement Clarity** (Are requirements specific and unambiguous?) + - **Requirement Consistency** (Do requirements align without conflicts?) + - **Acceptance Criteria Quality** (Are success criteria measurable?) + - **Scenario Coverage** (Are all flows/cases addressed?) + - **Edge Case Coverage** (Are boundary conditions defined?) + - **Non-Functional Requirements** (Performance, Security, Accessibility, etc. - are they specified?) + - **Dependencies & Assumptions** (Are they documented and validated?) + - **Ambiguities & Conflicts** (What needs clarification?) + + **HOW TO WRITE CHECKLIST ITEMS - "Unit Tests for English"**: + + ❌ **WRONG** (Testing implementation): + - "Verify landing page displays 3 episode cards" + - "Test hover states work on desktop" + - "Confirm logo click navigates home" + + ✅ **CORRECT** (Testing requirements quality): + - "Are the exact number and layout of featured episodes specified?" [Completeness] + - "Is 'prominent display' quantified with specific sizing/positioning?" [Clarity] + - "Are hover state requirements consistent across all interactive elements?" [Consistency] + - "Are keyboard navigation requirements defined for all interactive UI?" [Coverage] + - "Is the fallback behavior specified when logo image fails to load?" [Edge Cases] + - "Are loading states defined for asynchronous episode data?" [Completeness] + - "Does the spec define visual hierarchy for competing UI elements?" [Clarity] + + **ITEM STRUCTURE**: + Each item should follow this pattern: + - Question format asking about requirement quality + - Focus on what's WRITTEN (or not written) in the spec/plan + - Include quality dimension in brackets [Completeness/Clarity/Consistency/etc.] + - Reference spec section `[Spec §X.Y]` when checking existing requirements + - Use `[Gap]` marker when checking for missing requirements + + **EXAMPLES BY QUALITY DIMENSION**: + + Completeness: + - "Are error handling requirements defined for all API failure modes? [Gap]" + - "Are accessibility requirements specified for all interactive elements? [Completeness]" + - "Are mobile breakpoint requirements defined for responsive layouts? [Gap]" + + Clarity: + - "Is 'fast loading' quantified with specific timing thresholds? [Clarity, Spec §NFR-2]" + - "Are 'related episodes' selection criteria explicitly defined? [Clarity, Spec §FR-5]" + - "Is 'prominent' defined with measurable visual properties? [Ambiguity, Spec §FR-4]" + + Consistency: + - "Do navigation requirements align across all pages? [Consistency, Spec §FR-10]" + - "Are card component requirements consistent between landing and detail pages? [Consistency]" + + Coverage: + - "Are requirements defined for zero-state scenarios (no episodes)? [Coverage, Edge Case]" + - "Are concurrent user interaction scenarios addressed? [Coverage, Gap]" + - "Are requirements specified for partial data loading failures? [Coverage, Exception Flow]" + + Measurability: + - "Are visual hierarchy requirements measurable/testable? [Acceptance Criteria, Spec §FR-1]" + - "Can 'balanced visual weight' be objectively verified? [Measurability, Spec §FR-2]" + + **Scenario Classification & Coverage** (Requirements Quality Focus): + - Check if requirements exist for: Primary, Alternate, Exception/Error, Recovery, Non-Functional scenarios + - For each scenario class, ask: "Are [scenario type] requirements complete, clear, and consistent?" + - If scenario class missing: "Are [scenario type] requirements intentionally excluded or missing? [Gap]" + - Include resilience/rollback when state mutation occurs: "Are rollback requirements defined for migration failures? [Gap]" + + **Traceability Requirements**: + - MINIMUM: ≥80% of items MUST include at least one traceability reference + - Each item should reference: spec section `[Spec §X.Y]`, or use markers: `[Gap]`, `[Ambiguity]`, `[Conflict]`, `[Assumption]` + - If no ID system exists: "Is a requirement & acceptance criteria ID scheme established? [Traceability]" + + **Surface & Resolve Issues** (Requirements Quality Problems): + Ask questions about the requirements themselves: + - Ambiguities: "Is the term 'fast' quantified with specific metrics? [Ambiguity, Spec §NFR-1]" + - Conflicts: "Do navigation requirements conflict between §FR-10 and §FR-10a? [Conflict]" + - Assumptions: "Is the assumption of 'always available podcast API' validated? [Assumption]" + - Dependencies: "Are external podcast API requirements documented? [Dependency, Gap]" + - Missing definitions: "Is 'visual hierarchy' defined with measurable criteria? [Gap]" + + **Content Consolidation**: + - Soft cap: If raw candidate items > 40, prioritize by risk/impact + - Merge near-duplicates checking the same requirement aspect + - If >5 low-impact edge cases, create one item: "Are edge cases X, Y, Z addressed in requirements? [Coverage]" + + **🚫 ABSOLUTELY PROHIBITED** - These make it an implementation test, not a requirements test: + - ❌ Any item starting with "Verify", "Test", "Confirm", "Check" + implementation behavior + - ❌ References to code execution, user actions, system behavior + - ❌ "Displays correctly", "works properly", "functions as expected" + - ❌ "Click", "navigate", "render", "load", "execute" + - ❌ Test cases, test plans, QA procedures + - ❌ Implementation details (frameworks, APIs, algorithms) + + **✅ REQUIRED PATTERNS** - These test requirements quality: + - ✅ "Are [requirement type] defined/specified/documented for [scenario]?" + - ✅ "Is [vague term] quantified/clarified with specific criteria?" + - ✅ "Are requirements consistent between [section A] and [section B]?" + - ✅ "Can [requirement] be objectively measured/verified?" + - ✅ "Are [edge cases/scenarios] addressed in requirements?" + - ✅ "Does the spec define [missing aspect]?" + +6. **Structure Reference**: Generate the checklist following the canonical template in `.specify/templates/checklist-template.md` for title, meta section, category headings, and ID formatting. If template is unavailable, use: H1 title, purpose/created meta lines, `##` category sections containing `- [ ] CHK### <requirement item>` lines with globally incrementing IDs starting at CHK001. + +7. **Report**: Output full path to created checklist, item count, and remind user that each run creates a new file. Summarize: + - Focus areas selected + - Depth level + - Actor/timing + - Any explicit user-specified must-have items incorporated + +**Important**: Each `/speckit.checklist` command invocation creates a checklist file using short, descriptive names unless file already exists. This allows: + +- Multiple checklists of different types (e.g., `ux.md`, `test.md`, `security.md`) +- Simple, memorable filenames that indicate checklist purpose +- Easy identification and navigation in the `checklists/` folder + +To avoid clutter, use descriptive types and clean up obsolete checklists when done. + +## Example Checklist Types & Sample Items + +**UX Requirements Quality:** `ux.md` + +Sample items (testing the requirements, NOT the implementation): + +- "Are visual hierarchy requirements defined with measurable criteria? [Clarity, Spec §FR-1]" +- "Is the number and positioning of UI elements explicitly specified? [Completeness, Spec §FR-1]" +- "Are interaction state requirements (hover, focus, active) consistently defined? [Consistency]" +- "Are accessibility requirements specified for all interactive elements? [Coverage, Gap]" +- "Is fallback behavior defined when images fail to load? [Edge Case, Gap]" +- "Can 'prominent display' be objectively measured? [Measurability, Spec §FR-4]" + +**API Requirements Quality:** `api.md` + +Sample items: + +- "Are error response formats specified for all failure scenarios? [Completeness]" +- "Are rate limiting requirements quantified with specific thresholds? [Clarity]" +- "Are authentication requirements consistent across all endpoints? [Consistency]" +- "Are retry/timeout requirements defined for external dependencies? [Coverage, Gap]" +- "Is versioning strategy documented in requirements? [Gap]" + +**Performance Requirements Quality:** `performance.md` + +Sample items: + +- "Are performance requirements quantified with specific metrics? [Clarity]" +- "Are performance targets defined for all critical user journeys? [Coverage]" +- "Are performance requirements under different load conditions specified? [Completeness]" +- "Can performance requirements be objectively measured? [Measurability]" +- "Are degradation requirements defined for high-load scenarios? [Edge Case, Gap]" + +**Security Requirements Quality:** `security.md` + +Sample items: + +- "Are authentication requirements specified for all protected resources? [Coverage]" +- "Are data protection requirements defined for sensitive information? [Completeness]" +- "Is the threat model documented and requirements aligned to it? [Traceability]" +- "Are security requirements consistent with compliance obligations? [Consistency]" +- "Are security failure/breach response requirements defined? [Gap, Exception Flow]" + +## Anti-Examples: What NOT To Do + +**❌ WRONG - These test implementation, not requirements:** + +```markdown +- [ ] CHK001 - Verify landing page displays 3 episode cards [Spec §FR-001] +- [ ] CHK002 - Test hover states work correctly on desktop [Spec §FR-003] +- [ ] CHK003 - Confirm logo click navigates to home page [Spec §FR-010] +- [ ] CHK004 - Check that related episodes section shows 3-5 items [Spec §FR-005] +``` + +**✅ CORRECT - These test requirements quality:** + +```markdown +- [ ] CHK001 - Are the number and layout of featured episodes explicitly specified? [Completeness, Spec §FR-001] +- [ ] CHK002 - Are hover state requirements consistently defined for all interactive elements? [Consistency, Spec §FR-003] +- [ ] CHK003 - Are navigation requirements clear for all clickable brand elements? [Clarity, Spec §FR-010] +- [ ] CHK004 - Is the selection criteria for related episodes documented? [Gap, Spec §FR-005] +- [ ] CHK005 - Are loading state requirements defined for asynchronous episode data? [Gap] +- [ ] CHK006 - Can "visual hierarchy" requirements be objectively measured? [Measurability, Spec §FR-001] +``` + +**Key Differences:** + +- Wrong: Tests if the system works correctly +- Correct: Tests if the requirements are written correctly +- Wrong: Verification of behavior +- Correct: Validation of requirement quality +- Wrong: "Does it do X?" +- Correct: "Is X clearly specified?" diff --git a/.github/agents/speckit.clarify.agent.md b/.github/agents/speckit.clarify.agent.md new file mode 100644 index 0000000..6b28dae --- /dev/null +++ b/.github/agents/speckit.clarify.agent.md @@ -0,0 +1,181 @@ +--- +description: Identify underspecified areas in the current feature spec by asking up to 5 highly targeted clarification questions and encoding answers back into the spec. +handoffs: + - label: Build Technical Plan + agent: speckit.plan + prompt: Create a plan for the spec. I am building with... +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +Goal: Detect and reduce ambiguity or missing decision points in the active feature specification and record the clarifications directly in the spec file. + +Note: This clarification workflow is expected to run (and be completed) BEFORE invoking `/speckit.plan`. If the user explicitly states they are skipping clarification (e.g., exploratory spike), you may proceed, but must warn that downstream rework risk increases. + +Execution steps: + +1. Run `.specify/scripts/bash/check-prerequisites.sh --json --paths-only` from repo root **once** (combined `--json --paths-only` mode / `-Json -PathsOnly`). Parse minimal JSON payload fields: + - `FEATURE_DIR` + - `FEATURE_SPEC` + - (Optionally capture `IMPL_PLAN`, `TASKS` for future chained flows.) + - If JSON parsing fails, abort and instruct user to re-run `/speckit.specify` or verify feature branch environment. + - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. Load the current spec file. Perform a structured ambiguity & coverage scan using this taxonomy. For each category, mark status: Clear / Partial / Missing. Produce an internal coverage map used for prioritization (do not output raw map unless no questions will be asked). + + Functional Scope & Behavior: + - Core user goals & success criteria + - Explicit out-of-scope declarations + - User roles / personas differentiation + + Domain & Data Model: + - Entities, attributes, relationships + - Identity & uniqueness rules + - Lifecycle/state transitions + - Data volume / scale assumptions + + Interaction & UX Flow: + - Critical user journeys / sequences + - Error/empty/loading states + - Accessibility or localization notes + + Non-Functional Quality Attributes: + - Performance (latency, throughput targets) + - Scalability (horizontal/vertical, limits) + - Reliability & availability (uptime, recovery expectations) + - Observability (logging, metrics, tracing signals) + - Security & privacy (authN/Z, data protection, threat assumptions) + - Compliance / regulatory constraints (if any) + + Integration & External Dependencies: + - External services/APIs and failure modes + - Data import/export formats + - Protocol/versioning assumptions + + Edge Cases & Failure Handling: + - Negative scenarios + - Rate limiting / throttling + - Conflict resolution (e.g., concurrent edits) + + Constraints & Tradeoffs: + - Technical constraints (language, storage, hosting) + - Explicit tradeoffs or rejected alternatives + + Terminology & Consistency: + - Canonical glossary terms + - Avoided synonyms / deprecated terms + + Completion Signals: + - Acceptance criteria testability + - Measurable Definition of Done style indicators + + Misc / Placeholders: + - TODO markers / unresolved decisions + - Ambiguous adjectives ("robust", "intuitive") lacking quantification + + For each category with Partial or Missing status, add a candidate question opportunity unless: + - Clarification would not materially change implementation or validation strategy + - Information is better deferred to planning phase (note internally) + +3. Generate (internally) a prioritized queue of candidate clarification questions (maximum 5). Do NOT output them all at once. Apply these constraints: + - Maximum of 10 total questions across the whole session. + - Each question must be answerable with EITHER: + - A short multiple‑choice selection (2–5 distinct, mutually exclusive options), OR + - A one-word / short‑phrase answer (explicitly constrain: "Answer in <=5 words"). + - Only include questions whose answers materially impact architecture, data modeling, task decomposition, test design, UX behavior, operational readiness, or compliance validation. + - Ensure category coverage balance: attempt to cover the highest impact unresolved categories first; avoid asking two low-impact questions when a single high-impact area (e.g., security posture) is unresolved. + - Exclude questions already answered, trivial stylistic preferences, or plan-level execution details (unless blocking correctness). + - Favor clarifications that reduce downstream rework risk or prevent misaligned acceptance tests. + - If more than 5 categories remain unresolved, select the top 5 by (Impact * Uncertainty) heuristic. + +4. Sequential questioning loop (interactive): + - Present EXACTLY ONE question at a time. + - For multiple‑choice questions: + - **Analyze all options** and determine the **most suitable option** based on: + - Best practices for the project type + - Common patterns in similar implementations + - Risk reduction (security, performance, maintainability) + - Alignment with any explicit project goals or constraints visible in the spec + - Present your **recommended option prominently** at the top with clear reasoning (1-2 sentences explaining why this is the best choice). + - Format as: `**Recommended:** Option [X] - <reasoning>` + - Then render all options as a Markdown table: + + | Option | Description | + |--------|-------------| + | A | <Option A description> | + | B | <Option B description> | + | C | <Option C description> (add D/E as needed up to 5) | + | Short | Provide a different short answer (<=5 words) (Include only if free-form alternative is appropriate) | + + - After the table, add: `You can reply with the option letter (e.g., "A"), accept the recommendation by saying "yes" or "recommended", or provide your own short answer.` + - For short‑answer style (no meaningful discrete options): + - Provide your **suggested answer** based on best practices and context. + - Format as: `**Suggested:** <your proposed answer> - <brief reasoning>` + - Then output: `Format: Short answer (<=5 words). You can accept the suggestion by saying "yes" or "suggested", or provide your own answer.` + - After the user answers: + - If the user replies with "yes", "recommended", or "suggested", use your previously stated recommendation/suggestion as the answer. + - Otherwise, validate the answer maps to one option or fits the <=5 word constraint. + - If ambiguous, ask for a quick disambiguation (count still belongs to same question; do not advance). + - Once satisfactory, record it in working memory (do not yet write to disk) and move to the next queued question. + - Stop asking further questions when: + - All critical ambiguities resolved early (remaining queued items become unnecessary), OR + - User signals completion ("done", "good", "no more"), OR + - You reach 5 asked questions. + - Never reveal future queued questions in advance. + - If no valid questions exist at start, immediately report no critical ambiguities. + +5. Integration after EACH accepted answer (incremental update approach): + - Maintain in-memory representation of the spec (loaded once at start) plus the raw file contents. + - For the first integrated answer in this session: + - Ensure a `## Clarifications` section exists (create it just after the highest-level contextual/overview section per the spec template if missing). + - Under it, create (if not present) a `### Session YYYY-MM-DD` subheading for today. + - Append a bullet line immediately after acceptance: `- Q: <question> → A: <final answer>`. + - Then immediately apply the clarification to the most appropriate section(s): + - Functional ambiguity → Update or add a bullet in Functional Requirements. + - User interaction / actor distinction → Update User Stories or Actors subsection (if present) with clarified role, constraint, or scenario. + - Data shape / entities → Update Data Model (add fields, types, relationships) preserving ordering; note added constraints succinctly. + - Non-functional constraint → Add/modify measurable criteria in Non-Functional / Quality Attributes section (convert vague adjective to metric or explicit target). + - Edge case / negative flow → Add a new bullet under Edge Cases / Error Handling (or create such subsection if template provides placeholder for it). + - Terminology conflict → Normalize term across spec; retain original only if necessary by adding `(formerly referred to as "X")` once. + - If the clarification invalidates an earlier ambiguous statement, replace that statement instead of duplicating; leave no obsolete contradictory text. + - Save the spec file AFTER each integration to minimize risk of context loss (atomic overwrite). + - Preserve formatting: do not reorder unrelated sections; keep heading hierarchy intact. + - Keep each inserted clarification minimal and testable (avoid narrative drift). + +6. Validation (performed after EACH write plus final pass): + - Clarifications session contains exactly one bullet per accepted answer (no duplicates). + - Total asked (accepted) questions ≤ 5. + - Updated sections contain no lingering vague placeholders the new answer was meant to resolve. + - No contradictory earlier statement remains (scan for now-invalid alternative choices removed). + - Markdown structure valid; only allowed new headings: `## Clarifications`, `### Session YYYY-MM-DD`. + - Terminology consistency: same canonical term used across all updated sections. + +7. Write the updated spec back to `FEATURE_SPEC`. + +8. Report completion (after questioning loop ends or early termination): + - Number of questions asked & answered. + - Path to updated spec. + - Sections touched (list names). + - Coverage summary table listing each taxonomy category with Status: Resolved (was Partial/Missing and addressed), Deferred (exceeds question quota or better suited for planning), Clear (already sufficient), Outstanding (still Partial/Missing but low impact). + - If any Outstanding or Deferred remain, recommend whether to proceed to `/speckit.plan` or run `/speckit.clarify` again later post-plan. + - Suggested next command. + +Behavior rules: + +- If no meaningful ambiguities found (or all potential questions would be low-impact), respond: "No critical ambiguities detected worth formal clarification." and suggest proceeding. +- If spec file missing, instruct user to run `/speckit.specify` first (do not create a new spec here). +- Never exceed 5 total asked questions (clarification retries for a single question do not count as new questions). +- Avoid speculative tech stack questions unless the absence blocks functional clarity. +- Respect user early termination signals ("stop", "done", "proceed"). +- If no questions asked due to full coverage, output a compact coverage summary (all categories Clear) then suggest advancing. +- If quota reached with unresolved high-impact categories remaining, explicitly flag them under Deferred with rationale. + +Context for prioritization: $ARGUMENTS diff --git a/.github/agents/speckit.constitution.agent.md b/.github/agents/speckit.constitution.agent.md new file mode 100644 index 0000000..1830264 --- /dev/null +++ b/.github/agents/speckit.constitution.agent.md @@ -0,0 +1,82 @@ +--- +description: Create or update the project constitution from interactive or provided principle inputs, ensuring all dependent templates stay in sync. +handoffs: + - label: Build Specification + agent: speckit.specify + prompt: Implement the feature specification based on the updated constitution. I want to build... +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +You are updating the project constitution at `.specify/memory/constitution.md`. This file is a TEMPLATE containing placeholder tokens in square brackets (e.g. `[PROJECT_NAME]`, `[PRINCIPLE_1_NAME]`). Your job is to (a) collect/derive concrete values, (b) fill the template precisely, and (c) propagate any amendments across dependent artifacts. + +Follow this execution flow: + +1. Load the existing constitution template at `.specify/memory/constitution.md`. + - Identify every placeholder token of the form `[ALL_CAPS_IDENTIFIER]`. + **IMPORTANT**: The user might require less or more principles than the ones used in the template. If a number is specified, respect that - follow the general template. You will update the doc accordingly. + +2. Collect/derive values for placeholders: + - If user input (conversation) supplies a value, use it. + - Otherwise infer from existing repo context (README, docs, prior constitution versions if embedded). + - For governance dates: `RATIFICATION_DATE` is the original adoption date (if unknown ask or mark TODO), `LAST_AMENDED_DATE` is today if changes are made, otherwise keep previous. + - `CONSTITUTION_VERSION` must increment according to semantic versioning rules: + - MAJOR: Backward incompatible governance/principle removals or redefinitions. + - MINOR: New principle/section added or materially expanded guidance. + - PATCH: Clarifications, wording, typo fixes, non-semantic refinements. + - If version bump type ambiguous, propose reasoning before finalizing. + +3. Draft the updated constitution content: + - Replace every placeholder with concrete text (no bracketed tokens left except intentionally retained template slots that the project has chosen not to define yet—explicitly justify any left). + - Preserve heading hierarchy and comments can be removed once replaced unless they still add clarifying guidance. + - Ensure each Principle section: succinct name line, paragraph (or bullet list) capturing non‑negotiable rules, explicit rationale if not obvious. + - Ensure Governance section lists amendment procedure, versioning policy, and compliance review expectations. + +4. Consistency propagation checklist (convert prior checklist into active validations): + - Read `.specify/templates/plan-template.md` and ensure any "Constitution Check" or rules align with updated principles. + - Read `.specify/templates/spec-template.md` for scope/requirements alignment—update if constitution adds/removes mandatory sections or constraints. + - Read `.specify/templates/tasks-template.md` and ensure task categorization reflects new or removed principle-driven task types (e.g., observability, versioning, testing discipline). + - Read each command file in `.specify/templates/commands/*.md` (including this one) to verify no outdated references (agent-specific names like CLAUDE only) remain when generic guidance is required. + - Read any runtime guidance docs (e.g., `README.md`, `docs/quickstart.md`, or agent-specific guidance files if present). Update references to principles changed. + +5. Produce a Sync Impact Report (prepend as an HTML comment at top of the constitution file after update): + - Version change: old → new + - List of modified principles (old title → new title if renamed) + - Added sections + - Removed sections + - Templates requiring updates (✅ updated / ⚠ pending) with file paths + - Follow-up TODOs if any placeholders intentionally deferred. + +6. Validation before final output: + - No remaining unexplained bracket tokens. + - Version line matches report. + - Dates ISO format YYYY-MM-DD. + - Principles are declarative, testable, and free of vague language ("should" → replace with MUST/SHOULD rationale where appropriate). + +7. Write the completed constitution back to `.specify/memory/constitution.md` (overwrite). + +8. Output a final summary to the user with: + - New version and bump rationale. + - Any files flagged for manual follow-up. + - Suggested commit message (e.g., `docs: amend constitution to vX.Y.Z (principle additions + governance update)`). + +Formatting & Style Requirements: + +- Use Markdown headings exactly as in the template (do not demote/promote levels). +- Wrap long rationale lines to keep readability (<100 chars ideally) but do not hard enforce with awkward breaks. +- Keep a single blank line between sections. +- Avoid trailing whitespace. + +If the user supplies partial updates (e.g., only one principle revision), still perform validation and version decision steps. + +If critical info missing (e.g., ratification date truly unknown), insert `TODO(<FIELD_NAME>): explanation` and include in the Sync Impact Report under deferred items. + +Do not create a new template; always operate on the existing `.specify/memory/constitution.md` file. diff --git a/.github/agents/speckit.implement.agent.md b/.github/agents/speckit.implement.agent.md new file mode 100644 index 0000000..41da7b9 --- /dev/null +++ b/.github/agents/speckit.implement.agent.md @@ -0,0 +1,135 @@ +--- +description: Execute the implementation plan by processing and executing all tasks defined in tasks.md +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +1. Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. **Check checklists status** (if FEATURE_DIR/checklists/ exists): + - Scan all checklist files in the checklists/ directory + - For each checklist, count: + - Total items: All lines matching `- [ ]` or `- [X]` or `- [x]` + - Completed items: Lines matching `- [X]` or `- [x]` + - Incomplete items: Lines matching `- [ ]` + - Create a status table: + + ```text + | Checklist | Total | Completed | Incomplete | Status | + |-----------|-------|-----------|------------|--------| + | ux.md | 12 | 12 | 0 | ✓ PASS | + | test.md | 8 | 5 | 3 | ✗ FAIL | + | security.md | 6 | 6 | 0 | ✓ PASS | + ``` + + - Calculate overall status: + - **PASS**: All checklists have 0 incomplete items + - **FAIL**: One or more checklists have incomplete items + + - **If any checklist is incomplete**: + - Display the table with incomplete item counts + - **STOP** and ask: "Some checklists are incomplete. Do you want to proceed with implementation anyway? (yes/no)" + - Wait for user response before continuing + - If user says "no" or "wait" or "stop", halt execution + - If user says "yes" or "proceed" or "continue", proceed to step 3 + + - **If all checklists are complete**: + - Display the table showing all checklists passed + - Automatically proceed to step 3 + +3. Load and analyze the implementation context: + - **REQUIRED**: Read tasks.md for the complete task list and execution plan + - **REQUIRED**: Read plan.md for tech stack, architecture, and file structure + - **IF EXISTS**: Read data-model.md for entities and relationships + - **IF EXISTS**: Read contracts/ for API specifications and test requirements + - **IF EXISTS**: Read research.md for technical decisions and constraints + - **IF EXISTS**: Read quickstart.md for integration scenarios + +4. **Project Setup Verification**: + - **REQUIRED**: Create/verify ignore files based on actual project setup: + + **Detection & Creation Logic**: + - Check if the following command succeeds to determine if the repository is a git repo (create/verify .gitignore if so): + + ```sh + git rev-parse --git-dir 2>/dev/null + ``` + + - Check if Dockerfile* exists or Docker in plan.md → create/verify .dockerignore + - Check if .eslintrc* exists → create/verify .eslintignore + - Check if eslint.config.* exists → ensure the config's `ignores` entries cover required patterns + - Check if .prettierrc* exists → create/verify .prettierignore + - Check if .npmrc or package.json exists → create/verify .npmignore (if publishing) + - Check if terraform files (*.tf) exist → create/verify .terraformignore + - Check if .helmignore needed (helm charts present) → create/verify .helmignore + + **If ignore file already exists**: Verify it contains essential patterns, append missing critical patterns only + **If ignore file missing**: Create with full pattern set for detected technology + + **Common Patterns by Technology** (from plan.md tech stack): + - **Node.js/JavaScript/TypeScript**: `node_modules/`, `dist/`, `build/`, `*.log`, `.env*` + - **Python**: `__pycache__/`, `*.pyc`, `.venv/`, `venv/`, `dist/`, `*.egg-info/` + - **Java**: `target/`, `*.class`, `*.jar`, `.gradle/`, `build/` + - **C#/.NET**: `bin/`, `obj/`, `*.user`, `*.suo`, `packages/` + - **Go**: `*.exe`, `*.test`, `vendor/`, `*.out` + - **Ruby**: `.bundle/`, `log/`, `tmp/`, `*.gem`, `vendor/bundle/` + - **PHP**: `vendor/`, `*.log`, `*.cache`, `*.env` + - **Rust**: `target/`, `debug/`, `release/`, `*.rs.bk`, `*.rlib`, `*.prof*`, `.idea/`, `*.log`, `.env*` + - **Kotlin**: `build/`, `out/`, `.gradle/`, `.idea/`, `*.class`, `*.jar`, `*.iml`, `*.log`, `.env*` + - **C++**: `build/`, `bin/`, `obj/`, `out/`, `*.o`, `*.so`, `*.a`, `*.exe`, `*.dll`, `.idea/`, `*.log`, `.env*` + - **C**: `build/`, `bin/`, `obj/`, `out/`, `*.o`, `*.a`, `*.so`, `*.exe`, `Makefile`, `config.log`, `.idea/`, `*.log`, `.env*` + - **Swift**: `.build/`, `DerivedData/`, `*.swiftpm/`, `Packages/` + - **R**: `.Rproj.user/`, `.Rhistory`, `.RData`, `.Ruserdata`, `*.Rproj`, `packrat/`, `renv/` + - **Universal**: `.DS_Store`, `Thumbs.db`, `*.tmp`, `*.swp`, `.vscode/`, `.idea/` + + **Tool-Specific Patterns**: + - **Docker**: `node_modules/`, `.git/`, `Dockerfile*`, `.dockerignore`, `*.log*`, `.env*`, `coverage/` + - **ESLint**: `node_modules/`, `dist/`, `build/`, `coverage/`, `*.min.js` + - **Prettier**: `node_modules/`, `dist/`, `build/`, `coverage/`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml` + - **Terraform**: `.terraform/`, `*.tfstate*`, `*.tfvars`, `.terraform.lock.hcl` + - **Kubernetes/k8s**: `*.secret.yaml`, `secrets/`, `.kube/`, `kubeconfig*`, `*.key`, `*.crt` + +5. Parse tasks.md structure and extract: + - **Task phases**: Setup, Tests, Core, Integration, Polish + - **Task dependencies**: Sequential vs parallel execution rules + - **Task details**: ID, description, file paths, parallel markers [P] + - **Execution flow**: Order and dependency requirements + +6. Execute implementation following the task plan: + - **Phase-by-phase execution**: Complete each phase before moving to the next + - **Respect dependencies**: Run sequential tasks in order, parallel tasks [P] can run together + - **Follow TDD approach**: Execute test tasks before their corresponding implementation tasks + - **File-based coordination**: Tasks affecting the same files must run sequentially + - **Validation checkpoints**: Verify each phase completion before proceeding + +7. Implementation execution rules: + - **Setup first**: Initialize project structure, dependencies, configuration + - **Tests before code**: If you need to write tests for contracts, entities, and integration scenarios + - **Core development**: Implement models, services, CLI commands, endpoints + - **Integration work**: Database connections, middleware, logging, external services + - **Polish and validation**: Unit tests, performance optimization, documentation + +8. Progress tracking and error handling: + - Report progress after each completed task + - Halt execution if any non-parallel task fails + - For parallel tasks [P], continue with successful tasks, report failed ones + - Provide clear error messages with context for debugging + - Suggest next steps if implementation cannot proceed + - **IMPORTANT** For completed tasks, make sure to mark the task off as [X] in the tasks file. + +9. Completion validation: + - Verify all required tasks are completed + - Check that implemented features match the original specification + - Validate that tests pass and coverage meets requirements + - Confirm the implementation follows the technical plan + - Report final status with summary of completed work + +Note: This command assumes a complete task breakdown exists in tasks.md. If tasks are incomplete or missing, suggest running `/speckit.tasks` first to regenerate the task list. diff --git a/.github/agents/speckit.plan.agent.md b/.github/agents/speckit.plan.agent.md new file mode 100644 index 0000000..eb45be2 --- /dev/null +++ b/.github/agents/speckit.plan.agent.md @@ -0,0 +1,89 @@ +--- +description: Execute the implementation planning workflow using the plan template to generate design artifacts. +handoffs: + - label: Create Tasks + agent: speckit.tasks + prompt: Break the plan into tasks + send: true + - label: Create Checklist + agent: speckit.checklist + prompt: Create a checklist for the following domain... +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +1. **Setup**: Run `.specify/scripts/bash/setup-plan.sh --json` from repo root and parse JSON for FEATURE_SPEC, IMPL_PLAN, SPECS_DIR, BRANCH. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. **Load context**: Read FEATURE_SPEC and `.specify/memory/constitution.md`. Load IMPL_PLAN template (already copied). + +3. **Execute plan workflow**: Follow the structure in IMPL_PLAN template to: + - Fill Technical Context (mark unknowns as "NEEDS CLARIFICATION") + - Fill Constitution Check section from constitution + - Evaluate gates (ERROR if violations unjustified) + - Phase 0: Generate research.md (resolve all NEEDS CLARIFICATION) + - Phase 1: Generate data-model.md, contracts/, quickstart.md + - Phase 1: Update agent context by running the agent script + - Re-evaluate Constitution Check post-design + +4. **Stop and report**: Command ends after Phase 2 planning. Report branch, IMPL_PLAN path, and generated artifacts. + +## Phases + +### Phase 0: Outline & Research + +1. **Extract unknowns from Technical Context** above: + - For each NEEDS CLARIFICATION → research task + - For each dependency → best practices task + - For each integration → patterns task + +2. **Generate and dispatch research agents**: + + ```text + For each unknown in Technical Context: + Task: "Research {unknown} for {feature context}" + For each technology choice: + Task: "Find best practices for {tech} in {domain}" + ``` + +3. **Consolidate findings** in `research.md` using format: + - Decision: [what was chosen] + - Rationale: [why chosen] + - Alternatives considered: [what else evaluated] + +**Output**: research.md with all NEEDS CLARIFICATION resolved + +### Phase 1: Design & Contracts + +**Prerequisites:** `research.md` complete + +1. **Extract entities from feature spec** → `data-model.md`: + - Entity name, fields, relationships + - Validation rules from requirements + - State transitions if applicable + +2. **Generate API contracts** from functional requirements: + - For each user action → endpoint + - Use standard REST/GraphQL patterns + - Output OpenAPI/GraphQL schema to `/contracts/` + +3. **Agent context update**: + - Run `.specify/scripts/bash/update-agent-context.sh copilot` + - These scripts detect which AI agent is in use + - Update the appropriate agent-specific context file + - Add only new technology from current plan + - Preserve manual additions between markers + +**Output**: data-model.md, /contracts/*, quickstart.md, agent-specific file + +## Key rules + +- Use absolute paths +- ERROR on gate failures or unresolved clarifications diff --git a/.github/agents/speckit.specify.agent.md b/.github/agents/speckit.specify.agent.md new file mode 100644 index 0000000..49abdcb --- /dev/null +++ b/.github/agents/speckit.specify.agent.md @@ -0,0 +1,258 @@ +--- +description: Create or update the feature specification from a natural language feature description. +handoffs: + - label: Build Technical Plan + agent: speckit.plan + prompt: Create a plan for the spec. I am building with... + - label: Clarify Spec Requirements + agent: speckit.clarify + prompt: Clarify specification requirements + send: true +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +The text the user typed after `/speckit.specify` in the triggering message **is** the feature description. Assume you always have it available in this conversation even if `$ARGUMENTS` appears literally below. Do not ask the user to repeat it unless they provided an empty command. + +Given that feature description, do this: + +1. **Generate a concise short name** (2-4 words) for the branch: + - Analyze the feature description and extract the most meaningful keywords + - Create a 2-4 word short name that captures the essence of the feature + - Use action-noun format when possible (e.g., "add-user-auth", "fix-payment-bug") + - Preserve technical terms and acronyms (OAuth2, API, JWT, etc.) + - Keep it concise but descriptive enough to understand the feature at a glance + - Examples: + - "I want to add user authentication" → "user-auth" + - "Implement OAuth2 integration for the API" → "oauth2-api-integration" + - "Create a dashboard for analytics" → "analytics-dashboard" + - "Fix payment processing timeout bug" → "fix-payment-timeout" + +2. **Check for existing branches before creating new one**: + + a. First, fetch all remote branches to ensure we have the latest information: + + ```bash + git fetch --all --prune + ``` + + b. Find the highest feature number across all sources for the short-name: + - Remote branches: `git ls-remote --heads origin | grep -E 'refs/heads/[0-9]+-<short-name>$'` + - Local branches: `git branch | grep -E '^[* ]*[0-9]+-<short-name>$'` + - Specs directories: Check for directories matching `specs/[0-9]+-<short-name>` + + c. Determine the next available number: + - Extract all numbers from all three sources + - Find the highest number N + - Use N+1 for the new branch number + + d. Run the script `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS"` with the calculated number and short-name: + - Pass `--number N+1` and `--short-name "your-short-name"` along with the feature description + - Bash example: `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS" --json --number 5 --short-name "user-auth" "Add user authentication"` + - PowerShell example: `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS" -Json -Number 5 -ShortName "user-auth" "Add user authentication"` + + **IMPORTANT**: + - Check all three sources (remote branches, local branches, specs directories) to find the highest number + - Only match branches/directories with the exact short-name pattern + - If no existing branches/directories found with this short-name, start with number 1 + - You must only ever run this script once per feature + - The JSON is provided in the terminal as output - always refer to it to get the actual content you're looking for + - The JSON output will contain BRANCH_NAME and SPEC_FILE paths + - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot") + +3. Load `.specify/templates/spec-template.md` to understand required sections. + +4. Follow this execution flow: + + 1. Parse user description from Input + If empty: ERROR "No feature description provided" + 2. Extract key concepts from description + Identify: actors, actions, data, constraints + 3. For unclear aspects: + - Make informed guesses based on context and industry standards + - Only mark with [NEEDS CLARIFICATION: specific question] if: + - The choice significantly impacts feature scope or user experience + - Multiple reasonable interpretations exist with different implications + - No reasonable default exists + - **LIMIT: Maximum 3 [NEEDS CLARIFICATION] markers total** + - Prioritize clarifications by impact: scope > security/privacy > user experience > technical details + 4. Fill User Scenarios & Testing section + If no clear user flow: ERROR "Cannot determine user scenarios" + 5. Generate Functional Requirements + Each requirement must be testable + Use reasonable defaults for unspecified details (document assumptions in Assumptions section) + 6. Define Success Criteria + Create measurable, technology-agnostic outcomes + Include both quantitative metrics (time, performance, volume) and qualitative measures (user satisfaction, task completion) + Each criterion must be verifiable without implementation details + 7. Identify Key Entities (if data involved) + 8. Return: SUCCESS (spec ready for planning) + +5. Write the specification to SPEC_FILE using the template structure, replacing placeholders with concrete details derived from the feature description (arguments) while preserving section order and headings. + +6. **Specification Quality Validation**: After writing the initial spec, validate it against quality criteria: + + a. **Create Spec Quality Checklist**: Generate a checklist file at `FEATURE_DIR/checklists/requirements.md` using the checklist template structure with these validation items: + + ```markdown + # Specification Quality Checklist: [FEATURE NAME] + + **Purpose**: Validate specification completeness and quality before proceeding to planning + **Created**: [DATE] + **Feature**: [Link to spec.md] + + ## Content Quality + + - [ ] No implementation details (languages, frameworks, APIs) + - [ ] Focused on user value and business needs + - [ ] Written for non-technical stakeholders + - [ ] All mandatory sections completed + + ## Requirement Completeness + + - [ ] No [NEEDS CLARIFICATION] markers remain + - [ ] Requirements are testable and unambiguous + - [ ] Success criteria are measurable + - [ ] Success criteria are technology-agnostic (no implementation details) + - [ ] All acceptance scenarios are defined + - [ ] Edge cases are identified + - [ ] Scope is clearly bounded + - [ ] Dependencies and assumptions identified + + ## Feature Readiness + + - [ ] All functional requirements have clear acceptance criteria + - [ ] User scenarios cover primary flows + - [ ] Feature meets measurable outcomes defined in Success Criteria + - [ ] No implementation details leak into specification + + ## Notes + + - Items marked incomplete require spec updates before `/speckit.clarify` or `/speckit.plan` + ``` + + b. **Run Validation Check**: Review the spec against each checklist item: + - For each item, determine if it passes or fails + - Document specific issues found (quote relevant spec sections) + + c. **Handle Validation Results**: + + - **If all items pass**: Mark checklist complete and proceed to step 6 + + - **If items fail (excluding [NEEDS CLARIFICATION])**: + 1. List the failing items and specific issues + 2. Update the spec to address each issue + 3. Re-run validation until all items pass (max 3 iterations) + 4. If still failing after 3 iterations, document remaining issues in checklist notes and warn user + + - **If [NEEDS CLARIFICATION] markers remain**: + 1. Extract all [NEEDS CLARIFICATION: ...] markers from the spec + 2. **LIMIT CHECK**: If more than 3 markers exist, keep only the 3 most critical (by scope/security/UX impact) and make informed guesses for the rest + 3. For each clarification needed (max 3), present options to user in this format: + + ```markdown + ## Question [N]: [Topic] + + **Context**: [Quote relevant spec section] + + **What we need to know**: [Specific question from NEEDS CLARIFICATION marker] + + **Suggested Answers**: + + | Option | Answer | Implications | + |--------|--------|--------------| + | A | [First suggested answer] | [What this means for the feature] | + | B | [Second suggested answer] | [What this means for the feature] | + | C | [Third suggested answer] | [What this means for the feature] | + | Custom | Provide your own answer | [Explain how to provide custom input] | + + **Your choice**: _[Wait for user response]_ + ``` + + 4. **CRITICAL - Table Formatting**: Ensure markdown tables are properly formatted: + - Use consistent spacing with pipes aligned + - Each cell should have spaces around content: `| Content |` not `|Content|` + - Header separator must have at least 3 dashes: `|--------|` + - Test that the table renders correctly in markdown preview + 5. Number questions sequentially (Q1, Q2, Q3 - max 3 total) + 6. Present all questions together before waiting for responses + 7. Wait for user to respond with their choices for all questions (e.g., "Q1: A, Q2: Custom - [details], Q3: B") + 8. Update the spec by replacing each [NEEDS CLARIFICATION] marker with the user's selected or provided answer + 9. Re-run validation after all clarifications are resolved + + d. **Update Checklist**: After each validation iteration, update the checklist file with current pass/fail status + +7. Report completion with branch name, spec file path, checklist results, and readiness for the next phase (`/speckit.clarify` or `/speckit.plan`). + +**NOTE:** The script creates and checks out the new branch and initializes the spec file before writing. + +## General Guidelines + +## Quick Guidelines + +- Focus on **WHAT** users need and **WHY**. +- Avoid HOW to implement (no tech stack, APIs, code structure). +- Written for business stakeholders, not developers. +- DO NOT create any checklists that are embedded in the spec. That will be a separate command. + +### Section Requirements + +- **Mandatory sections**: Must be completed for every feature +- **Optional sections**: Include only when relevant to the feature +- When a section doesn't apply, remove it entirely (don't leave as "N/A") + +### For AI Generation + +When creating this spec from a user prompt: + +1. **Make informed guesses**: Use context, industry standards, and common patterns to fill gaps +2. **Document assumptions**: Record reasonable defaults in the Assumptions section +3. **Limit clarifications**: Maximum 3 [NEEDS CLARIFICATION] markers - use only for critical decisions that: + - Significantly impact feature scope or user experience + - Have multiple reasonable interpretations with different implications + - Lack any reasonable default +4. **Prioritize clarifications**: scope > security/privacy > user experience > technical details +5. **Think like a tester**: Every vague requirement should fail the "testable and unambiguous" checklist item +6. **Common areas needing clarification** (only if no reasonable default exists): + - Feature scope and boundaries (include/exclude specific use cases) + - User types and permissions (if multiple conflicting interpretations possible) + - Security/compliance requirements (when legally/financially significant) + +**Examples of reasonable defaults** (don't ask about these): + +- Data retention: Industry-standard practices for the domain +- Performance targets: Standard web/mobile app expectations unless specified +- Error handling: User-friendly messages with appropriate fallbacks +- Authentication method: Standard session-based or OAuth2 for web apps +- Integration patterns: RESTful APIs unless specified otherwise + +### Success Criteria Guidelines + +Success criteria must be: + +1. **Measurable**: Include specific metrics (time, percentage, count, rate) +2. **Technology-agnostic**: No mention of frameworks, languages, databases, or tools +3. **User-focused**: Describe outcomes from user/business perspective, not system internals +4. **Verifiable**: Can be tested/validated without knowing implementation details + +**Good examples**: + +- "Users can complete checkout in under 3 minutes" +- "System supports 10,000 concurrent users" +- "95% of searches return results in under 1 second" +- "Task completion rate improves by 40%" + +**Bad examples** (implementation-focused): + +- "API response time is under 200ms" (too technical, use "Users see results instantly") +- "Database can handle 1000 TPS" (implementation detail, use user-facing metric) +- "React components render efficiently" (framework-specific) +- "Redis cache hit rate above 80%" (technology-specific) diff --git a/.github/agents/speckit.tasks.agent.md b/.github/agents/speckit.tasks.agent.md new file mode 100644 index 0000000..f64e86e --- /dev/null +++ b/.github/agents/speckit.tasks.agent.md @@ -0,0 +1,137 @@ +--- +description: Generate an actionable, dependency-ordered tasks.md for the feature based on available design artifacts. +handoffs: + - label: Analyze For Consistency + agent: speckit.analyze + prompt: Run a project analysis for consistency + send: true + - label: Implement Project + agent: speckit.implement + prompt: Start the implementation in phases + send: true +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +1. **Setup**: Run `.specify/scripts/bash/check-prerequisites.sh --json` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). + +2. **Load design documents**: Read from FEATURE_DIR: + - **Required**: plan.md (tech stack, libraries, structure), spec.md (user stories with priorities) + - **Optional**: data-model.md (entities), contracts/ (API endpoints), research.md (decisions), quickstart.md (test scenarios) + - Note: Not all projects have all documents. Generate tasks based on what's available. + +3. **Execute task generation workflow**: + - Load plan.md and extract tech stack, libraries, project structure + - Load spec.md and extract user stories with their priorities (P1, P2, P3, etc.) + - If data-model.md exists: Extract entities and map to user stories + - If contracts/ exists: Map endpoints to user stories + - If research.md exists: Extract decisions for setup tasks + - Generate tasks organized by user story (see Task Generation Rules below) + - Generate dependency graph showing user story completion order + - Create parallel execution examples per user story + - Validate task completeness (each user story has all needed tasks, independently testable) + +4. **Generate tasks.md**: Use `.specify/templates/tasks-template.md` as structure, fill with: + - Correct feature name from plan.md + - Phase 1: Setup tasks (project initialization) + - Phase 2: Foundational tasks (blocking prerequisites for all user stories) + - Phase 3+: One phase per user story (in priority order from spec.md) + - Each phase includes: story goal, independent test criteria, tests (if requested), implementation tasks + - Final Phase: Polish & cross-cutting concerns + - All tasks must follow the strict checklist format (see Task Generation Rules below) + - Clear file paths for each task + - Dependencies section showing story completion order + - Parallel execution examples per story + - Implementation strategy section (MVP first, incremental delivery) + +5. **Report**: Output path to generated tasks.md and summary: + - Total task count + - Task count per user story + - Parallel opportunities identified + - Independent test criteria for each story + - Suggested MVP scope (typically just User Story 1) + - Format validation: Confirm ALL tasks follow the checklist format (checkbox, ID, labels, file paths) + +Context for task generation: $ARGUMENTS + +The tasks.md should be immediately executable - each task must be specific enough that an LLM can complete it without additional context. + +## Task Generation Rules + +**CRITICAL**: Tasks MUST be organized by user story to enable independent implementation and testing. + +**Tests are OPTIONAL**: Only generate test tasks if explicitly requested in the feature specification or if user requests TDD approach. + +### Checklist Format (REQUIRED) + +Every task MUST strictly follow this format: + +```text +- [ ] [TaskID] [P?] [Story?] Description with file path +``` + +**Format Components**: + +1. **Checkbox**: ALWAYS start with `- [ ]` (markdown checkbox) +2. **Task ID**: Sequential number (T001, T002, T003...) in execution order +3. **[P] marker**: Include ONLY if task is parallelizable (different files, no dependencies on incomplete tasks) +4. **[Story] label**: REQUIRED for user story phase tasks only + - Format: [US1], [US2], [US3], etc. (maps to user stories from spec.md) + - Setup phase: NO story label + - Foundational phase: NO story label + - User Story phases: MUST have story label + - Polish phase: NO story label +5. **Description**: Clear action with exact file path + +**Examples**: + +- ✅ CORRECT: `- [ ] T001 Create project structure per implementation plan` +- ✅ CORRECT: `- [ ] T005 [P] Implement authentication middleware in src/middleware/auth.py` +- ✅ CORRECT: `- [ ] T012 [P] [US1] Create User model in src/models/user.py` +- ✅ CORRECT: `- [ ] T014 [US1] Implement UserService in src/services/user_service.py` +- ❌ WRONG: `- [ ] Create User model` (missing ID and Story label) +- ❌ WRONG: `T001 [US1] Create model` (missing checkbox) +- ❌ WRONG: `- [ ] [US1] Create User model` (missing Task ID) +- ❌ WRONG: `- [ ] T001 [US1] Create model` (missing file path) + +### Task Organization + +1. **From User Stories (spec.md)** - PRIMARY ORGANIZATION: + - Each user story (P1, P2, P3...) gets its own phase + - Map all related components to their story: + - Models needed for that story + - Services needed for that story + - Endpoints/UI needed for that story + - If tests requested: Tests specific to that story + - Mark story dependencies (most stories should be independent) + +2. **From Contracts**: + - Map each contract/endpoint → to the user story it serves + - If tests requested: Each contract → contract test task [P] before implementation in that story's phase + +3. **From Data Model**: + - Map each entity to the user story(ies) that need it + - If entity serves multiple stories: Put in earliest story or Setup phase + - Relationships → service layer tasks in appropriate story phase + +4. **From Setup/Infrastructure**: + - Shared infrastructure → Setup phase (Phase 1) + - Foundational/blocking tasks → Foundational phase (Phase 2) + - Story-specific setup → within that story's phase + +### Phase Structure + +- **Phase 1**: Setup (project initialization) +- **Phase 2**: Foundational (blocking prerequisites - MUST complete before user stories) +- **Phase 3+**: User Stories in priority order (P1, P2, P3...) + - Within each story: Tests (if requested) → Models → Services → Endpoints → Integration + - Each phase should be a complete, independently testable increment +- **Final Phase**: Polish & Cross-Cutting Concerns diff --git a/.github/agents/speckit.taskstoissues.agent.md b/.github/agents/speckit.taskstoissues.agent.md new file mode 100644 index 0000000..0799191 --- /dev/null +++ b/.github/agents/speckit.taskstoissues.agent.md @@ -0,0 +1,30 @@ +--- +description: Convert existing tasks into actionable, dependency-ordered GitHub issues for the feature based on available design artifacts. +tools: ['github/github-mcp-server/issue_write'] +--- + +## User Input + +```text +$ARGUMENTS +``` + +You **MUST** consider the user input before proceeding (if not empty). + +## Outline + +1. Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot"). +1. From the executed script, extract the path to **tasks**. +1. Get the Git remote by running: + +```bash +git config --get remote.origin.url +``` + +> [!CAUTION] +> ONLY PROCEED TO NEXT STEPS IF THE REMOTE IS A GITHUB URL + +1. For each task in the list, use the GitHub MCP server to create a new issue in the repository that is representative of the Git remote. + +> [!CAUTION] +> UNDER NO CIRCUMSTANCES EVER CREATE ISSUES IN REPOSITORIES THAT DO NOT MATCH THE REMOTE URL diff --git a/.github/prompts/speckit.analyze.prompt.md b/.github/prompts/speckit.analyze.prompt.md new file mode 100644 index 0000000..a831411 --- /dev/null +++ b/.github/prompts/speckit.analyze.prompt.md @@ -0,0 +1,3 @@ +--- +agent: speckit.analyze +--- diff --git a/.github/prompts/speckit.checklist.prompt.md b/.github/prompts/speckit.checklist.prompt.md new file mode 100644 index 0000000..e552492 --- /dev/null +++ b/.github/prompts/speckit.checklist.prompt.md @@ -0,0 +1,3 @@ +--- +agent: speckit.checklist +--- diff --git a/.github/prompts/speckit.clarify.prompt.md b/.github/prompts/speckit.clarify.prompt.md new file mode 100644 index 0000000..84c12e0 --- /dev/null +++ b/.github/prompts/speckit.clarify.prompt.md @@ -0,0 +1,3 @@ +--- +agent: speckit.clarify +--- diff --git a/.github/prompts/speckit.constitution.prompt.md b/.github/prompts/speckit.constitution.prompt.md new file mode 100644 index 0000000..b05c5ee --- /dev/null +++ b/.github/prompts/speckit.constitution.prompt.md @@ -0,0 +1,3 @@ +--- +agent: speckit.constitution +--- diff --git a/.github/prompts/speckit.implement.prompt.md b/.github/prompts/speckit.implement.prompt.md new file mode 100644 index 0000000..4fb62ec --- /dev/null +++ b/.github/prompts/speckit.implement.prompt.md @@ -0,0 +1,3 @@ +--- +agent: speckit.implement +--- diff --git a/.github/prompts/speckit.plan.prompt.md b/.github/prompts/speckit.plan.prompt.md new file mode 100644 index 0000000..cf52554 --- /dev/null +++ b/.github/prompts/speckit.plan.prompt.md @@ -0,0 +1,3 @@ +--- +agent: speckit.plan +--- diff --git a/.github/prompts/speckit.specify.prompt.md b/.github/prompts/speckit.specify.prompt.md new file mode 100644 index 0000000..b731edc --- /dev/null +++ b/.github/prompts/speckit.specify.prompt.md @@ -0,0 +1,3 @@ +--- +agent: speckit.specify +--- diff --git a/.github/prompts/speckit.tasks.prompt.md b/.github/prompts/speckit.tasks.prompt.md new file mode 100644 index 0000000..93e1f8d --- /dev/null +++ b/.github/prompts/speckit.tasks.prompt.md @@ -0,0 +1,3 @@ +--- +agent: speckit.tasks +--- diff --git a/.github/prompts/speckit.taskstoissues.prompt.md b/.github/prompts/speckit.taskstoissues.prompt.md new file mode 100644 index 0000000..aa80987 --- /dev/null +++ b/.github/prompts/speckit.taskstoissues.prompt.md @@ -0,0 +1,3 @@ +--- +agent: speckit.taskstoissues +--- diff --git a/.specify/memory/constitution.md b/.specify/memory/constitution.md new file mode 100644 index 0000000..90ddac3 --- /dev/null +++ b/.specify/memory/constitution.md @@ -0,0 +1,245 @@ +# **📘 Constitution for the Cloud-Native E-Commerce Bookstore Platform** + +**Version 1.0 (Draft for AI-Enabled, Spec-Driven Development)** + +--- + +## **1. Core Values & Architectural Principles** + +### **1.1 Cloud-Native First** + +* All components must be designed for **horizontal scalability**, **stateless compute**, and **managed cloud services**. +* Prefer serverless or containerized workloads over self-managed infrastructure. +* Minimize operational burden by adopting managed services (databases, queues, identity providers). + +### **1.2 Microservices with Clear Boundaries** + +* Each service owns a **single, cohesive domain** (e.g., Catalog, Cart, Checkout, Authentication). +* Services communicate through **well-defined APIs**; avoid implicit dependencies. +* No shared mutable database across services. + +### **1.3 API Contract Stability** + +* RESTful APIs must have: + + * Explicit versioning + * Backward-compatible evolution + * Strong schema validation +* Breaking changes require proper version rollouts. + +### **1.4 Fail-Fast, Safe-to-Fail** + +* Services should detect invalid states early and fail gracefully. +* Degradation modes must protect user experience (e.g., cached catalog if upstream fails). + +### **1.5 Test-First, Test-Always** + +* No code is merged without automated tests. +* Unit, integration, contract, and load tests are required. +* APIs require machine-readable contracts enabling automated tests. + +### **1.6 Security & Privacy by Default** + +* Zero-trust architecture. +* Enforce authentication, authorization, input validation, and output encoding. +* No PII or sensitive customer data stored without encryption in transit and at rest. + +### **1.7 Observability as a First-Class Citizen** + +* Every service emits: + + * Structured logs + * Metrics + * Traces +* SLOs and dashboards must exist before production deployment. + +--- + +## **2. System Architecture Principles** + +### **2.1 Front-End (React or modern framework)** + +* Modular components +* API-driven UI +* Progressive rendering & performance optimization +* Strong and consistent UX patterns +* Do not embed business logic in the UI layer + +### **2.2 API Gateway** + +* Single entry point for all API consumers +* Handles routing, rate limiting, request validation +* Should enforce authentication before forwarding requests + +### **2.3 Service Discovery** + +* Each service must register itself +* Health checks determine routing eligibility +* Prefer managed service discovery (cloud-native) + +### **2.4 Backend Microservices** + +* Stateless compute +* Clear ownership of business capability +* Storage abstraction: repository/persistence layer +* Domain models with explicit boundaries + +### **2.5 Data Storage** + +* Based on domain needs: SQL or NoSQL +* Services own their data +* No cross-service shared tables +* Include migration/versioning strategy + +--- + +## **3. SDLC & AI-Enabled Engineering Workflow** + +### **3.1 Spec-Driven Development** + +All code development begins with: + +1. **Business Requirements** +2. **Specification (`docs/specs/*.md`)** +3. **Plan and tasks (`docs/plan.md`, `docs/tasks.md`)** +4. **AI-assisted review and refinement** + +No coding starts without an approved spec. + +### **3.2 AI-Assisted Engineering (LLM + Spec-Driven)** + +LLM participation includes: + +* Refining specs +* Generating architecture diagrams +* Producing tasks and subtasks +* Generating boilerplate code +* Maintaining constitution compliance +* Ensuring alignment with governance + +Developers must review all generated outputs before merging. + +### **3.3 Governance Requirements** + +* Architecture decisions logged as ADRs +* No undocumented design deviations +* Constitution must guide every service and artifact + +### **3.4 Branching & Versioning** + +``` +feature/US001-short-description +feature/US002-short-description +``` + +* Semantic versioning for all APIs +* Patch → bug fixes +* Minor → backward-compatible enhancements +* Major → breaking changes + +### **3.5 CI/CD Requirements** + +* Automated lint, test, security, dependency scanning +* Branch Protection rules enforced +* Zero manual deployments to production + +--- + +## **4. Quality Gates** + +Every merge request must include: + +* Meaningful description +* Trace to user story +* Unit tests & integration tests +* API contract documentation +* Updated architecture docs when needed + +No exceptions. + +--- + +## **5. Observability & Operations** + +### **5.1 Required Telemetry** + +* Logs → structured JSON +* Metrics → latency, error rate, throughput +* Traces → service-to-service spans + +### **5.2 Error Handling & Monitoring** + +* Centralized logging +* Alerts for SLO violations +* Dead-letter queues for async failures + +--- + +## **6. Security & Compliance** + +* Validate all inputs +* Sanitize outputs +* Never trust client-side data +* Enforce least-privilege IAM + +Data Protection: + +* TLS 1.2+ +* Encryption at rest +* Regular key rotation +* Sensitive data masking + +--- + +## **7. Documentation Framework** + +### **7.1 docs/inputs/** + +Raw business requirements, diagrams, meeting notes. + +### **7.2 docs/specs/** + +AI-refined specifications (single source of truth). + +### **7.3 docs/plan/** + +High-level delivery strategy. + +### **7.4 docs/tasks/** + +User stories + task breakdown for implementation. + +### **7.5 docs/adr/** + +Architectural decisions and rationale. + +### **7.6 constitution.md** + +This file—governing everything. + +--- + +## **8. Compliance with This Constitution** + +All contributors—human and AI—must adhere to the constitution. +Deviations must be explicitly approved through an ADR process. + +--- + +## **9. Future Evolution** + +This constitution will evolve as: + +* Architecture matures +* Business requirements expand +* AI capabilities increase +* Engineering practices improve + +Revisions follow semantic versioning (e.g., 1.1, 2.0). + +--- + +Version: 1.0 | Ratified: 2025-12-08 | Last Amended: 2025-12-08 + +# **END OF CONSTITUTION (v1.0)** + diff --git a/.specify/scripts/bash/check-prerequisites.sh b/.specify/scripts/bash/check-prerequisites.sh new file mode 100755 index 0000000..98e387c --- /dev/null +++ b/.specify/scripts/bash/check-prerequisites.sh @@ -0,0 +1,166 @@ +#!/usr/bin/env bash + +# Consolidated prerequisite checking script +# +# This script provides unified prerequisite checking for Spec-Driven Development workflow. +# It replaces the functionality previously spread across multiple scripts. +# +# Usage: ./check-prerequisites.sh [OPTIONS] +# +# OPTIONS: +# --json Output in JSON format +# --require-tasks Require tasks.md to exist (for implementation phase) +# --include-tasks Include tasks.md in AVAILABLE_DOCS list +# --paths-only Only output path variables (no validation) +# --help, -h Show help message +# +# OUTPUTS: +# JSON mode: {"FEATURE_DIR":"...", "AVAILABLE_DOCS":["..."]} +# Text mode: FEATURE_DIR:... \n AVAILABLE_DOCS: \n ✓/✗ file.md +# Paths only: REPO_ROOT: ... \n BRANCH: ... \n FEATURE_DIR: ... etc. + +set -e + +# Parse command line arguments +JSON_MODE=false +REQUIRE_TASKS=false +INCLUDE_TASKS=false +PATHS_ONLY=false + +for arg in "$@"; do + case "$arg" in + --json) + JSON_MODE=true + ;; + --require-tasks) + REQUIRE_TASKS=true + ;; + --include-tasks) + INCLUDE_TASKS=true + ;; + --paths-only) + PATHS_ONLY=true + ;; + --help|-h) + cat << 'EOF' +Usage: check-prerequisites.sh [OPTIONS] + +Consolidated prerequisite checking for Spec-Driven Development workflow. + +OPTIONS: + --json Output in JSON format + --require-tasks Require tasks.md to exist (for implementation phase) + --include-tasks Include tasks.md in AVAILABLE_DOCS list + --paths-only Only output path variables (no prerequisite validation) + --help, -h Show this help message + +EXAMPLES: + # Check task prerequisites (plan.md required) + ./check-prerequisites.sh --json + + # Check implementation prerequisites (plan.md + tasks.md required) + ./check-prerequisites.sh --json --require-tasks --include-tasks + + # Get feature paths only (no validation) + ./check-prerequisites.sh --paths-only + +EOF + exit 0 + ;; + *) + echo "ERROR: Unknown option '$arg'. Use --help for usage information." >&2 + exit 1 + ;; + esac +done + +# Source common functions +SCRIPT_DIR="$(CDPATH="" cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$SCRIPT_DIR/common.sh" + +# Get feature paths and validate branch +eval $(get_feature_paths) +check_feature_branch "$CURRENT_BRANCH" "$HAS_GIT" || exit 1 + +# If paths-only mode, output paths and exit (support JSON + paths-only combined) +if $PATHS_ONLY; then + if $JSON_MODE; then + # Minimal JSON paths payload (no validation performed) + printf '{"REPO_ROOT":"%s","BRANCH":"%s","FEATURE_DIR":"%s","FEATURE_SPEC":"%s","IMPL_PLAN":"%s","TASKS":"%s"}\n' \ + "$REPO_ROOT" "$CURRENT_BRANCH" "$FEATURE_DIR" "$FEATURE_SPEC" "$IMPL_PLAN" "$TASKS" + else + echo "REPO_ROOT: $REPO_ROOT" + echo "BRANCH: $CURRENT_BRANCH" + echo "FEATURE_DIR: $FEATURE_DIR" + echo "FEATURE_SPEC: $FEATURE_SPEC" + echo "IMPL_PLAN: $IMPL_PLAN" + echo "TASKS: $TASKS" + fi + exit 0 +fi + +# Validate required directories and files +if [[ ! -d "$FEATURE_DIR" ]]; then + echo "ERROR: Feature directory not found: $FEATURE_DIR" >&2 + echo "Run /speckit.specify first to create the feature structure." >&2 + exit 1 +fi + +if [[ ! -f "$IMPL_PLAN" ]]; then + echo "ERROR: plan.md not found in $FEATURE_DIR" >&2 + echo "Run /speckit.plan first to create the implementation plan." >&2 + exit 1 +fi + +# Check for tasks.md if required +if $REQUIRE_TASKS && [[ ! -f "$TASKS" ]]; then + echo "ERROR: tasks.md not found in $FEATURE_DIR" >&2 + echo "Run /speckit.tasks first to create the task list." >&2 + exit 1 +fi + +# Build list of available documents +docs=() + +# Always check these optional docs +[[ -f "$RESEARCH" ]] && docs+=("research.md") +[[ -f "$DATA_MODEL" ]] && docs+=("data-model.md") + +# Check contracts directory (only if it exists and has files) +if [[ -d "$CONTRACTS_DIR" ]] && [[ -n "$(ls -A "$CONTRACTS_DIR" 2>/dev/null)" ]]; then + docs+=("contracts/") +fi + +[[ -f "$QUICKSTART" ]] && docs+=("quickstart.md") + +# Include tasks.md if requested and it exists +if $INCLUDE_TASKS && [[ -f "$TASKS" ]]; then + docs+=("tasks.md") +fi + +# Output results +if $JSON_MODE; then + # Build JSON array of documents + if [[ ${#docs[@]} -eq 0 ]]; then + json_docs="[]" + else + json_docs=$(printf '"%s",' "${docs[@]}") + json_docs="[${json_docs%,}]" + fi + + printf '{"FEATURE_DIR":"%s","AVAILABLE_DOCS":%s}\n' "$FEATURE_DIR" "$json_docs" +else + # Text output + echo "FEATURE_DIR:$FEATURE_DIR" + echo "AVAILABLE_DOCS:" + + # Show status of each potential document + check_file "$RESEARCH" "research.md" + check_file "$DATA_MODEL" "data-model.md" + check_dir "$CONTRACTS_DIR" "contracts/" + check_file "$QUICKSTART" "quickstart.md" + + if $INCLUDE_TASKS; then + check_file "$TASKS" "tasks.md" + fi +fi diff --git a/.specify/scripts/bash/common.sh b/.specify/scripts/bash/common.sh new file mode 100755 index 0000000..2c3165e --- /dev/null +++ b/.specify/scripts/bash/common.sh @@ -0,0 +1,156 @@ +#!/usr/bin/env bash +# Common functions and variables for all scripts + +# Get repository root, with fallback for non-git repositories +get_repo_root() { + if git rev-parse --show-toplevel >/dev/null 2>&1; then + git rev-parse --show-toplevel + else + # Fall back to script location for non-git repos + local script_dir="$(CDPATH="" cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + (cd "$script_dir/../../.." && pwd) + fi +} + +# Get current branch, with fallback for non-git repositories +get_current_branch() { + # First check if SPECIFY_FEATURE environment variable is set + if [[ -n "${SPECIFY_FEATURE:-}" ]]; then + echo "$SPECIFY_FEATURE" + return + fi + + # Then check git if available + if git rev-parse --abbrev-ref HEAD >/dev/null 2>&1; then + git rev-parse --abbrev-ref HEAD + return + fi + + # For non-git repos, try to find the latest feature directory + local repo_root=$(get_repo_root) + local specs_dir="$repo_root/specs" + + if [[ -d "$specs_dir" ]]; then + local latest_feature="" + local highest=0 + + for dir in "$specs_dir"/*; do + if [[ -d "$dir" ]]; then + local dirname=$(basename "$dir") + if [[ "$dirname" =~ ^([0-9]{3})- ]]; then + local number=${BASH_REMATCH[1]} + number=$((10#$number)) + if [[ "$number" -gt "$highest" ]]; then + highest=$number + latest_feature=$dirname + fi + fi + fi + done + + if [[ -n "$latest_feature" ]]; then + echo "$latest_feature" + return + fi + fi + + echo "main" # Final fallback +} + +# Check if we have git available +has_git() { + git rev-parse --show-toplevel >/dev/null 2>&1 +} + +check_feature_branch() { + local branch="$1" + local has_git_repo="$2" + + # For non-git repos, we can't enforce branch naming but still provide output + if [[ "$has_git_repo" != "true" ]]; then + echo "[specify] Warning: Git repository not detected; skipped branch validation" >&2 + return 0 + fi + + if [[ ! "$branch" =~ ^[0-9]{3}- ]]; then + echo "ERROR: Not on a feature branch. Current branch: $branch" >&2 + echo "Feature branches should be named like: 001-feature-name" >&2 + return 1 + fi + + return 0 +} + +get_feature_dir() { echo "$1/specs/$2"; } + +# Find feature directory by numeric prefix instead of exact branch match +# This allows multiple branches to work on the same spec (e.g., 004-fix-bug, 004-add-feature) +find_feature_dir_by_prefix() { + local repo_root="$1" + local branch_name="$2" + local specs_dir="$repo_root/specs" + + # Extract numeric prefix from branch (e.g., "004" from "004-whatever") + if [[ ! "$branch_name" =~ ^([0-9]{3})- ]]; then + # If branch doesn't have numeric prefix, fall back to exact match + echo "$specs_dir/$branch_name" + return + fi + + local prefix="${BASH_REMATCH[1]}" + + # Search for directories in specs/ that start with this prefix + local matches=() + if [[ -d "$specs_dir" ]]; then + for dir in "$specs_dir"/"$prefix"-*; do + if [[ -d "$dir" ]]; then + matches+=("$(basename "$dir")") + fi + done + fi + + # Handle results + if [[ ${#matches[@]} -eq 0 ]]; then + # No match found - return the branch name path (will fail later with clear error) + echo "$specs_dir/$branch_name" + elif [[ ${#matches[@]} -eq 1 ]]; then + # Exactly one match - perfect! + echo "$specs_dir/${matches[0]}" + else + # Multiple matches - this shouldn't happen with proper naming convention + echo "ERROR: Multiple spec directories found with prefix '$prefix': ${matches[*]}" >&2 + echo "Please ensure only one spec directory exists per numeric prefix." >&2 + echo "$specs_dir/$branch_name" # Return something to avoid breaking the script + fi +} + +get_feature_paths() { + local repo_root=$(get_repo_root) + local current_branch=$(get_current_branch) + local has_git_repo="false" + + if has_git; then + has_git_repo="true" + fi + + # Use prefix-based lookup to support multiple branches per spec + local feature_dir=$(find_feature_dir_by_prefix "$repo_root" "$current_branch") + + cat <<EOF +REPO_ROOT='$repo_root' +CURRENT_BRANCH='$current_branch' +HAS_GIT='$has_git_repo' +FEATURE_DIR='$feature_dir' +FEATURE_SPEC='$feature_dir/spec.md' +IMPL_PLAN='$feature_dir/plan.md' +TASKS='$feature_dir/tasks.md' +RESEARCH='$feature_dir/research.md' +DATA_MODEL='$feature_dir/data-model.md' +QUICKSTART='$feature_dir/quickstart.md' +CONTRACTS_DIR='$feature_dir/contracts' +EOF +} + +check_file() { [[ -f "$1" ]] && echo " ✓ $2" || echo " ✗ $2"; } +check_dir() { [[ -d "$1" && -n $(ls -A "$1" 2>/dev/null) ]] && echo " ✓ $2" || echo " ✗ $2"; } + diff --git a/.specify/scripts/bash/create-new-feature.sh b/.specify/scripts/bash/create-new-feature.sh new file mode 100755 index 0000000..c40cfd7 --- /dev/null +++ b/.specify/scripts/bash/create-new-feature.sh @@ -0,0 +1,297 @@ +#!/usr/bin/env bash + +set -e + +JSON_MODE=false +SHORT_NAME="" +BRANCH_NUMBER="" +ARGS=() +i=1 +while [ $i -le $# ]; do + arg="${!i}" + case "$arg" in + --json) + JSON_MODE=true + ;; + --short-name) + if [ $((i + 1)) -gt $# ]; then + echo 'Error: --short-name requires a value' >&2 + exit 1 + fi + i=$((i + 1)) + next_arg="${!i}" + # Check if the next argument is another option (starts with --) + if [[ "$next_arg" == --* ]]; then + echo 'Error: --short-name requires a value' >&2 + exit 1 + fi + SHORT_NAME="$next_arg" + ;; + --number) + if [ $((i + 1)) -gt $# ]; then + echo 'Error: --number requires a value' >&2 + exit 1 + fi + i=$((i + 1)) + next_arg="${!i}" + if [[ "$next_arg" == --* ]]; then + echo 'Error: --number requires a value' >&2 + exit 1 + fi + BRANCH_NUMBER="$next_arg" + ;; + --help|-h) + echo "Usage: $0 [--json] [--short-name <name>] [--number N] <feature_description>" + echo "" + echo "Options:" + echo " --json Output in JSON format" + echo " --short-name <name> Provide a custom short name (2-4 words) for the branch" + echo " --number N Specify branch number manually (overrides auto-detection)" + echo " --help, -h Show this help message" + echo "" + echo "Examples:" + echo " $0 'Add user authentication system' --short-name 'user-auth'" + echo " $0 'Implement OAuth2 integration for API' --number 5" + exit 0 + ;; + *) + ARGS+=("$arg") + ;; + esac + i=$((i + 1)) +done + +FEATURE_DESCRIPTION="${ARGS[*]}" +if [ -z "$FEATURE_DESCRIPTION" ]; then + echo "Usage: $0 [--json] [--short-name <name>] [--number N] <feature_description>" >&2 + exit 1 +fi + +# Function to find the repository root by searching for existing project markers +find_repo_root() { + local dir="$1" + while [ "$dir" != "/" ]; do + if [ -d "$dir/.git" ] || [ -d "$dir/.specify" ]; then + echo "$dir" + return 0 + fi + dir="$(dirname "$dir")" + done + return 1 +} + +# Function to get highest number from specs directory +get_highest_from_specs() { + local specs_dir="$1" + local highest=0 + + if [ -d "$specs_dir" ]; then + for dir in "$specs_dir"/*; do + [ -d "$dir" ] || continue + dirname=$(basename "$dir") + number=$(echo "$dirname" | grep -o '^[0-9]\+' || echo "0") + number=$((10#$number)) + if [ "$number" -gt "$highest" ]; then + highest=$number + fi + done + fi + + echo "$highest" +} + +# Function to get highest number from git branches +get_highest_from_branches() { + local highest=0 + + # Get all branches (local and remote) + branches=$(git branch -a 2>/dev/null || echo "") + + if [ -n "$branches" ]; then + while IFS= read -r branch; do + # Clean branch name: remove leading markers and remote prefixes + clean_branch=$(echo "$branch" | sed 's/^[* ]*//; s|^remotes/[^/]*/||') + + # Extract feature number if branch matches pattern ###-* + if echo "$clean_branch" | grep -q '^[0-9]\{3\}-'; then + number=$(echo "$clean_branch" | grep -o '^[0-9]\{3\}' || echo "0") + number=$((10#$number)) + if [ "$number" -gt "$highest" ]; then + highest=$number + fi + fi + done <<< "$branches" + fi + + echo "$highest" +} + +# Function to check existing branches (local and remote) and return next available number +check_existing_branches() { + local specs_dir="$1" + + # Fetch all remotes to get latest branch info (suppress errors if no remotes) + git fetch --all --prune 2>/dev/null || true + + # Get highest number from ALL branches (not just matching short name) + local highest_branch=$(get_highest_from_branches) + + # Get highest number from ALL specs (not just matching short name) + local highest_spec=$(get_highest_from_specs "$specs_dir") + + # Take the maximum of both + local max_num=$highest_branch + if [ "$highest_spec" -gt "$max_num" ]; then + max_num=$highest_spec + fi + + # Return next number + echo $((max_num + 1)) +} + +# Function to clean and format a branch name +clean_branch_name() { + local name="$1" + echo "$name" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g' | sed 's/-\+/-/g' | sed 's/^-//' | sed 's/-$//' +} + +# Resolve repository root. Prefer git information when available, but fall back +# to searching for repository markers so the workflow still functions in repositories that +# were initialised with --no-git. +SCRIPT_DIR="$(CDPATH="" cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +if git rev-parse --show-toplevel >/dev/null 2>&1; then + REPO_ROOT=$(git rev-parse --show-toplevel) + HAS_GIT=true +else + REPO_ROOT="$(find_repo_root "$SCRIPT_DIR")" + if [ -z "$REPO_ROOT" ]; then + echo "Error: Could not determine repository root. Please run this script from within the repository." >&2 + exit 1 + fi + HAS_GIT=false +fi + +cd "$REPO_ROOT" + +SPECS_DIR="$REPO_ROOT/specs" +mkdir -p "$SPECS_DIR" + +# Function to generate branch name with stop word filtering and length filtering +generate_branch_name() { + local description="$1" + + # Common stop words to filter out + local stop_words="^(i|a|an|the|to|for|of|in|on|at|by|with|from|is|are|was|were|be|been|being|have|has|had|do|does|did|will|would|should|could|can|may|might|must|shall|this|that|these|those|my|your|our|their|want|need|add|get|set)$" + + # Convert to lowercase and split into words + local clean_name=$(echo "$description" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/ /g') + + # Filter words: remove stop words and words shorter than 3 chars (unless they're uppercase acronyms in original) + local meaningful_words=() + for word in $clean_name; do + # Skip empty words + [ -z "$word" ] && continue + + # Keep words that are NOT stop words AND (length >= 3 OR are potential acronyms) + if ! echo "$word" | grep -qiE "$stop_words"; then + if [ ${#word} -ge 3 ]; then + meaningful_words+=("$word") + elif echo "$description" | grep -q "\b${word^^}\b"; then + # Keep short words if they appear as uppercase in original (likely acronyms) + meaningful_words+=("$word") + fi + fi + done + + # If we have meaningful words, use first 3-4 of them + if [ ${#meaningful_words[@]} -gt 0 ]; then + local max_words=3 + if [ ${#meaningful_words[@]} -eq 4 ]; then max_words=4; fi + + local result="" + local count=0 + for word in "${meaningful_words[@]}"; do + if [ $count -ge $max_words ]; then break; fi + if [ -n "$result" ]; then result="$result-"; fi + result="$result$word" + count=$((count + 1)) + done + echo "$result" + else + # Fallback to original logic if no meaningful words found + local cleaned=$(clean_branch_name "$description") + echo "$cleaned" | tr '-' '\n' | grep -v '^$' | head -3 | tr '\n' '-' | sed 's/-$//' + fi +} + +# Generate branch name +if [ -n "$SHORT_NAME" ]; then + # Use provided short name, just clean it up + BRANCH_SUFFIX=$(clean_branch_name "$SHORT_NAME") +else + # Generate from description with smart filtering + BRANCH_SUFFIX=$(generate_branch_name "$FEATURE_DESCRIPTION") +fi + +# Determine branch number +if [ -z "$BRANCH_NUMBER" ]; then + if [ "$HAS_GIT" = true ]; then + # Check existing branches on remotes + BRANCH_NUMBER=$(check_existing_branches "$SPECS_DIR") + else + # Fall back to local directory check + HIGHEST=$(get_highest_from_specs "$SPECS_DIR") + BRANCH_NUMBER=$((HIGHEST + 1)) + fi +fi + +# Force base-10 interpretation to prevent octal conversion (e.g., 010 → 8 in octal, but should be 10 in decimal) +FEATURE_NUM=$(printf "%03d" "$((10#$BRANCH_NUMBER))") +BRANCH_NAME="${FEATURE_NUM}-${BRANCH_SUFFIX}" + +# GitHub enforces a 244-byte limit on branch names +# Validate and truncate if necessary +MAX_BRANCH_LENGTH=244 +if [ ${#BRANCH_NAME} -gt $MAX_BRANCH_LENGTH ]; then + # Calculate how much we need to trim from suffix + # Account for: feature number (3) + hyphen (1) = 4 chars + MAX_SUFFIX_LENGTH=$((MAX_BRANCH_LENGTH - 4)) + + # Truncate suffix at word boundary if possible + TRUNCATED_SUFFIX=$(echo "$BRANCH_SUFFIX" | cut -c1-$MAX_SUFFIX_LENGTH) + # Remove trailing hyphen if truncation created one + TRUNCATED_SUFFIX=$(echo "$TRUNCATED_SUFFIX" | sed 's/-$//') + + ORIGINAL_BRANCH_NAME="$BRANCH_NAME" + BRANCH_NAME="${FEATURE_NUM}-${TRUNCATED_SUFFIX}" + + >&2 echo "[specify] Warning: Branch name exceeded GitHub's 244-byte limit" + >&2 echo "[specify] Original: $ORIGINAL_BRANCH_NAME (${#ORIGINAL_BRANCH_NAME} bytes)" + >&2 echo "[specify] Truncated to: $BRANCH_NAME (${#BRANCH_NAME} bytes)" +fi + +if [ "$HAS_GIT" = true ]; then + git checkout -b "$BRANCH_NAME" +else + >&2 echo "[specify] Warning: Git repository not detected; skipped branch creation for $BRANCH_NAME" +fi + +FEATURE_DIR="$SPECS_DIR/$BRANCH_NAME" +mkdir -p "$FEATURE_DIR" + +TEMPLATE="$REPO_ROOT/.specify/templates/spec-template.md" +SPEC_FILE="$FEATURE_DIR/spec.md" +if [ -f "$TEMPLATE" ]; then cp "$TEMPLATE" "$SPEC_FILE"; else touch "$SPEC_FILE"; fi + +# Set the SPECIFY_FEATURE environment variable for the current session +export SPECIFY_FEATURE="$BRANCH_NAME" + +if $JSON_MODE; then + printf '{"BRANCH_NAME":"%s","SPEC_FILE":"%s","FEATURE_NUM":"%s"}\n' "$BRANCH_NAME" "$SPEC_FILE" "$FEATURE_NUM" +else + echo "BRANCH_NAME: $BRANCH_NAME" + echo "SPEC_FILE: $SPEC_FILE" + echo "FEATURE_NUM: $FEATURE_NUM" + echo "SPECIFY_FEATURE environment variable set to: $BRANCH_NAME" +fi diff --git a/.specify/scripts/bash/setup-plan.sh b/.specify/scripts/bash/setup-plan.sh new file mode 100755 index 0000000..d01c6d6 --- /dev/null +++ b/.specify/scripts/bash/setup-plan.sh @@ -0,0 +1,61 @@ +#!/usr/bin/env bash + +set -e + +# Parse command line arguments +JSON_MODE=false +ARGS=() + +for arg in "$@"; do + case "$arg" in + --json) + JSON_MODE=true + ;; + --help|-h) + echo "Usage: $0 [--json]" + echo " --json Output results in JSON format" + echo " --help Show this help message" + exit 0 + ;; + *) + ARGS+=("$arg") + ;; + esac +done + +# Get script directory and load common functions +SCRIPT_DIR="$(CDPATH="" cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$SCRIPT_DIR/common.sh" + +# Get all paths and variables from common functions +eval $(get_feature_paths) + +# Check if we're on a proper feature branch (only for git repos) +check_feature_branch "$CURRENT_BRANCH" "$HAS_GIT" || exit 1 + +# Ensure the feature directory exists +mkdir -p "$FEATURE_DIR" + +# Copy plan template if it exists +TEMPLATE="$REPO_ROOT/.specify/templates/plan-template.md" +if [[ -f "$TEMPLATE" ]]; then + cp "$TEMPLATE" "$IMPL_PLAN" + echo "Copied plan template to $IMPL_PLAN" +else + echo "Warning: Plan template not found at $TEMPLATE" + # Create a basic plan file if template doesn't exist + touch "$IMPL_PLAN" +fi + +# Output results +if $JSON_MODE; then + printf '{"FEATURE_SPEC":"%s","IMPL_PLAN":"%s","SPECS_DIR":"%s","BRANCH":"%s","HAS_GIT":"%s"}\n' \ + "$FEATURE_SPEC" "$IMPL_PLAN" "$FEATURE_DIR" "$CURRENT_BRANCH" "$HAS_GIT" +else + echo "FEATURE_SPEC: $FEATURE_SPEC" + echo "IMPL_PLAN: $IMPL_PLAN" + echo "SPECS_DIR: $FEATURE_DIR" + echo "BRANCH: $CURRENT_BRANCH" + echo "HAS_GIT: $HAS_GIT" +fi + diff --git a/.specify/scripts/bash/update-agent-context.sh b/.specify/scripts/bash/update-agent-context.sh new file mode 100755 index 0000000..6d3e0b3 --- /dev/null +++ b/.specify/scripts/bash/update-agent-context.sh @@ -0,0 +1,799 @@ +#!/usr/bin/env bash + +# Update agent context files with information from plan.md +# +# This script maintains AI agent context files by parsing feature specifications +# and updating agent-specific configuration files with project information. +# +# MAIN FUNCTIONS: +# 1. Environment Validation +# - Verifies git repository structure and branch information +# - Checks for required plan.md files and templates +# - Validates file permissions and accessibility +# +# 2. Plan Data Extraction +# - Parses plan.md files to extract project metadata +# - Identifies language/version, frameworks, databases, and project types +# - Handles missing or incomplete specification data gracefully +# +# 3. Agent File Management +# - Creates new agent context files from templates when needed +# - Updates existing agent files with new project information +# - Preserves manual additions and custom configurations +# - Supports multiple AI agent formats and directory structures +# +# 4. Content Generation +# - Generates language-specific build/test commands +# - Creates appropriate project directory structures +# - Updates technology stacks and recent changes sections +# - Maintains consistent formatting and timestamps +# +# 5. Multi-Agent Support +# - Handles agent-specific file paths and naming conventions +# - Supports: Claude, Gemini, Copilot, Cursor, Qwen, opencode, Codex, Windsurf, Kilo Code, Auggie CLI, Roo Code, CodeBuddy CLI, Qoder CLI, Amp, SHAI, or Amazon Q Developer CLI +# - Can update single agents or all existing agent files +# - Creates default Claude file if no agent files exist +# +# Usage: ./update-agent-context.sh [agent_type] +# Agent types: claude|gemini|copilot|cursor-agent|qwen|opencode|codex|windsurf|kilocode|auggie|shai|q|bob|qoder +# Leave empty to update all existing agent files + +set -e + +# Enable strict error handling +set -u +set -o pipefail + +#============================================================================== +# Configuration and Global Variables +#============================================================================== + +# Get script directory and load common functions +SCRIPT_DIR="$(CDPATH="" cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$SCRIPT_DIR/common.sh" + +# Get all paths and variables from common functions +eval $(get_feature_paths) + +NEW_PLAN="$IMPL_PLAN" # Alias for compatibility with existing code +AGENT_TYPE="${1:-}" + +# Agent-specific file paths +CLAUDE_FILE="$REPO_ROOT/CLAUDE.md" +GEMINI_FILE="$REPO_ROOT/GEMINI.md" +COPILOT_FILE="$REPO_ROOT/.github/agents/copilot-instructions.md" +CURSOR_FILE="$REPO_ROOT/.cursor/rules/specify-rules.mdc" +QWEN_FILE="$REPO_ROOT/QWEN.md" +AGENTS_FILE="$REPO_ROOT/AGENTS.md" +WINDSURF_FILE="$REPO_ROOT/.windsurf/rules/specify-rules.md" +KILOCODE_FILE="$REPO_ROOT/.kilocode/rules/specify-rules.md" +AUGGIE_FILE="$REPO_ROOT/.augment/rules/specify-rules.md" +ROO_FILE="$REPO_ROOT/.roo/rules/specify-rules.md" +CODEBUDDY_FILE="$REPO_ROOT/CODEBUDDY.md" +QODER_FILE="$REPO_ROOT/QODER.md" +AMP_FILE="$REPO_ROOT/AGENTS.md" +SHAI_FILE="$REPO_ROOT/SHAI.md" +Q_FILE="$REPO_ROOT/AGENTS.md" +BOB_FILE="$REPO_ROOT/AGENTS.md" + +# Template file +TEMPLATE_FILE="$REPO_ROOT/.specify/templates/agent-file-template.md" + +# Global variables for parsed plan data +NEW_LANG="" +NEW_FRAMEWORK="" +NEW_DB="" +NEW_PROJECT_TYPE="" + +#============================================================================== +# Utility Functions +#============================================================================== + +log_info() { + echo "INFO: $1" +} + +log_success() { + echo "✓ $1" +} + +log_error() { + echo "ERROR: $1" >&2 +} + +log_warning() { + echo "WARNING: $1" >&2 +} + +# Cleanup function for temporary files +cleanup() { + local exit_code=$? + rm -f /tmp/agent_update_*_$$ + rm -f /tmp/manual_additions_$$ + exit $exit_code +} + +# Set up cleanup trap +trap cleanup EXIT INT TERM + +#============================================================================== +# Validation Functions +#============================================================================== + +validate_environment() { + # Check if we have a current branch/feature (git or non-git) + if [[ -z "$CURRENT_BRANCH" ]]; then + log_error "Unable to determine current feature" + if [[ "$HAS_GIT" == "true" ]]; then + log_info "Make sure you're on a feature branch" + else + log_info "Set SPECIFY_FEATURE environment variable or create a feature first" + fi + exit 1 + fi + + # Check if plan.md exists + if [[ ! -f "$NEW_PLAN" ]]; then + log_error "No plan.md found at $NEW_PLAN" + log_info "Make sure you're working on a feature with a corresponding spec directory" + if [[ "$HAS_GIT" != "true" ]]; then + log_info "Use: export SPECIFY_FEATURE=your-feature-name or create a new feature first" + fi + exit 1 + fi + + # Check if template exists (needed for new files) + if [[ ! -f "$TEMPLATE_FILE" ]]; then + log_warning "Template file not found at $TEMPLATE_FILE" + log_warning "Creating new agent files will fail" + fi +} + +#============================================================================== +# Plan Parsing Functions +#============================================================================== + +extract_plan_field() { + local field_pattern="$1" + local plan_file="$2" + + grep "^\*\*${field_pattern}\*\*: " "$plan_file" 2>/dev/null | \ + head -1 | \ + sed "s|^\*\*${field_pattern}\*\*: ||" | \ + sed 's/^[ \t]*//;s/[ \t]*$//' | \ + grep -v "NEEDS CLARIFICATION" | \ + grep -v "^N/A$" || echo "" +} + +parse_plan_data() { + local plan_file="$1" + + if [[ ! -f "$plan_file" ]]; then + log_error "Plan file not found: $plan_file" + return 1 + fi + + if [[ ! -r "$plan_file" ]]; then + log_error "Plan file is not readable: $plan_file" + return 1 + fi + + log_info "Parsing plan data from $plan_file" + + NEW_LANG=$(extract_plan_field "Language/Version" "$plan_file") + NEW_FRAMEWORK=$(extract_plan_field "Primary Dependencies" "$plan_file") + NEW_DB=$(extract_plan_field "Storage" "$plan_file") + NEW_PROJECT_TYPE=$(extract_plan_field "Project Type" "$plan_file") + + # Log what we found + if [[ -n "$NEW_LANG" ]]; then + log_info "Found language: $NEW_LANG" + else + log_warning "No language information found in plan" + fi + + if [[ -n "$NEW_FRAMEWORK" ]]; then + log_info "Found framework: $NEW_FRAMEWORK" + fi + + if [[ -n "$NEW_DB" ]] && [[ "$NEW_DB" != "N/A" ]]; then + log_info "Found database: $NEW_DB" + fi + + if [[ -n "$NEW_PROJECT_TYPE" ]]; then + log_info "Found project type: $NEW_PROJECT_TYPE" + fi +} + +format_technology_stack() { + local lang="$1" + local framework="$2" + local parts=() + + # Add non-empty parts + [[ -n "$lang" && "$lang" != "NEEDS CLARIFICATION" ]] && parts+=("$lang") + [[ -n "$framework" && "$framework" != "NEEDS CLARIFICATION" && "$framework" != "N/A" ]] && parts+=("$framework") + + # Join with proper formatting + if [[ ${#parts[@]} -eq 0 ]]; then + echo "" + elif [[ ${#parts[@]} -eq 1 ]]; then + echo "${parts[0]}" + else + # Join multiple parts with " + " + local result="${parts[0]}" + for ((i=1; i<${#parts[@]}; i++)); do + result="$result + ${parts[i]}" + done + echo "$result" + fi +} + +#============================================================================== +# Template and Content Generation Functions +#============================================================================== + +get_project_structure() { + local project_type="$1" + + if [[ "$project_type" == *"web"* ]]; then + echo "backend/\\nfrontend/\\ntests/" + else + echo "src/\\ntests/" + fi +} + +get_commands_for_language() { + local lang="$1" + + case "$lang" in + *"Python"*) + echo "cd src && pytest && ruff check ." + ;; + *"Rust"*) + echo "cargo test && cargo clippy" + ;; + *"JavaScript"*|*"TypeScript"*) + echo "npm test \\&\\& npm run lint" + ;; + *) + echo "# Add commands for $lang" + ;; + esac +} + +get_language_conventions() { + local lang="$1" + echo "$lang: Follow standard conventions" +} + +create_new_agent_file() { + local target_file="$1" + local temp_file="$2" + local project_name="$3" + local current_date="$4" + + if [[ ! -f "$TEMPLATE_FILE" ]]; then + log_error "Template not found at $TEMPLATE_FILE" + return 1 + fi + + if [[ ! -r "$TEMPLATE_FILE" ]]; then + log_error "Template file is not readable: $TEMPLATE_FILE" + return 1 + fi + + log_info "Creating new agent context file from template..." + + if ! cp "$TEMPLATE_FILE" "$temp_file"; then + log_error "Failed to copy template file" + return 1 + fi + + # Replace template placeholders + local project_structure + project_structure=$(get_project_structure "$NEW_PROJECT_TYPE") + + local commands + commands=$(get_commands_for_language "$NEW_LANG") + + local language_conventions + language_conventions=$(get_language_conventions "$NEW_LANG") + + # Perform substitutions with error checking using safer approach + # Escape special characters for sed by using a different delimiter or escaping + local escaped_lang=$(printf '%s\n' "$NEW_LANG" | sed 's/[\[\.*^$()+{}|]/\\&/g') + local escaped_framework=$(printf '%s\n' "$NEW_FRAMEWORK" | sed 's/[\[\.*^$()+{}|]/\\&/g') + local escaped_branch=$(printf '%s\n' "$CURRENT_BRANCH" | sed 's/[\[\.*^$()+{}|]/\\&/g') + + # Build technology stack and recent change strings conditionally + local tech_stack + if [[ -n "$escaped_lang" && -n "$escaped_framework" ]]; then + tech_stack="- $escaped_lang + $escaped_framework ($escaped_branch)" + elif [[ -n "$escaped_lang" ]]; then + tech_stack="- $escaped_lang ($escaped_branch)" + elif [[ -n "$escaped_framework" ]]; then + tech_stack="- $escaped_framework ($escaped_branch)" + else + tech_stack="- ($escaped_branch)" + fi + + local recent_change + if [[ -n "$escaped_lang" && -n "$escaped_framework" ]]; then + recent_change="- $escaped_branch: Added $escaped_lang + $escaped_framework" + elif [[ -n "$escaped_lang" ]]; then + recent_change="- $escaped_branch: Added $escaped_lang" + elif [[ -n "$escaped_framework" ]]; then + recent_change="- $escaped_branch: Added $escaped_framework" + else + recent_change="- $escaped_branch: Added" + fi + + local substitutions=( + "s|\[PROJECT NAME\]|$project_name|" + "s|\[DATE\]|$current_date|" + "s|\[EXTRACTED FROM ALL PLAN.MD FILES\]|$tech_stack|" + "s|\[ACTUAL STRUCTURE FROM PLANS\]|$project_structure|g" + "s|\[ONLY COMMANDS FOR ACTIVE TECHNOLOGIES\]|$commands|" + "s|\[LANGUAGE-SPECIFIC, ONLY FOR LANGUAGES IN USE\]|$language_conventions|" + "s|\[LAST 3 FEATURES AND WHAT THEY ADDED\]|$recent_change|" + ) + + for substitution in "${substitutions[@]}"; do + if ! sed -i.bak -e "$substitution" "$temp_file"; then + log_error "Failed to perform substitution: $substitution" + rm -f "$temp_file" "$temp_file.bak" + return 1 + fi + done + + # Convert \n sequences to actual newlines + newline=$(printf '\n') + sed -i.bak2 "s/\\\\n/${newline}/g" "$temp_file" + + # Clean up backup files + rm -f "$temp_file.bak" "$temp_file.bak2" + + return 0 +} + + + + +update_existing_agent_file() { + local target_file="$1" + local current_date="$2" + + log_info "Updating existing agent context file..." + + # Use a single temporary file for atomic update + local temp_file + temp_file=$(mktemp) || { + log_error "Failed to create temporary file" + return 1 + } + + # Process the file in one pass + local tech_stack=$(format_technology_stack "$NEW_LANG" "$NEW_FRAMEWORK") + local new_tech_entries=() + local new_change_entry="" + + # Prepare new technology entries + if [[ -n "$tech_stack" ]] && ! grep -q "$tech_stack" "$target_file"; then + new_tech_entries+=("- $tech_stack ($CURRENT_BRANCH)") + fi + + if [[ -n "$NEW_DB" ]] && [[ "$NEW_DB" != "N/A" ]] && [[ "$NEW_DB" != "NEEDS CLARIFICATION" ]] && ! grep -q "$NEW_DB" "$target_file"; then + new_tech_entries+=("- $NEW_DB ($CURRENT_BRANCH)") + fi + + # Prepare new change entry + if [[ -n "$tech_stack" ]]; then + new_change_entry="- $CURRENT_BRANCH: Added $tech_stack" + elif [[ -n "$NEW_DB" ]] && [[ "$NEW_DB" != "N/A" ]] && [[ "$NEW_DB" != "NEEDS CLARIFICATION" ]]; then + new_change_entry="- $CURRENT_BRANCH: Added $NEW_DB" + fi + + # Check if sections exist in the file + local has_active_technologies=0 + local has_recent_changes=0 + + if grep -q "^## Active Technologies" "$target_file" 2>/dev/null; then + has_active_technologies=1 + fi + + if grep -q "^## Recent Changes" "$target_file" 2>/dev/null; then + has_recent_changes=1 + fi + + # Process file line by line + local in_tech_section=false + local in_changes_section=false + local tech_entries_added=false + local changes_entries_added=false + local existing_changes_count=0 + local file_ended=false + + while IFS= read -r line || [[ -n "$line" ]]; do + # Handle Active Technologies section + if [[ "$line" == "## Active Technologies" ]]; then + echo "$line" >> "$temp_file" + in_tech_section=true + continue + elif [[ $in_tech_section == true ]] && [[ "$line" =~ ^##[[:space:]] ]]; then + # Add new tech entries before closing the section + if [[ $tech_entries_added == false ]] && [[ ${#new_tech_entries[@]} -gt 0 ]]; then + printf '%s\n' "${new_tech_entries[@]}" >> "$temp_file" + tech_entries_added=true + fi + echo "$line" >> "$temp_file" + in_tech_section=false + continue + elif [[ $in_tech_section == true ]] && [[ -z "$line" ]]; then + # Add new tech entries before empty line in tech section + if [[ $tech_entries_added == false ]] && [[ ${#new_tech_entries[@]} -gt 0 ]]; then + printf '%s\n' "${new_tech_entries[@]}" >> "$temp_file" + tech_entries_added=true + fi + echo "$line" >> "$temp_file" + continue + fi + + # Handle Recent Changes section + if [[ "$line" == "## Recent Changes" ]]; then + echo "$line" >> "$temp_file" + # Add new change entry right after the heading + if [[ -n "$new_change_entry" ]]; then + echo "$new_change_entry" >> "$temp_file" + fi + in_changes_section=true + changes_entries_added=true + continue + elif [[ $in_changes_section == true ]] && [[ "$line" =~ ^##[[:space:]] ]]; then + echo "$line" >> "$temp_file" + in_changes_section=false + continue + elif [[ $in_changes_section == true ]] && [[ "$line" == "- "* ]]; then + # Keep only first 2 existing changes + if [[ $existing_changes_count -lt 2 ]]; then + echo "$line" >> "$temp_file" + ((existing_changes_count++)) + fi + continue + fi + + # Update timestamp + if [[ "$line" =~ \*\*Last\ updated\*\*:.*[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] ]]; then + echo "$line" | sed "s/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]/$current_date/" >> "$temp_file" + else + echo "$line" >> "$temp_file" + fi + done < "$target_file" + + # Post-loop check: if we're still in the Active Technologies section and haven't added new entries + if [[ $in_tech_section == true ]] && [[ $tech_entries_added == false ]] && [[ ${#new_tech_entries[@]} -gt 0 ]]; then + printf '%s\n' "${new_tech_entries[@]}" >> "$temp_file" + tech_entries_added=true + fi + + # If sections don't exist, add them at the end of the file + if [[ $has_active_technologies -eq 0 ]] && [[ ${#new_tech_entries[@]} -gt 0 ]]; then + echo "" >> "$temp_file" + echo "## Active Technologies" >> "$temp_file" + printf '%s\n' "${new_tech_entries[@]}" >> "$temp_file" + tech_entries_added=true + fi + + if [[ $has_recent_changes -eq 0 ]] && [[ -n "$new_change_entry" ]]; then + echo "" >> "$temp_file" + echo "## Recent Changes" >> "$temp_file" + echo "$new_change_entry" >> "$temp_file" + changes_entries_added=true + fi + + # Move temp file to target atomically + if ! mv "$temp_file" "$target_file"; then + log_error "Failed to update target file" + rm -f "$temp_file" + return 1 + fi + + return 0 +} +#============================================================================== +# Main Agent File Update Function +#============================================================================== + +update_agent_file() { + local target_file="$1" + local agent_name="$2" + + if [[ -z "$target_file" ]] || [[ -z "$agent_name" ]]; then + log_error "update_agent_file requires target_file and agent_name parameters" + return 1 + fi + + log_info "Updating $agent_name context file: $target_file" + + local project_name + project_name=$(basename "$REPO_ROOT") + local current_date + current_date=$(date +%Y-%m-%d) + + # Create directory if it doesn't exist + local target_dir + target_dir=$(dirname "$target_file") + if [[ ! -d "$target_dir" ]]; then + if ! mkdir -p "$target_dir"; then + log_error "Failed to create directory: $target_dir" + return 1 + fi + fi + + if [[ ! -f "$target_file" ]]; then + # Create new file from template + local temp_file + temp_file=$(mktemp) || { + log_error "Failed to create temporary file" + return 1 + } + + if create_new_agent_file "$target_file" "$temp_file" "$project_name" "$current_date"; then + if mv "$temp_file" "$target_file"; then + log_success "Created new $agent_name context file" + else + log_error "Failed to move temporary file to $target_file" + rm -f "$temp_file" + return 1 + fi + else + log_error "Failed to create new agent file" + rm -f "$temp_file" + return 1 + fi + else + # Update existing file + if [[ ! -r "$target_file" ]]; then + log_error "Cannot read existing file: $target_file" + return 1 + fi + + if [[ ! -w "$target_file" ]]; then + log_error "Cannot write to existing file: $target_file" + return 1 + fi + + if update_existing_agent_file "$target_file" "$current_date"; then + log_success "Updated existing $agent_name context file" + else + log_error "Failed to update existing agent file" + return 1 + fi + fi + + return 0 +} + +#============================================================================== +# Agent Selection and Processing +#============================================================================== + +update_specific_agent() { + local agent_type="$1" + + case "$agent_type" in + claude) + update_agent_file "$CLAUDE_FILE" "Claude Code" + ;; + gemini) + update_agent_file "$GEMINI_FILE" "Gemini CLI" + ;; + copilot) + update_agent_file "$COPILOT_FILE" "GitHub Copilot" + ;; + cursor-agent) + update_agent_file "$CURSOR_FILE" "Cursor IDE" + ;; + qwen) + update_agent_file "$QWEN_FILE" "Qwen Code" + ;; + opencode) + update_agent_file "$AGENTS_FILE" "opencode" + ;; + codex) + update_agent_file "$AGENTS_FILE" "Codex CLI" + ;; + windsurf) + update_agent_file "$WINDSURF_FILE" "Windsurf" + ;; + kilocode) + update_agent_file "$KILOCODE_FILE" "Kilo Code" + ;; + auggie) + update_agent_file "$AUGGIE_FILE" "Auggie CLI" + ;; + roo) + update_agent_file "$ROO_FILE" "Roo Code" + ;; + codebuddy) + update_agent_file "$CODEBUDDY_FILE" "CodeBuddy CLI" + ;; + qoder) + update_agent_file "$QODER_FILE" "Qoder CLI" + ;; + amp) + update_agent_file "$AMP_FILE" "Amp" + ;; + shai) + update_agent_file "$SHAI_FILE" "SHAI" + ;; + q) + update_agent_file "$Q_FILE" "Amazon Q Developer CLI" + ;; + bob) + update_agent_file "$BOB_FILE" "IBM Bob" + ;; + *) + log_error "Unknown agent type '$agent_type'" + log_error "Expected: claude|gemini|copilot|cursor-agent|qwen|opencode|codex|windsurf|kilocode|auggie|roo|amp|shai|q|bob|qoder" + exit 1 + ;; + esac +} + +update_all_existing_agents() { + local found_agent=false + + # Check each possible agent file and update if it exists + if [[ -f "$CLAUDE_FILE" ]]; then + update_agent_file "$CLAUDE_FILE" "Claude Code" + found_agent=true + fi + + if [[ -f "$GEMINI_FILE" ]]; then + update_agent_file "$GEMINI_FILE" "Gemini CLI" + found_agent=true + fi + + if [[ -f "$COPILOT_FILE" ]]; then + update_agent_file "$COPILOT_FILE" "GitHub Copilot" + found_agent=true + fi + + if [[ -f "$CURSOR_FILE" ]]; then + update_agent_file "$CURSOR_FILE" "Cursor IDE" + found_agent=true + fi + + if [[ -f "$QWEN_FILE" ]]; then + update_agent_file "$QWEN_FILE" "Qwen Code" + found_agent=true + fi + + if [[ -f "$AGENTS_FILE" ]]; then + update_agent_file "$AGENTS_FILE" "Codex/opencode" + found_agent=true + fi + + if [[ -f "$WINDSURF_FILE" ]]; then + update_agent_file "$WINDSURF_FILE" "Windsurf" + found_agent=true + fi + + if [[ -f "$KILOCODE_FILE" ]]; then + update_agent_file "$KILOCODE_FILE" "Kilo Code" + found_agent=true + fi + + if [[ -f "$AUGGIE_FILE" ]]; then + update_agent_file "$AUGGIE_FILE" "Auggie CLI" + found_agent=true + fi + + if [[ -f "$ROO_FILE" ]]; then + update_agent_file "$ROO_FILE" "Roo Code" + found_agent=true + fi + + if [[ -f "$CODEBUDDY_FILE" ]]; then + update_agent_file "$CODEBUDDY_FILE" "CodeBuddy CLI" + found_agent=true + fi + + if [[ -f "$SHAI_FILE" ]]; then + update_agent_file "$SHAI_FILE" "SHAI" + found_agent=true + fi + + if [[ -f "$QODER_FILE" ]]; then + update_agent_file "$QODER_FILE" "Qoder CLI" + found_agent=true + fi + + if [[ -f "$Q_FILE" ]]; then + update_agent_file "$Q_FILE" "Amazon Q Developer CLI" + found_agent=true + fi + + if [[ -f "$BOB_FILE" ]]; then + update_agent_file "$BOB_FILE" "IBM Bob" + found_agent=true + fi + + # If no agent files exist, create a default Claude file + if [[ "$found_agent" == false ]]; then + log_info "No existing agent files found, creating default Claude file..." + update_agent_file "$CLAUDE_FILE" "Claude Code" + fi +} +print_summary() { + echo + log_info "Summary of changes:" + + if [[ -n "$NEW_LANG" ]]; then + echo " - Added language: $NEW_LANG" + fi + + if [[ -n "$NEW_FRAMEWORK" ]]; then + echo " - Added framework: $NEW_FRAMEWORK" + fi + + if [[ -n "$NEW_DB" ]] && [[ "$NEW_DB" != "N/A" ]]; then + echo " - Added database: $NEW_DB" + fi + + echo + + log_info "Usage: $0 [claude|gemini|copilot|cursor-agent|qwen|opencode|codex|windsurf|kilocode|auggie|codebuddy|shai|q|bob|qoder]" +} + +#============================================================================== +# Main Execution +#============================================================================== + +main() { + # Validate environment before proceeding + validate_environment + + log_info "=== Updating agent context files for feature $CURRENT_BRANCH ===" + + # Parse the plan file to extract project information + if ! parse_plan_data "$NEW_PLAN"; then + log_error "Failed to parse plan data" + exit 1 + fi + + # Process based on agent type argument + local success=true + + if [[ -z "$AGENT_TYPE" ]]; then + # No specific agent provided - update all existing agent files + log_info "No agent specified, updating all existing agent files..." + if ! update_all_existing_agents; then + success=false + fi + else + # Specific agent provided - update only that agent + log_info "Updating specific agent: $AGENT_TYPE" + if ! update_specific_agent "$AGENT_TYPE"; then + success=false + fi + fi + + # Print summary + print_summary + + if [[ "$success" == true ]]; then + log_success "Agent context update completed successfully" + exit 0 + else + log_error "Agent context update completed with errors" + exit 1 + fi +} + +# Execute main function if script is run directly +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + main "$@" +fi + diff --git a/.specify/templates/agent-file-template.md b/.specify/templates/agent-file-template.md new file mode 100644 index 0000000..4cc7fd6 --- /dev/null +++ b/.specify/templates/agent-file-template.md @@ -0,0 +1,28 @@ +# [PROJECT NAME] Development Guidelines + +Auto-generated from all feature plans. Last updated: [DATE] + +## Active Technologies + +[EXTRACTED FROM ALL PLAN.MD FILES] + +## Project Structure + +```text +[ACTUAL STRUCTURE FROM PLANS] +``` + +## Commands + +[ONLY COMMANDS FOR ACTIVE TECHNOLOGIES] + +## Code Style + +[LANGUAGE-SPECIFIC, ONLY FOR LANGUAGES IN USE] + +## Recent Changes + +[LAST 3 FEATURES AND WHAT THEY ADDED] + +<!-- MANUAL ADDITIONS START --> +<!-- MANUAL ADDITIONS END --> diff --git a/.specify/templates/checklist-template.md b/.specify/templates/checklist-template.md new file mode 100644 index 0000000..806657d --- /dev/null +++ b/.specify/templates/checklist-template.md @@ -0,0 +1,40 @@ +# [CHECKLIST TYPE] Checklist: [FEATURE NAME] + +**Purpose**: [Brief description of what this checklist covers] +**Created**: [DATE] +**Feature**: [Link to spec.md or relevant documentation] + +**Note**: This checklist is generated by the `/speckit.checklist` command based on feature context and requirements. + +<!-- + ============================================================================ + IMPORTANT: The checklist items below are SAMPLE ITEMS for illustration only. + + The /speckit.checklist command MUST replace these with actual items based on: + - User's specific checklist request + - Feature requirements from spec.md + - Technical context from plan.md + - Implementation details from tasks.md + + DO NOT keep these sample items in the generated checklist file. + ============================================================================ +--> + +## [Category 1] + +- [ ] CHK001 First checklist item with clear action +- [ ] CHK002 Second checklist item +- [ ] CHK003 Third checklist item + +## [Category 2] + +- [ ] CHK004 Another category item +- [ ] CHK005 Item with specific criteria +- [ ] CHK006 Final item in this category + +## Notes + +- Check items off as completed: `[x]` +- Add comments or findings inline +- Link to relevant resources or documentation +- Items are numbered sequentially for easy reference diff --git a/.specify/templates/plan-template.md b/.specify/templates/plan-template.md new file mode 100644 index 0000000..6a8bfc6 --- /dev/null +++ b/.specify/templates/plan-template.md @@ -0,0 +1,104 @@ +# Implementation Plan: [FEATURE] + +**Branch**: `[###-feature-name]` | **Date**: [DATE] | **Spec**: [link] +**Input**: Feature specification from `/specs/[###-feature-name]/spec.md` + +**Note**: This template is filled in by the `/speckit.plan` command. See `.specify/templates/commands/plan.md` for the execution workflow. + +## Summary + +[Extract from feature spec: primary requirement + technical approach from research] + +## Technical Context + +<!-- + ACTION REQUIRED: Replace the content in this section with the technical details + for the project. The structure here is presented in advisory capacity to guide + the iteration process. +--> + +**Language/Version**: [e.g., Python 3.11, Swift 5.9, Rust 1.75 or NEEDS CLARIFICATION] +**Primary Dependencies**: [e.g., FastAPI, UIKit, LLVM or NEEDS CLARIFICATION] +**Storage**: [if applicable, e.g., PostgreSQL, CoreData, files or N/A] +**Testing**: [e.g., pytest, XCTest, cargo test or NEEDS CLARIFICATION] +**Target Platform**: [e.g., Linux server, iOS 15+, WASM or NEEDS CLARIFICATION] +**Project Type**: [single/web/mobile - determines source structure] +**Performance Goals**: [domain-specific, e.g., 1000 req/s, 10k lines/sec, 60 fps or NEEDS CLARIFICATION] +**Constraints**: [domain-specific, e.g., <200ms p95, <100MB memory, offline-capable or NEEDS CLARIFICATION] +**Scale/Scope**: [domain-specific, e.g., 10k users, 1M LOC, 50 screens or NEEDS CLARIFICATION] + +## Constitution Check + +*GATE: Must pass before Phase 0 research. Re-check after Phase 1 design.* + +[Gates determined based on constitution file] + +## Project Structure + +### Documentation (this feature) + +```text +specs/[###-feature]/ +├── plan.md # This file (/speckit.plan command output) +├── research.md # Phase 0 output (/speckit.plan command) +├── data-model.md # Phase 1 output (/speckit.plan command) +├── quickstart.md # Phase 1 output (/speckit.plan command) +├── contracts/ # Phase 1 output (/speckit.plan command) +└── tasks.md # Phase 2 output (/speckit.tasks command - NOT created by /speckit.plan) +``` + +### Source Code (repository root) +<!-- + ACTION REQUIRED: Replace the placeholder tree below with the concrete layout + for this feature. Delete unused options and expand the chosen structure with + real paths (e.g., apps/admin, packages/something). The delivered plan must + not include Option labels. +--> + +```text +# [REMOVE IF UNUSED] Option 1: Single project (DEFAULT) +src/ +├── models/ +├── services/ +├── cli/ +└── lib/ + +tests/ +├── contract/ +├── integration/ +└── unit/ + +# [REMOVE IF UNUSED] Option 2: Web application (when "frontend" + "backend" detected) +backend/ +├── src/ +│ ├── models/ +│ ├── services/ +│ └── api/ +└── tests/ + +frontend/ +├── src/ +│ ├── components/ +│ ├── pages/ +│ └── services/ +└── tests/ + +# [REMOVE IF UNUSED] Option 3: Mobile + API (when "iOS/Android" detected) +api/ +└── [same as backend above] + +ios/ or android/ +└── [platform-specific structure: feature modules, UI flows, platform tests] +``` + +**Structure Decision**: [Document the selected structure and reference the real +directories captured above] + +## Complexity Tracking + +> **Fill ONLY if Constitution Check has violations that must be justified** + +| Violation | Why Needed | Simpler Alternative Rejected Because | +|-----------|------------|-------------------------------------| +| [e.g., 4th project] | [current need] | [why 3 projects insufficient] | +| [e.g., Repository pattern] | [specific problem] | [why direct DB access insufficient] | diff --git a/.specify/templates/spec-template.md b/.specify/templates/spec-template.md new file mode 100644 index 0000000..c67d914 --- /dev/null +++ b/.specify/templates/spec-template.md @@ -0,0 +1,115 @@ +# Feature Specification: [FEATURE NAME] + +**Feature Branch**: `[###-feature-name]` +**Created**: [DATE] +**Status**: Draft +**Input**: User description: "$ARGUMENTS" + +## User Scenarios & Testing *(mandatory)* + +<!-- + IMPORTANT: User stories should be PRIORITIZED as user journeys ordered by importance. + Each user story/journey must be INDEPENDENTLY TESTABLE - meaning if you implement just ONE of them, + you should still have a viable MVP (Minimum Viable Product) that delivers value. + + Assign priorities (P1, P2, P3, etc.) to each story, where P1 is the most critical. + Think of each story as a standalone slice of functionality that can be: + - Developed independently + - Tested independently + - Deployed independently + - Demonstrated to users independently +--> + +### User Story 1 - [Brief Title] (Priority: P1) + +[Describe this user journey in plain language] + +**Why this priority**: [Explain the value and why it has this priority level] + +**Independent Test**: [Describe how this can be tested independently - e.g., "Can be fully tested by [specific action] and delivers [specific value]"] + +**Acceptance Scenarios**: + +1. **Given** [initial state], **When** [action], **Then** [expected outcome] +2. **Given** [initial state], **When** [action], **Then** [expected outcome] + +--- + +### User Story 2 - [Brief Title] (Priority: P2) + +[Describe this user journey in plain language] + +**Why this priority**: [Explain the value and why it has this priority level] + +**Independent Test**: [Describe how this can be tested independently] + +**Acceptance Scenarios**: + +1. **Given** [initial state], **When** [action], **Then** [expected outcome] + +--- + +### User Story 3 - [Brief Title] (Priority: P3) + +[Describe this user journey in plain language] + +**Why this priority**: [Explain the value and why it has this priority level] + +**Independent Test**: [Describe how this can be tested independently] + +**Acceptance Scenarios**: + +1. **Given** [initial state], **When** [action], **Then** [expected outcome] + +--- + +[Add more user stories as needed, each with an assigned priority] + +### Edge Cases + +<!-- + ACTION REQUIRED: The content in this section represents placeholders. + Fill them out with the right edge cases. +--> + +- What happens when [boundary condition]? +- How does system handle [error scenario]? + +## Requirements *(mandatory)* + +<!-- + ACTION REQUIRED: The content in this section represents placeholders. + Fill them out with the right functional requirements. +--> + +### Functional Requirements + +- **FR-001**: System MUST [specific capability, e.g., "allow users to create accounts"] +- **FR-002**: System MUST [specific capability, e.g., "validate email addresses"] +- **FR-003**: Users MUST be able to [key interaction, e.g., "reset their password"] +- **FR-004**: System MUST [data requirement, e.g., "persist user preferences"] +- **FR-005**: System MUST [behavior, e.g., "log all security events"] + +*Example of marking unclear requirements:* + +- **FR-006**: System MUST authenticate users via [NEEDS CLARIFICATION: auth method not specified - email/password, SSO, OAuth?] +- **FR-007**: System MUST retain user data for [NEEDS CLARIFICATION: retention period not specified] + +### Key Entities *(include if feature involves data)* + +- **[Entity 1]**: [What it represents, key attributes without implementation] +- **[Entity 2]**: [What it represents, relationships to other entities] + +## Success Criteria *(mandatory)* + +<!-- + ACTION REQUIRED: Define measurable success criteria. + These must be technology-agnostic and measurable. +--> + +### Measurable Outcomes + +- **SC-001**: [Measurable metric, e.g., "Users can complete account creation in under 2 minutes"] +- **SC-002**: [Measurable metric, e.g., "System handles 1000 concurrent users without degradation"] +- **SC-003**: [User satisfaction metric, e.g., "90% of users successfully complete primary task on first attempt"] +- **SC-004**: [Business metric, e.g., "Reduce support tickets related to [X] by 50%"] diff --git a/.specify/templates/tasks-template.md b/.specify/templates/tasks-template.md new file mode 100644 index 0000000..60f9be4 --- /dev/null +++ b/.specify/templates/tasks-template.md @@ -0,0 +1,251 @@ +--- + +description: "Task list template for feature implementation" +--- + +# Tasks: [FEATURE NAME] + +**Input**: Design documents from `/specs/[###-feature-name]/` +**Prerequisites**: plan.md (required), spec.md (required for user stories), research.md, data-model.md, contracts/ + +**Tests**: The examples below include test tasks. Tests are OPTIONAL - only include them if explicitly requested in the feature specification. + +**Organization**: Tasks are grouped by user story to enable independent implementation and testing of each story. + +## Format: `[ID] [P?] [Story] Description` + +- **[P]**: Can run in parallel (different files, no dependencies) +- **[Story]**: Which user story this task belongs to (e.g., US1, US2, US3) +- Include exact file paths in descriptions + +## Path Conventions + +- **Single project**: `src/`, `tests/` at repository root +- **Web app**: `backend/src/`, `frontend/src/` +- **Mobile**: `api/src/`, `ios/src/` or `android/src/` +- Paths shown below assume single project - adjust based on plan.md structure + +<!-- + ============================================================================ + IMPORTANT: The tasks below are SAMPLE TASKS for illustration purposes only. + + The /speckit.tasks command MUST replace these with actual tasks based on: + - User stories from spec.md (with their priorities P1, P2, P3...) + - Feature requirements from plan.md + - Entities from data-model.md + - Endpoints from contracts/ + + Tasks MUST be organized by user story so each story can be: + - Implemented independently + - Tested independently + - Delivered as an MVP increment + + DO NOT keep these sample tasks in the generated tasks.md file. + ============================================================================ +--> + +## Phase 1: Setup (Shared Infrastructure) + +**Purpose**: Project initialization and basic structure + +- [ ] T001 Create project structure per implementation plan +- [ ] T002 Initialize [language] project with [framework] dependencies +- [ ] T003 [P] Configure linting and formatting tools + +--- + +## Phase 2: Foundational (Blocking Prerequisites) + +**Purpose**: Core infrastructure that MUST be complete before ANY user story can be implemented + +**⚠️ CRITICAL**: No user story work can begin until this phase is complete + +Examples of foundational tasks (adjust based on your project): + +- [ ] T004 Setup database schema and migrations framework +- [ ] T005 [P] Implement authentication/authorization framework +- [ ] T006 [P] Setup API routing and middleware structure +- [ ] T007 Create base models/entities that all stories depend on +- [ ] T008 Configure error handling and logging infrastructure +- [ ] T009 Setup environment configuration management + +**Checkpoint**: Foundation ready - user story implementation can now begin in parallel + +--- + +## Phase 3: User Story 1 - [Title] (Priority: P1) 🎯 MVP + +**Goal**: [Brief description of what this story delivers] + +**Independent Test**: [How to verify this story works on its own] + +### Tests for User Story 1 (OPTIONAL - only if tests requested) ⚠️ + +> **NOTE: Write these tests FIRST, ensure they FAIL before implementation** + +- [ ] T010 [P] [US1] Contract test for [endpoint] in tests/contract/test_[name].py +- [ ] T011 [P] [US1] Integration test for [user journey] in tests/integration/test_[name].py + +### Implementation for User Story 1 + +- [ ] T012 [P] [US1] Create [Entity1] model in src/models/[entity1].py +- [ ] T013 [P] [US1] Create [Entity2] model in src/models/[entity2].py +- [ ] T014 [US1] Implement [Service] in src/services/[service].py (depends on T012, T013) +- [ ] T015 [US1] Implement [endpoint/feature] in src/[location]/[file].py +- [ ] T016 [US1] Add validation and error handling +- [ ] T017 [US1] Add logging for user story 1 operations + +**Checkpoint**: At this point, User Story 1 should be fully functional and testable independently + +--- + +## Phase 4: User Story 2 - [Title] (Priority: P2) + +**Goal**: [Brief description of what this story delivers] + +**Independent Test**: [How to verify this story works on its own] + +### Tests for User Story 2 (OPTIONAL - only if tests requested) ⚠️ + +- [ ] T018 [P] [US2] Contract test for [endpoint] in tests/contract/test_[name].py +- [ ] T019 [P] [US2] Integration test for [user journey] in tests/integration/test_[name].py + +### Implementation for User Story 2 + +- [ ] T020 [P] [US2] Create [Entity] model in src/models/[entity].py +- [ ] T021 [US2] Implement [Service] in src/services/[service].py +- [ ] T022 [US2] Implement [endpoint/feature] in src/[location]/[file].py +- [ ] T023 [US2] Integrate with User Story 1 components (if needed) + +**Checkpoint**: At this point, User Stories 1 AND 2 should both work independently + +--- + +## Phase 5: User Story 3 - [Title] (Priority: P3) + +**Goal**: [Brief description of what this story delivers] + +**Independent Test**: [How to verify this story works on its own] + +### Tests for User Story 3 (OPTIONAL - only if tests requested) ⚠️ + +- [ ] T024 [P] [US3] Contract test for [endpoint] in tests/contract/test_[name].py +- [ ] T025 [P] [US3] Integration test for [user journey] in tests/integration/test_[name].py + +### Implementation for User Story 3 + +- [ ] T026 [P] [US3] Create [Entity] model in src/models/[entity].py +- [ ] T027 [US3] Implement [Service] in src/services/[service].py +- [ ] T028 [US3] Implement [endpoint/feature] in src/[location]/[file].py + +**Checkpoint**: All user stories should now be independently functional + +--- + +[Add more user story phases as needed, following the same pattern] + +--- + +## Phase N: Polish & Cross-Cutting Concerns + +**Purpose**: Improvements that affect multiple user stories + +- [ ] TXXX [P] Documentation updates in docs/ +- [ ] TXXX Code cleanup and refactoring +- [ ] TXXX Performance optimization across all stories +- [ ] TXXX [P] Additional unit tests (if requested) in tests/unit/ +- [ ] TXXX Security hardening +- [ ] TXXX Run quickstart.md validation + +--- + +## Dependencies & Execution Order + +### Phase Dependencies + +- **Setup (Phase 1)**: No dependencies - can start immediately +- **Foundational (Phase 2)**: Depends on Setup completion - BLOCKS all user stories +- **User Stories (Phase 3+)**: All depend on Foundational phase completion + - User stories can then proceed in parallel (if staffed) + - Or sequentially in priority order (P1 → P2 → P3) +- **Polish (Final Phase)**: Depends on all desired user stories being complete + +### User Story Dependencies + +- **User Story 1 (P1)**: Can start after Foundational (Phase 2) - No dependencies on other stories +- **User Story 2 (P2)**: Can start after Foundational (Phase 2) - May integrate with US1 but should be independently testable +- **User Story 3 (P3)**: Can start after Foundational (Phase 2) - May integrate with US1/US2 but should be independently testable + +### Within Each User Story + +- Tests (if included) MUST be written and FAIL before implementation +- Models before services +- Services before endpoints +- Core implementation before integration +- Story complete before moving to next priority + +### Parallel Opportunities + +- All Setup tasks marked [P] can run in parallel +- All Foundational tasks marked [P] can run in parallel (within Phase 2) +- Once Foundational phase completes, all user stories can start in parallel (if team capacity allows) +- All tests for a user story marked [P] can run in parallel +- Models within a story marked [P] can run in parallel +- Different user stories can be worked on in parallel by different team members + +--- + +## Parallel Example: User Story 1 + +```bash +# Launch all tests for User Story 1 together (if tests requested): +Task: "Contract test for [endpoint] in tests/contract/test_[name].py" +Task: "Integration test for [user journey] in tests/integration/test_[name].py" + +# Launch all models for User Story 1 together: +Task: "Create [Entity1] model in src/models/[entity1].py" +Task: "Create [Entity2] model in src/models/[entity2].py" +``` + +--- + +## Implementation Strategy + +### MVP First (User Story 1 Only) + +1. Complete Phase 1: Setup +2. Complete Phase 2: Foundational (CRITICAL - blocks all stories) +3. Complete Phase 3: User Story 1 +4. **STOP and VALIDATE**: Test User Story 1 independently +5. Deploy/demo if ready + +### Incremental Delivery + +1. Complete Setup + Foundational → Foundation ready +2. Add User Story 1 → Test independently → Deploy/Demo (MVP!) +3. Add User Story 2 → Test independently → Deploy/Demo +4. Add User Story 3 → Test independently → Deploy/Demo +5. Each story adds value without breaking previous stories + +### Parallel Team Strategy + +With multiple developers: + +1. Team completes Setup + Foundational together +2. Once Foundational is done: + - Developer A: User Story 1 + - Developer B: User Story 2 + - Developer C: User Story 3 +3. Stories complete and integrate independently + +--- + +## Notes + +- [P] tasks = different files, no dependencies +- [Story] label maps task to specific user story for traceability +- Each user story should be independently completable and testable +- Verify tests fail before implementing +- Commit after each task or logical group +- Stop at any checkpoint to validate story independently +- Avoid: vague tasks, same file conflicts, cross-story dependencies that break independence diff --git a/ENHANCED_QUICK_START.md b/ENHANCED_QUICK_START.md new file mode 100644 index 0000000..daee004 --- /dev/null +++ b/ENHANCED_QUICK_START.md @@ -0,0 +1,283 @@ +# Enhanced Specification Verifier - Quick Start + +## What's Different? + +The enhanced version **fetches original source documents** (transcripts, emails, design docs) when it finds problems in your specification. This provides deeper insights into WHY issues exist. + +## 5-Minute Demo + +### Terminal 1: Start Mock API Server + +```bash +cd examples/ +python3 mock_source_api.py +``` + +You should see: +``` +================================================================ +Mock Source Document API Server +================================================================ +Server running on http://localhost:8888 + +Available documents (8): + - transcript-stakeholder-meeting-2024-01-15 (transcript): Stakeholder Meeting + - email-product-owner-001 (email): RE: Search Results Display + ... +``` + +### Terminal 2: Run Enhanced Verification + +```bash +cd examples/ +./run_demo_enhanced.sh +``` + +## What You'll See + +### Regular Violation (Original Tool) +``` +[CRITICAL] COVERAGE: 4 requirements have NO coverage + Evidence: + - REQ_abc123 [HUMAN_INPUT:input.txt]: Password reset functionality... +``` + +### Enhanced Violation (With Deep Analysis) 🔍 +``` +[CRITICAL] COVERAGE: 4 requirements have NO coverage + Evidence: + - REQ_abc123 [HUMAN_INPUT:input.txt]: Password reset functionality... + 📄 Source Documents Analyzed: 2 + - email: User Feedback - Password Reset Feature Request + - design_doc: Security Requirements Document v2 + 🔍 Deep Analysis: + Analyzed 2 source document(s): + In User Feedback - Password Reset Feature Request (email): + - 'password': ...CRITICAL: Password reset functionality via email... + - 'reset': ...Users are getting locked out, no automated way to help... + In Security Requirements Document v2 (design_doc): + - 'password': ...Reset tokens valid for 1 hour maximum... + - 'reset': ...Support password reset via email... +``` + +## Document Format + +Add source references to your requirements: + +``` +REQ-001: Users must search by title [SRC:transcript-meeting-2024-01-15] +REQ-002: Cart persists across sessions [SOURCE:email-product-owner-001] +REQ-003: Passwords encrypted [DOC:security-requirements-v2] +``` + +Three formats supported: +- `[SRC:document-id]` +- `[SOURCE:document-id]` +- `[DOC:document-id]` + +## API Configuration + +Create `api_config.json`: + +```json +{ + "enabled": true, + "base_url": "http://localhost:8888", + "api_key": "your-api-key", + "timeout": 30 +} +``` + +## Usage + +### Basic (No Deep Analysis) +```bash +./spec_verifier_enhanced.py \ + -i input.txt \ + -r reqs.txt \ + -c principles.txt \ + -s spec.md +``` + +### With Deep Analysis +```bash +./spec_verifier_enhanced.py \ + -i input.txt \ + -r reqs.txt \ + -c principles.txt \ + -s spec.md \ + --deep-analysis \ + --api-config api_config.json +``` + +### Alternative: Command-Line Config +```bash +./spec_verifier_enhanced.py \ + [...] \ + --deep-analysis \ + --api-url http://localhost:8888 \ + --api-key your-api-key +``` + +## When to Use Each Version + +### Use Original (`spec_verifier.py`) +- ✅ Quick local verification +- ✅ Offline work +- ✅ No source documents available +- ✅ Basic CI/CD checks + +### Use Enhanced (`spec_verifier_enhanced.py`) +- ✅ Deep investigation of violations +- ✅ Understanding context from original discussions +- ✅ Resolving ambiguous requirements +- ✅ When source documents are available via API +- ✅ Post-finding analysis + +## API Integration + +Your API should return this format: + +```json +{ + "id": "document-id", + "type": "transcript|email|design_doc|meeting_notes", + "title": "Document Title", + "date": "2024-01-15", + "participants": ["Person 1", "Person 2"], + "content": "Full text content of the document..." +} +``` + +Endpoint: `GET /documents/{doc_id}` +Auth: `Authorization: Bearer {api_key}` + +## Benefits + +### 1. Understand WHY Requirements Are Missing + +**Before**: +> "Password reset not in spec" + +**After**: +> "Password reset not in spec. Source analysis shows: Support team requested this in email-support-feedback because users are getting locked out. Security doc specifies 1-hour token validity." + +### 2. Clarify Ambiguous Specifications + +**Before**: +> "Spec uses vague term 'fast'" + +**After**: +> "Spec uses vague term 'fast'. CTO email specifies: 'API response times must be under 200ms for 95th percentile'" + +### 3. Validate Principle Violations + +**Before**: +> "Spec logs passwords, violating security principle" + +**After**: +> "Spec logs passwords, violating security principle. Security meeting transcript explicitly states: 'We must NEVER log passwords. Ever.'" + +## Complete Example + +### 1. Create requirement with source reference + +`input.txt`: +``` +REQ-001: System must handle 500 concurrent users [SRC:email-cto-performance] +``` + +### 2. Specification doesn't address it + +`spec.md`: +``` +# System will handle users appropriately +``` + +### 3. Run enhanced verifier + +```bash +./spec_verifier_enhanced.py [...] --deep-analysis --api-config api_config.json +``` + +### 4. Get deep analysis + +``` +[CRITICAL] COVERAGE: REQ-001 not covered + 📄 Source Documents Analyzed: 1 + - email: Performance Requirements and SLAs + 🔍 Deep Analysis: + In Performance Requirements and SLAs (email): + - 'concurrent': ...System must handle minimum 500 concurrent users... + - 'users': ...Support up to 1000 concurrent users as target... + - 'performance': ...These are non-negotiable for production launch... +``` + +Now you know: +- The exact number required (500 minimum, 1000 target) +- It's from the CTO +- It's non-negotiable for launch +- You need to add this to the spec + +## Comparison + +| Feature | Original | Enhanced | +|---------|----------|----------| +| Find missing reqs | ✅ | ✅ | +| Find violations | ✅ | ✅ | +| Offline | ✅ | ✅* | +| Fast | ✅ | ✅ | +| Shows context | ❌ | ✅ | +| Fetches sources | ❌ | ✅ | +| Deep analysis | ❌ | ✅ | + +*Enhanced works offline too, deep analysis is optional + +## Tips + +1. **Start Simple**: Use original version first, add deep analysis later +2. **Add References Incrementally**: Don't need to reference every requirement +3. **Reference Critical Items**: Focus on security, performance, compliance requirements +4. **Use Consistent IDs**: Keep document ID format consistent +5. **Test API First**: Verify API works before running verifier + +## Troubleshooting + +### "API server not running" +```bash +# Start it: +cd examples && python3 mock_source_api.py +``` + +### "Document not found" +- Check document ID spelling in `[SRC:...]` tags +- Verify document exists in API +- Try without prefix: `doc-id` not `SRC:doc-id` + +### "Deep analysis not showing" +- Ensure `--deep-analysis` flag is set +- Verify API config is provided +- Check that requirements have `[SRC:...]` references +- Confirm violations were found (deep analysis only runs for violations) + +## Next Steps + +1. ✅ Run the demo (`./run_demo_enhanced.sh`) +2. ✅ Review output with deep analysis +3. ✅ Read full documentation (`SPEC_VERIFIER_ENHANCED_README.md`) +4. ✅ Add source references to your requirements +5. ✅ Set up your document API (or use mock for testing) +6. ✅ Run on your specifications + +--- + +**Quick Demo**: +```bash +# Terminal 1 +cd examples && python3 mock_source_api.py + +# Terminal 2 +cd examples && ./run_demo_enhanced.sh +``` + + diff --git a/README.md b/README.md index e5ef260..03cdf24 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Yugastore in Java -![Homepage](docs/home.png) +![Homepage](assets/images/home.png) This is an implementation of a sample ecommerce app. This microservices-based retail marketplace or eCommerce app is composed of **microservices written in Spring (Java)**, a **UI based on React** and **YugabyteDB as the [distributed SQL](https://www.yugabyte.com/tech/distributed-sql/) database**. If you're using this demo app, please :star: this repository! We appreciate your support. @@ -46,7 +46,74 @@ The architecture diagram of Yugastore is shown below. # Build and run -To build, simply run the following from the base directory: +There are two ways to build and run the application: +1. **Automated Bootstrap Script** (Recommended) - Single command to set up everything +2. **Manual Steps** - Step-by-step instructions for more control + +## Quick Start with Bootstrap Script + +The easiest way to get started is using the automated bootstrap script, which handles all prerequisites, builds the application, and starts all services. + +```bash +# Using native YugabyteDB installation (recommended for development) +./scripts/bootstrap.sh --yugabyte=native + +# Or using Docker for YugabyteDB +./scripts/bootstrap.sh --yugabyte=docker + +# For help and all options +./scripts/bootstrap.sh --help +``` + +### Prerequisites Requiring Manual Intervention + +The bootstrap script will attempt to install missing prerequisites automatically, but the following may require manual steps: + +| Prerequisite | Platform | Manual Action Required | +|--------------|----------|----------------------| +| **Homebrew** | macOS | Install from [brew.sh](https://brew.sh) if not present | +| **Docker Desktop** | macOS/Windows | Must be installed manually from [docker.com](https://www.docker.com/products/docker-desktop/) | +| **Port 7000 conflict** | macOS | Disable AirPlay Receiver in System Settings > General > AirDrop & Handoff, or YugabyteDB will use alternate port 7001 | +| **WSL** | Windows | The script requires WSL (Windows Subsystem for Linux) to run on Windows | + +### Bootstrap Script Options + +| Option | Description | +|--------|-------------| +| `--non-interactive` | Run without prompts (assumes YugabyteDB is ready) | +| `--yugabyte=native` | Install YugabyteDB via native package manager (Homebrew on macOS) | +| `--yugabyte=docker` | Run YugabyteDB in Docker container (default) | +| `--help`, `-h` | Show help message | + +### What the Bootstrap Script Does + +1. Checks and installs prerequisites (Java 17, Maven, Python 3, cqlsh, psql) +2. Installs and starts YugabyteDB (native or Docker based on option) +3. Builds all microservices with Maven +4. Creates database schemas (CQL and SQL) +5. Loads sample product data +6. Starts all 6 microservices in the background +7. Provides URLs for all running services + +### Stopping Services + +To stop all running microservices: + +```bash +pkill -f 'spring-boot:run' +``` + +To stop YugabyteDB (native installation): + +```bash +yugabyted stop +``` + +--- + +## Manual Build and Run + +To build manually, run the following from the base directory: ``` $ mvn -DskipTests package @@ -54,7 +121,7 @@ $ mvn -DskipTests package To run the app on host machine, you need to first install YugabyteDB, create the necessary tables, start each of the microservices and finally the React UI. -## Running the app on host +### Running the app on host (Manual Steps) Make sure you have built the app as described above. Now do the following steps. @@ -153,20 +220,20 @@ Once all services are registered, you can browse the marketplace app at [http:// ### Home -![Home Page](docs/home.png) +![Home Page](assets/images/home.png) ### Product Category Page -![Product Category](docs/product-category.png) +![Product Category](assets/images/product-category.png) ### Product Detail Page -![Product Page](docs/product.png) +![Product Page](assets/images/product.png) ### Car -![Cart](docs/cart.png) +![Cart](assets/images/cart.png) ## Checkout -![Checkout](docs/checkout.png) +![Checkout](assets/images/checkout.png) diff --git a/SPEC_VERIFIER_ENHANCED_README.md b/SPEC_VERIFIER_ENHANCED_README.md new file mode 100644 index 0000000..1ef938d --- /dev/null +++ b/SPEC_VERIFIER_ENHANCED_README.md @@ -0,0 +1,422 @@ +## Enhanced Specification Verifier with Deep Source Analysis + +### Overview + +The enhanced specification verifier adds **deep source document analysis** capability. When violations are detected, it can automatically fetch and analyze the original source documents (meeting transcripts, emails, design documents) to provide deeper insights. + +### What's New + +#### 🔍 Deep Analysis Features + +1. **Automatic Source Document Fetching** + - Fetches original documents via API when violations found + - Analyzes transcripts, emails, design docs, meeting notes + - Provides context from original discussions + +2. **Enhanced Violation Reports** + - Shows which source documents were analyzed + - Includes insights from original content + - Helps understand WHY requirements are missing or ambiguous + +3. **Smart Document References** + - Requirements link to their source documents + - Format: `[SRC:doc-id]`, `[SOURCE:doc-id]`, `[DOC:doc-id]` + - Automatic extraction and tracking + +### How It Works + +#### 1. Document Format with Source References + +In your human input documents, reference original sources: + +``` +REQ-001: Users must search by title, author, ISBN [SRC:transcript-meeting-2024-01-15] +REQ-002: Cart must persist across sessions [SOURCE:email-product-owner-001] +REQ-003: Passwords must be encrypted [DOC:security-requirements-v2] +``` + +#### 2. API Configuration + +Create `api_config.json`: + +```json +{ + "enabled": true, + "base_url": "http://your-api-server.com", + "api_key": "your-api-key", + "timeout": 30, + "max_retries": 3 +} +``` + +#### 3. Run with Deep Analysis + +```bash +./spec_verifier_enhanced.py \ + --human-input input.txt \ + --requirements reqs.txt \ + --constitution principles.txt \ + --specification spec.md \ + --deep-analysis \ + --api-config api_config.json +``` + +### Example Output + +#### Without Deep Analysis (Original Tool) +``` +[CRITICAL] COVERAGE: 4 requirements have NO coverage + Evidence: + - REQ_abc123: Password reset functionality needed +``` + +#### With Deep Analysis (Enhanced Tool) +``` +[CRITICAL] COVERAGE: 4 requirements have NO coverage + Evidence: + - REQ_abc123: Password reset functionality needed + 📄 Source Documents Analyzed: 2 + - email: User Feedback - Password Reset Feature Request + - transcript: Security Review Meeting + 🔍 Deep Analysis: + Analyzed 2 source document(s): + In User Feedback - Password Reset Feature Request (email): + - 'password': ...CRITICAL: Password reset functionality via email... + - 'reset': ...Users are getting locked out and we have no automated way... + In Security Review Meeting (transcript): + - 'password': ...bcrypt with appropriate cost factor. NO plaintext storage... +``` + +### API Specification + +#### Endpoint Format + +``` +GET /documents/{doc_id} +Authorization: Bearer {api_key} +``` + +#### Response Format + +```json +{ + "id": "transcript-meeting-2024-01-15", + "type": "transcript", + "title": "Stakeholder Meeting - Product Requirements", + "date": "2024-01-15", + "participants": ["John Doe", "Jane Smith"], + "content": "Full text content of the document..." +} +``` + +#### Document Types + +- `transcript` - Meeting/call transcripts +- `email` - Email threads +- `design_doc` - Design documents +- `meeting_notes` - Meeting notes +- `interview` - User interviews +- `other` - Other document types + +### Demo Usage + +#### 1. Start the Mock API Server + +```bash +cd examples/ +python3 mock_source_api.py +``` + +This starts a mock API server on `http://localhost:8888` with example documents. + +#### 2. Run the Enhanced Demo + +In another terminal: + +```bash +cd examples/ +./run_demo_enhanced.sh +``` + +This runs the verifier with deep analysis enabled. + +### Command-Line Options + +```bash +# Basic options (same as original) +-i, --human-input FILES Human input documents +-r, --requirements FILES Requirements documents +-c, --constitution FILE Constitution/principles +-s, --specification FILE Specification to verify +-o, --output FILE Output file +--json JSON output format + +# New deep analysis options +--deep-analysis Enable deep source analysis +--api-config FILE API configuration JSON file +--api-url URL API base URL (alternative to config file) +--api-key KEY API key (alternative to config file) +--api-timeout SECONDS Request timeout (default: 30) +``` + +### Configuration Options + +#### Via Config File (`--api-config`) + +```json +{ + "enabled": true, + "base_url": "http://localhost:8888", + "api_key": "your-api-key", + "timeout": 30, + "max_retries": 3 +} +``` + +#### Via Command-Line Arguments + +```bash +./spec_verifier_enhanced.py \ + [...] \ + --deep-analysis \ + --api-url http://localhost:8888 \ + --api-key your-api-key \ + --api-timeout 30 +``` + +### Use Cases + +#### 1. Understanding Missing Requirements + +**Problem**: Specification doesn't address a requirement + +**Deep Analysis**: Fetches original discussions to understand: +- What stakeholders actually said +- Why the requirement was important +- Context that might clarify the intent + +#### 2. Resolving Ambiguity + +**Problem**: Specification uses vague language + +**Deep Analysis**: Looks at source documents to find: +- Specific numbers or criteria mentioned +- Detailed explanations +- Examples discussed + +#### 3. Investigating Principle Violations + +**Problem**: Spec violates a security principle + +**Deep Analysis**: Checks source documents to determine: +- Was this discussed and approved? +- Did stakeholders understand the security implications? +- Is there a business justification? + +### Security Considerations + +1. **API Keys**: Store API keys securely + - Use environment variables in production + - Don't commit keys to version control + - Rotate keys regularly + +2. **Network Security**: + - Use HTTPS in production (not HTTP) + - Validate SSL certificates + - Consider VPN for internal APIs + +3. **Data Privacy**: + - Source documents may contain sensitive information + - Ensure proper access controls + - Consider data retention policies + +### Performance + +#### Caching + +The tool caches fetched documents to avoid redundant API calls: +- Documents cached in memory during run +- Same document fetched once even if referenced multiple times +- Cache cleared between runs + +#### Selective Analysis + +Deep analysis only performed when: +- `--deep-analysis` flag is set +- API configuration is provided +- Violations are detected +- Requirements have source references + +Typically adds 2-10 seconds depending on: +- Number of violations +- Number of source documents +- API response time +- Network latency + +### Integration Examples + +#### CI/CD Pipeline with Deep Analysis + +```yaml +# GitHub Actions example +name: Verify Specification + +on: + pull_request: + paths: + - 'docs/specification.md' + +jobs: + verify: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Verify Specification + env: + API_KEY: ${{ secrets.SOURCE_DOC_API_KEY }} + run: | + ./spec_verifier_enhanced.py \ + -i docs/inputs/*.txt \ + -r docs/requirements/*.md \ + -c docs/principles.txt \ + -s docs/specification.md \ + --deep-analysis \ + --api-url https://api.company.com \ + --api-key $API_KEY \ + --json > violations.json + + - name: Upload Report + if: failure() + uses: actions/upload-artifact@v2 + with: + name: verification-report + path: violations.json +``` + +#### Custom API Integration + +If you have an existing document management system: + +```python +# Your API should return documents in this format: +{ + "id": "unique-doc-id", + "type": "transcript", # or email, design_doc, etc. + "title": "Document Title", + "date": "2024-01-15", + "participants": ["Person 1", "Person 2"], + "content": "Full text content..." +} +``` + +Map your system's data to this format in your API endpoint. + +### Troubleshooting + +#### "API Error: HTTP 404" +- Check that document IDs in your input files match API document IDs +- Verify API base URL is correct +- Ensure documents exist in your system + +#### "Network Error: Connection refused" +- API server not running +- Wrong port or URL +- Firewall blocking connection + +#### "Unauthorized - Missing or invalid token" +- Check API key is correct +- Verify `Authorization: Bearer {key}` header format +- Ensure API key has necessary permissions + +#### "Deep analysis not running" +- Verify `--deep-analysis` flag is set +- Check API configuration is provided +- Ensure requirements have `[SRC:...]` references +- Confirm violations were detected (deep analysis only runs for violations) + +### Comparison: Original vs Enhanced + +| Feature | Original | Enhanced | +|---------|----------|----------| +| Basic verification | ✅ | ✅ | +| Zero dependencies | ✅ | ✅ (stdlib only) | +| Offline operation | ✅ | ✅ (optional API) | +| Source doc fetching | ❌ | ✅ | +| Deep analysis | ❌ | ✅ | +| Context from originals | ❌ | ✅ | +| API integration | ❌ | ✅ | + +### Best Practices + +#### 1. Consistent Document Referencing + +Be consistent with document ID format: +``` +Good: + [SRC:transcript-2024-01-15] + [SOURCE:email-product-owner-001] + +Avoid: + [SRC:transcript 2024-01-15] # No spaces + [SRC:Transcript-2024-01-15] # Be consistent with casing +``` + +#### 2. Reference Tracking + +Maintain a document reference registry: +``` +transcript-2024-01-15 → Stakeholder meeting on Jan 15 +email-product-owner-001 → Search feature requirements +design-doc-v2 → Architecture decisions +``` + +#### 3. API Response Format + +Ensure your API returns consistent JSON: +- Always include `id`, `type`, `title`, `content` +- Use standard `type` values +- Include `date` and `participants` when available + +#### 4. Incremental Adoption + +Start without deep analysis, add it later: +```bash +# Phase 1: Basic verification +./spec_verifier.py [...] + +# Phase 2: Add source references to documents +# Edit files to add [SRC:...] tags + +# Phase 3: Set up API integration +# Implement or configure document API + +# Phase 4: Enable deep analysis +./spec_verifier_enhanced.py [...] --deep-analysis +``` + +### Future Enhancements + +Potential improvements (not yet implemented): + +- [ ] Semantic similarity search in source documents +- [ ] LLM integration for natural language analysis +- [ ] Automatic requirement extraction from transcripts +- [ ] Conflict detection across source documents +- [ ] Timeline visualization of requirement evolution +- [ ] Webhook support for real-time document updates +- [ ] Batch API calls for better performance +- [ ] Source document diff analysis (version comparison) + +### License + +Same as parent project + +--- + +**Quick Start**: +1. `cd examples && python3 mock_source_api.py` (in terminal 1) +2. `cd examples && ./run_demo_enhanced.sh` (in terminal 2) +3. See deep analysis in action! + + diff --git a/SPEC_VERIFIER_README.md b/SPEC_VERIFIER_README.md new file mode 100644 index 0000000..064668d --- /dev/null +++ b/SPEC_VERIFIER_README.md @@ -0,0 +1,463 @@ +# Adversarial Specification Verification Tool + +## Overview + +This tool performs rigorous, adversarial verification of specification documents against their input sources. It's designed to catch: + +- **Missing requirements** - Requirements that aren't addressed in the specification +- **Principle violations** - Violations of guiding principles from the constitution +- **Contradictions** - Conflicting specifications +- **Scope creep** - Specifications that don't trace back to requirements +- **Ambiguity** - Vague or unclear language +- **Untestable specs** - Specifications without measurable criteria +- **Incomplete coverage** - Missing important aspects (security, error handling, etc.) +- **Inconsistencies** - Inconsistent terminology or formatting + +## Installation + +The tool is a standalone Python 3 script with no external dependencies: + +```bash +chmod +x spec_verifier.py +``` + +## Usage + +### Basic Usage + +```bash +./spec_verifier.py \ + --human-input input1.txt input2.txt \ + --requirements requirements.txt \ + --constitution principles.txt \ + --specification spec.txt +``` + +### Parameters + +- `-i, --human-input`: One or more human input documents (required) +- `-r, --requirements`: One or more reverse-engineered requirements documents (required) +- `-c, --constitution`: Constitution/guiding principles document (required) +- `-s, --specification`: Specification document to verify (required) +- `-o, --output`: Output file for report (optional, defaults to stdout) +- `--json`: Output violations in JSON format (optional) + +### Examples + +**Example 1: Basic verification** +```bash +./spec_verifier.py \ + -i docs/user_story.txt docs/stakeholder_input.txt \ + -r docs/reverse_eng_requirements.txt \ + -c docs/architecture_principles.txt \ + -s docs/technical_specification.txt +``` + +**Example 2: Save report to file** +```bash +./spec_verifier.py \ + -i inputs/*.txt \ + -r requirements/*.md \ + -c constitution.txt \ + -s specification.md \ + -o verification_report.txt +``` + +**Example 3: JSON output for CI/CD integration** +```bash +./spec_verifier.py \ + -i input.txt \ + -r reqs.txt \ + -c principles.txt \ + -s spec.txt \ + --json > violations.json +``` + +## Document Format Requirements + +### Input Documents (Human Input & Requirements) + +The tool automatically extracts requirements from various formats: + +**Supported patterns:** +- `REQ-001: The system must...` +- `REQUIREMENT: Users shall be able to...` +- `The system must provide...` +- `- The application should support...` +- Numbered lists: `1. System needs to...` + +**Example:** +``` +User Story: Authentication + +REQ-001: The system must support user login with email and password +REQ-002: Users shall be able to reset their password via email +- The system should lock accounts after 5 failed login attempts +- Session timeout must be configurable +``` + +### Constitution (Guiding Principles) + +Principles that the specification must adhere to: + +**Supported patterns:** +- `PRINCIPLE: Never store passwords in plaintext` +- `RULE: All API responses must include error codes` +- `- Security must be prioritized over convenience` +- Mandatory indicators: `must`, `shall`, `required`, `mandatory` + +**Example:** +``` +SECURITY PRINCIPLES + +PRINCIPLE: All user data must be encrypted at rest and in transit +PRINCIPLE: Authentication must not use weak passwords (min 8 chars) +RULE: The system shall never log sensitive information + +PERFORMANCE PRINCIPLES + +- Response times must be under 200ms for 95th percentile +- The system must handle at least 1000 concurrent users +``` + +### Specification Document + +The document being verified: + +**Supported patterns:** +- `SPEC-001: Implementation of...` +- `### Authentication System` +- `- The login endpoint accepts...` +- Markdown headers and lists + +**Example:** +``` +# Technical Specification + +## Authentication + +SPEC-001: User authentication endpoint at /api/auth/login +- Accepts email and password in request body +- Returns JWT token valid for 24 hours +- Implements rate limiting: 5 attempts per 15 minutes + +SPEC-002: Password storage using bcrypt with cost factor 12 +REQ-001, REQ-002 (references which requirements this addresses) +``` + +## Verification Checks + +### 1. Requirement Coverage +**Severity: CRITICAL** +- Checks if all requirements are addressed in the specification +- Identifies completely missing requirements +- Flags partially covered requirements + +### 2. Principle Violations +**Severity: CRITICAL** +- Verifies specification adheres to mandatory principles +- Detects violations of "must not" constraints +- Ensures "must have" principles are addressed + +### 3. Contradictions +**Severity: CRITICAL** +- Finds specifications that contradict each other +- Uses semantic analysis to detect conflicts + +### 4. Scope Creep / Orphaned Specifications +**Severity: HIGH** +- Identifies specifications that don't trace to any requirement +- Flags potential gold-plating or scope creep + +### 5. Completeness +**Severity: HIGH** +- Checks if important aspects are covered: + - Security + - Error handling + - Performance + - Validation + - Logging/auditing + +### 6. Ambiguity +**Severity: MEDIUM** +- Detects vague language: + - "appropriate", "reasonable", "adequate" + - "as needed", "if possible" + - "TBD", "TODO" + - "fast", "slow", "good" + +### 7. Testability +**Severity: MEDIUM** +- Identifies specifications without measurable criteria +- Flags subjective terms ("user-friendly", "intuitive") +- Ensures specifications are verifiable + +### 8. Vagueness +**Severity: MEDIUM** +- Finds specifications lacking concrete details +- Checks for absence of numbers/specific terms + +### 9. Consistency +**Severity: LOW** +- Checks for inconsistent terminology +- Examples: "user" vs "customer", "login" vs "sign in" + +## Understanding the Report + +### Report Structure + +``` +================================================================================ +ADVERSARIAL SPECIFICATION VERIFICATION REPORT +================================================================================ + +📊 SUMMARY STATISTICS + Requirements analyzed: 45 + Principles checked: 12 + Specification items: 38 + Total violations found: 7 + +🚨 VIOLATIONS BY SEVERITY + CRITICAL: 2 + HIGH: 3 + MEDIUM: 2 + +📋 DETAILED VIOLATIONS + +[CRITICAL] COVERAGE: 3 requirements have NO coverage in specification + The following requirements are completely missing from the specification: + Evidence: + - REQ_a3b4c5d6 [HUMAN_INPUT:story.txt]: Users must be able to export data... + - REQ_f7e8d9c0 [REV_ENG:reqs.txt]: System shall provide audit logging... + +[HIGH] SCOPE_CREEP: 2 specification items appear to be out of scope + These specifications don't clearly relate to any input requirements: + Evidence: + - SPEC_1a2b3c4d (line 45): Implement blockchain-based ledger for... + +================================================================================ +VERDICT +================================================================================ +❌ FAILED - 2 CRITICAL issues must be resolved +================================================================================ +``` + +### Exit Codes + +- **0**: Passed (no critical violations) +- **1**: Failed (critical violations found) + +Use in CI/CD pipelines: +```bash +./spec_verifier.py -i input.txt -r req.txt -c prin.txt -s spec.txt || exit 1 +``` + +## Integration Examples + +### Git Pre-commit Hook + +```bash +#!/bin/bash +# .git/hooks/pre-commit + +if git diff --cached --name-only | grep -q "specification.md"; then + echo "Verifying specification..." + ./spec_verifier.py \ + -i docs/inputs/*.txt \ + -r docs/requirements/*.md \ + -c docs/principles.txt \ + -s docs/specification.md + + if [ $? -ne 0 ]; then + echo "❌ Specification verification failed!" + echo "Fix violations before committing." + exit 1 + fi +fi +``` + +### CI/CD Pipeline (GitHub Actions) + +```yaml +name: Verify Specification + +on: + pull_request: + paths: + - 'docs/specification.md' + +jobs: + verify: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Run Specification Verification + run: | + python3 spec_verifier.py \ + -i docs/inputs/*.txt \ + -r docs/requirements/*.md \ + -c docs/principles.txt \ + -s docs/specification.md \ + --json > violations.json + + - name: Upload Report + if: failure() + uses: actions/upload-artifact@v2 + with: + name: verification-report + path: violations.json +``` + +### Makefile Integration + +```makefile +.PHONY: verify-spec +verify-spec: + @echo "Running adversarial specification verification..." + @./spec_verifier.py \ + -i docs/user_stories.txt docs/stakeholder_input.txt \ + -r docs/requirements.md \ + -c docs/architecture_principles.txt \ + -s docs/technical_spec.md \ + -o reports/verification_$(shell date +%Y%m%d_%H%M%S).txt +``` + +## Advanced Features + +### JSON Output for Programmatic Access + +```bash +./spec_verifier.py [...] --json > violations.json +``` + +JSON structure: +```json +[ + { + "severity": "CRITICAL", + "category": "COVERAGE", + "title": "3 requirements have NO coverage", + "description": "The following requirements are completely missing...", + "evidence": ["REQ_123: User must be able to...", "..."], + "line_numbers": [45, 67, 89] + } +] +``` + +Process with `jq`: +```bash +# Count critical violations +cat violations.json | jq '[.[] | select(.severity=="CRITICAL")] | length' + +# Extract all missing requirements +cat violations.json | jq -r '.[] | select(.category=="COVERAGE") | .evidence[]' +``` + +## Best Practices + +### 1. Run Early and Often +Run verification during the specification drafting process, not just at the end. + +### 2. Use Consistent Formatting +- Start requirements with clear markers (REQ-001, MUST, SHALL) +- Use structured formats (markdown, numbered lists) +- Be explicit about requirement IDs + +### 3. Make Principles Machine-Readable +- Use clear "must/must not" language +- Keep principles atomic (one principle per line) +- Use consistent terminology + +### 4. Reference Requirements in Specs +Include requirement IDs in specification items: +``` +SPEC-005: Implements user authentication (addresses REQ-001, REQ-002) +``` + +### 5. Address All Violation Severities +- **CRITICAL**: Must fix before proceeding +- **HIGH**: Should fix, represents significant gaps +- **MEDIUM**: Address to improve quality +- **LOW**: Nice to have, improves consistency + +### 6. Iterate +The tool is adversarial by design - it's meant to find problems. Use it iteratively: +1. Run verification +2. Fix violations +3. Re-run +4. Repeat until satisfied + +## Limitations + +### Current Limitations + +1. **Semantic Understanding**: Uses keyword matching and heuristics, not true natural language understanding +2. **False Positives**: May flag valid specifications as violations +3. **Context Sensitivity**: Cannot understand domain-specific terminology without configuration +4. **Format Dependency**: Works best with structured documents + +### Known Issues + +- May miss requirements written in very unconventional formats +- Cannot detect logical inconsistencies that require deep domain knowledge +- Terminology checks use hardcoded word lists + +### Future Enhancements + +- [ ] Integration with LLMs for semantic understanding +- [ ] Custom rule definitions +- [ ] Configurable severity levels +- [ ] Multi-language support +- [ ] Traceability matrix generation +- [ ] HTML report generation +- [ ] Interactive mode with fix suggestions + +## Troubleshooting + +### "No requirements found" +- Check that input documents use recognizable patterns (REQ, MUST, SHALL, numbered lists) +- Try making requirements more explicit + +### "Too many false positives" +- Review ambiguity and vagueness checks +- Consider that the tool is intentionally strict +- Focus on CRITICAL and HIGH severity issues first + +### "Specifications marked as orphaned but they're valid" +- Ensure specification text uses similar terminology to requirements +- Add explicit requirement references in specifications +- May indicate requirements document is incomplete + +## Contributing + +To extend the verification checks: + +1. Add a new method to the `SpecificationVerifier` class: +```python +def check_my_custom_rule(self): + print("\n[CHECK] My Custom Rule...") + violations = [] + + # Your verification logic here + + if violations: + self.violations.append(Violation(...)) +``` + +2. Call it from the `verify()` method: +```python +def verify(self): + # ... existing checks ... + self.check_my_custom_rule() +``` + +## License + +Same as parent project (see LICENSE file) + +## Support + +For issues, questions, or contributions, please file an issue in the project repository. + + diff --git a/SPEC_VERIFIER_START_HERE.md b/SPEC_VERIFIER_START_HERE.md new file mode 100644 index 0000000..6456d0d --- /dev/null +++ b/SPEC_VERIFIER_START_HERE.md @@ -0,0 +1,184 @@ +# 🛡️ Adversarial Specification Verifier + +> **Verify your specifications before they become bugs** + +## 🚀 Quick Start (30 seconds) + +```bash +# Test the tool +./test_verifier.sh + +# See it in action +cd examples && ./run_demo.sh +``` + +## 📖 What Does It Do? + +Takes your specification document and **adversarially** verifies it against: +- ✅ Human input documents (user stories, stakeholder needs) +- ✅ Requirements documents (technical requirements) +- ✅ Constitution (guiding principles, constraints) + +**Finds:** +- ❌ Missing requirements +- ❌ Principle violations +- ❌ Contradictions +- ❌ Scope creep +- ❌ Ambiguous language +- ❌ Untestable specs + +## 💡 Why? + +Bad specs → Wasted time + Missing features + Security issues + Unhappy customers + +This tool catches problems **early** when they're cheap to fix. + +## 🎯 Basic Usage + +```bash +./spec_verifier.py \ + --human-input user_stories.txt \ + --requirements technical_reqs.txt \ + --constitution principles.txt \ + --specification your_spec.md +``` + +**Returns:** +- Exit code `0` = ✅ Passed +- Exit code `1` = ❌ Failed (with detailed report) + +## 📚 Documentation + +Pick your path: + +1. **Just want to try it?** → Run `cd examples && ./run_demo.sh` +2. **Want to use it now?** → Read [`examples/QUICKSTART.md`](examples/QUICKSTART.md) +3. **Want all the details?** → Read [`SPEC_VERIFIER_README.md`](SPEC_VERIFIER_README.md) +4. **Want the overview?** → Read [`VERIFIER_OVERVIEW.md`](VERIFIER_OVERVIEW.md) +5. **Want the deep dive?** → Read [`SPEC_VERIFIER_SUMMARY.md`](SPEC_VERIFIER_SUMMARY.md) + +## ⚡ Features + +- **Zero dependencies** - Pure Python 3 +- **Format agnostic** - Text, markdown, anything +- **Adversarial** - Skeptical by design +- **Fast** - Runs in seconds +- **CI/CD ready** - Exit codes, JSON output +- **Extensible** - Easy to add rules + +## 🎬 Demo Output Preview + +``` +================================================================================ +ADVERSARIAL SPECIFICATION VERIFICATION REPORT +================================================================================ + +📊 SUMMARY STATISTICS + Requirements analyzed: 61 + Principles checked: 44 + Specification items: 91 + Total violations found: 8 + +🚨 VIOLATIONS BY SEVERITY + CRITICAL: 2 + HIGH: 2 + MEDIUM: 3 + LOW: 1 + +[CRITICAL] COVERAGE: 4 requirements have NO coverage + - Password reset functionality (REQ-012) not addressed + - Accessibility requirements missing + +[CRITICAL] PRINCIPLE_VIOLATION: Logging passwords violates security principle + Line 61: "Failed attempts logged including password for debugging" + +[HIGH] SCOPE_CREEP: 22 specifications appear out of scope + - Admin dashboard (not in requirements) + - Social media integration (not requested) + - Cryptocurrency support (not requested) + +================================================================================ +VERDICT: ❌ FAILED - 2 CRITICAL issues must be resolved +================================================================================ +``` + +## 🏃 Next Steps + +```bash +# 1. Verify installation +./test_verifier.sh + +# 2. Run demo +cd examples && ./run_demo.sh + +# 3. Review examples +cd examples +cat specification_with_issues.md # Bad spec (has issues) +cat specification_fixed.md # Good spec (issues fixed) + +# 4. Try with your docs +cd .. +./spec_verifier.py -i your_input.txt -r your_reqs.txt -c your_principles.txt -s your_spec.md + +# 5. Get help +./spec_verifier.py --help +``` + +## 🤔 FAQ + +**Q: Do I need to install anything?** +A: No. Just Python 3 (which you probably already have). + +**Q: What formats does it support?** +A: Any plain text format - .txt, .md, etc. + +**Q: Will it work with my documents?** +A: Yes, if they use common requirement patterns like "REQ-001:", "MUST", "SHALL", or numbered/bulleted lists. + +**Q: Won't it have false positives?** +A: Yes, intentionally. Better to catch too much than miss real issues. + +**Q: How long does it take to run?** +A: Seconds, even for large documents. + +**Q: Can I use it in CI/CD?** +A: Yes! Exit codes, JSON output, fast execution. + +## 🎓 Learning Resources + +The `examples/` directory contains: +- Example input documents +- Example specifications (good and bad) +- Demo script +- Quick start guide + +Compare `specification_with_issues.md` (bad) vs `specification_fixed.md` (good) to learn best practices. + +## 🔧 Integration + +**Git hook:** +```bash +./spec_verifier.py [...] || exit 1 +``` + +**GitHub Actions:** +```yaml +- run: ./spec_verifier.py [...] --json > violations.json +``` + +**Makefile:** +```makefile +verify: spec_verifier.py -i input.txt -r reqs.txt -c const.txt -s spec.md +``` + +## 📝 License + +Same as parent project (bookstore-r-us) + +--- + +**Start here:** `./test_verifier.sh` → `cd examples && ./run_demo.sh` → Try with your docs! + +**Need help?** Read [`VERIFIER_OVERVIEW.md`](VERIFIER_OVERVIEW.md) or [`SPEC_VERIFIER_README.md`](SPEC_VERIFIER_README.md) + + diff --git a/SPEC_VERIFIER_SUMMARY.md b/SPEC_VERIFIER_SUMMARY.md new file mode 100644 index 0000000..e498195 --- /dev/null +++ b/SPEC_VERIFIER_SUMMARY.md @@ -0,0 +1,350 @@ +# Specification Verifier - Summary + +## What Was Built + +An **adversarial specification verification tool** that rigorously validates specification documents against their input sources. The tool is designed to catch gaps, contradictions, violations, and quality issues before they become problems. + +## Files Created + +``` +/Users/jasonbrady/repositories/bookstore-r-us/ +├── spec_verifier.py # Main verification tool (executable) +├── SPEC_VERIFIER_README.md # Comprehensive documentation +├── SPEC_VERIFIER_SUMMARY.md # This file +└── examples/ + ├── QUICKSTART.md # Quick start guide + ├── run_demo.sh # Demo script (executable) + ├── human_input.txt # Example: user stories and stakeholder input + ├── reverse_eng_requirements.txt # Example: reverse-engineered requirements + ├── constitution.txt # Example: guiding principles + ├── specification_with_issues.md # Example: spec with deliberate problems + └── specification_fixed.md # Example: improved specification +``` + +## How It Works + +### Input Documents + +The tool requires four types of documents: + +1. **Human Input Documents** - User stories, stakeholder requirements, business needs +2. **Requirements Documents** - Reverse-engineered or formal requirements +3. **Constitution** - Guiding principles and architectural constraints +4. **Specification** - The document to verify + +### Verification Checks + +The tool performs 10 adversarial checks: + +| Check | Severity | What It Finds | +|-------|----------|---------------| +| **Requirement Coverage** | CRITICAL | Requirements not addressed in spec | +| **Principle Violations** | CRITICAL | Violations of mandatory principles | +| **Contradictions** | CRITICAL | Conflicting specifications | +| **Scope Creep** | HIGH | Specs not tracing to requirements | +| **Completeness** | HIGH | Missing important aspects (security, errors, etc.) | +| **Ambiguity** | MEDIUM | Vague language ("reasonable", "adequate", "TBD") | +| **Testability** | MEDIUM | Specs without measurable criteria | +| **Vagueness** | MEDIUM | Lack of concrete details or numbers | +| **Consistency** | LOW | Inconsistent terminology | + +### Output + +The tool generates a detailed report with: +- Summary statistics +- Violations grouped by severity +- Evidence and line numbers for each violation +- Overall pass/fail verdict +- Exit code (0 = pass, 1 = fail with critical issues) + +## Usage Examples + +### Basic Usage + +```bash +./spec_verifier.py \ + --human-input inputs/user_stories.txt \ + --requirements reqs/technical_reqs.txt \ + --constitution docs/principles.txt \ + --specification specs/v1.md +``` + +### Run the Demo + +```bash +cd examples/ +./run_demo.sh +``` + +This runs verification on the example documents and shows typical output. + +### JSON Output (for CI/CD) + +```bash +./spec_verifier.py \ + -i input.txt \ + -r reqs.txt \ + -c principles.txt \ + -s spec.md \ + --json > violations.json +``` + +## Demo Results + +When run against `specification_with_issues.md`, the tool finds: + +### Critical Issues (2 categories) +- **4 uncovered requirements**: Security and accessibility requirements missing +- **26 principle violations**: Logging passwords violates security principles + +### High Severity (2 categories) +- **10 partially covered requirements**: Requirements mentioned but not fully specified +- **22 orphaned specifications**: Features not in original requirements (scope creep) + - Admin dashboard (not requested) + - Social media integration (not requested) + - Cryptocurrency support (not requested) + +### Medium Severity (3 categories) +- **7 ambiguous specifications**: Using terms like "various", "fast", "efficient", "nice" +- **1 vague specification**: Missing concrete details +- **38 untestable specifications**: Lacking measurable acceptance criteria + +### Low Severity (1 category) +- **1 consistency issue**: Mixing "user", "API", "service", "endpoint" terminology + +### Specific Violations Found + +**Logging Passwords (CRITICAL)** +``` +Line 61: "Failed attempts are logged to the system log file including +the password attempt for debugging" +``` +Violates: PRINCIPLE "The system shall not log credit card numbers or CVV codes" + +**Missing Password Reset (CRITICAL)** +``` +REQ-012: "The system needs to provide password reset functionality via email" +``` +Not addressed anywhere in the specification. + +**Scope Creep (HIGH)** +``` +SPEC-090: "The system includes an admin dashboard for managing products" +SPEC-091: "Integration with social media for sharing book recommendations" +SPEC-092: "The system supports multiple payment methods including cryptocurrency" +``` +None of these were in the original requirements - potential scope creep. + +**Ambiguous Language (MEDIUM)** +``` +"The filtering should be fast and efficient" +"Users can filter by various criteria" +"The homepage is optimized to load quickly through various techniques" +"The dashboard has a nice, modern look" +``` +Lacks specific, measurable criteria. + +## The "Fixed" Specification + +The `specification_fixed.md` demonstrates how to address violations: + +### Improvements Made + +1. **Added Missing Requirements** + - Password reset functionality (SPEC-033) + - Accessibility specifications (SPEC-110, SPEC-111) + - Security measures (SPEC-034) + +2. **Removed Sensitive Data Logging** + - Changed to: "Failed login attempts are logged with: timestamp, email (not password), IP address" + - Explicitly states: "Passwords NEVER logged" + +3. **Made Specifications Concrete** + - Before: "filtering should be fast and efficient" + - After: "95th percentile response time < 200ms" + +4. **Added Measurable Criteria** + - Before: "homepage loads quickly" + - After: "First Contentful Paint < 1.5s, Total load time < 3 seconds" + +5. **Removed Scope Creep** + - Deleted admin dashboard (not in requirements) + - Removed social media features (not requested) + - Removed cryptocurrency support (not requested) + +### Remaining Issues + +Even the "fixed" version still has some findings because: + +1. **Tool is intentionally strict** - Adversarial by design +2. **Some false positives** - Keyword matching has limitations +3. **Subjective criteria** - "Bad Request" flagged as ambiguous +4. **Demonstrates tool sensitivity** - Would rather catch too much than too little + +This is **intentional behavior** - the tool errs on the side of being too strict rather than missing real issues. + +## Key Features + +### 1. Adversarial by Design +The tool is skeptical and looks for problems. It's meant to find issues you might miss. + +### 2. No External Dependencies +Pure Python 3 with standard library only. No pip install required. + +### 3. Format Agnostic +Works with text files, markdown, or any plain-text format. Auto-detects requirements and specifications using pattern matching. + +### 4. Extensible +Easy to add new verification rules by adding methods to the `SpecificationVerifier` class. + +### 5. CI/CD Ready +- Exit codes for pass/fail +- JSON output for parsing +- Command-line interface +- Fast execution + +### 6. Detailed Reporting +- Line numbers for violations +- Evidence snippets +- Categorized by severity +- Actionable descriptions + +## Integration Ideas + +### Git Pre-commit Hook +```bash +#!/bin/bash +./spec_verifier.py -i inputs/ -r reqs/ -c const.txt -s spec.md || exit 1 +``` + +### GitHub Actions +```yaml +- name: Verify Specification + run: | + ./spec_verifier.py [...] --json > violations.json +``` + +### Makefile +```makefile +verify-spec: + @./spec_verifier.py [...] -o report_$(shell date +%Y%m%d).txt +``` + +### Pre-merge Review +Run verification before spec reviews to catch issues early. + +## Limitations & Trade-offs + +### Current Limitations + +1. **Semantic Understanding**: Uses keyword matching and heuristics, not true NLP +2. **False Positives**: May flag valid specifications (intentional - better safe than sorry) +3. **Context Insensitive**: Can't understand domain-specific terminology +4. **Format Dependent**: Works best with structured, well-formatted documents + +### Design Trade-offs + +| Trade-off | Decision | Rationale | +|-----------|----------|-----------| +| Strictness | Very strict | Rather catch false positives than miss real issues | +| Dependencies | Zero external deps | Easy to deploy, no version conflicts | +| Speed | Fast keyword matching | Rather than slow AI/NLP | +| Extensibility | Easy to add rules | Over complex configuration | +| Output | Detailed and verbose | Rather than minimal | + +### Known False Positives + +- Mentions of prohibited items when explaining they won't be done +- Similar wording flagged as contradictions +- REST verbs flagged as contradictory (POST vs DELETE) +- "Bad Request" flagged as ambiguous language + +These are **acceptable** - the tool prioritizes finding real issues over avoiding false positives. + +## Future Enhancements + +Potential improvements (not implemented): + +- [ ] LLM integration for semantic understanding +- [ ] Custom rule definitions via config file +- [ ] Configurable severity levels +- [ ] HTML report generation +- [ ] Traceability matrix visualization +- [ ] Interactive mode with fix suggestions +- [ ] Machine learning to reduce false positives +- [ ] Support for more document formats (PDF, DOCX) + +## Philosophy + +This tool embodies the principle: **"Trust, but verify."** + +In software development, specifications are critical. Bad specifications lead to: +- Wasted development time +- Missing features +- Security vulnerabilities +- Performance problems +- Customer dissatisfaction + +This tool applies adversarial thinking to catch problems early when they're cheap to fix. + +### Adversarial Mindset + +The tool asks tough questions: +- "Did you really address ALL requirements?" +- "Are you violating your own principles?" +- "Can this actually be tested?" +- "Is this specific enough to implement?" +- "Are you adding features that weren't requested?" +- "Will users understand what you mean?" + +### When to Use + +Use this tool: +- ✅ Before starting implementation +- ✅ During specification review +- ✅ Before stakeholder approval +- ✅ As part of CI/CD pipeline +- ✅ When requirements change + +Don't use for: +- ❌ Casual brainstorming documents +- ❌ Internal notes or drafts +- ❌ Non-technical documentation + +## Success Metrics + +Consider the tool successful when it helps you: +1. Find missing requirements before coding starts +2. Catch principle violations in specifications +3. Identify ambiguous language that would cause confusion +4. Prevent scope creep by flagging untraced specifications +5. Improve specification quality over time + +## Getting Started + +1. **Read the Quick Start**: `examples/QUICKSTART.md` +2. **Run the Demo**: `cd examples && ./run_demo.sh` +3. **Read Full Documentation**: `SPEC_VERIFIER_README.md` +4. **Try with your docs**: Start with small documents to understand output +5. **Integrate into workflow**: Add to your development process + +## Support + +The tool is self-contained and documented. Key resources: +- `SPEC_VERIFIER_README.md` - Full documentation +- `examples/QUICKSTART.md` - Getting started guide +- `examples/run_demo.sh` - Working example +- `spec_verifier.py --help` - Command-line help + +## License + +Same as the parent project (bookstore-r-us). + +--- + +**Built**: December 2025 +**Purpose**: Adversarial verification of specification documents +**Philosophy**: Better to catch issues early than fix bugs later +**Approach**: Strict, thorough, and uncompromising + + diff --git a/VERIFIER_OVERVIEW.md b/VERIFIER_OVERVIEW.md new file mode 100644 index 0000000..4cbc5a1 --- /dev/null +++ b/VERIFIER_OVERVIEW.md @@ -0,0 +1,270 @@ +# Specification Verifier - Overview + +## What Is This? + +An **adversarial verification tool** that validates specification documents against their input sources (requirements, principles, and stakeholder input). It's designed to catch problems early through rigorous, skeptical analysis. + +## The Problem It Solves + +Bad specifications lead to: +- ❌ Missing features +- ❌ Security vulnerabilities +- ❌ Wasted development time +- ❌ Scope creep +- ❌ Untestable requirements +- ❌ Customer dissatisfaction + +This tool catches these issues **before** they become code. + +## Quick Demo + +```bash +# Run the demo to see it in action +cd examples/ +./run_demo.sh +``` + +Expected output: The tool will find ~8 violation categories including: +- Missing requirements (password reset, accessibility) +- Security violations (logging passwords) +- Scope creep (features not in requirements) +- Ambiguous language +- Untestable specifications + +## Basic Usage + +```bash +./spec_verifier.py \ + --human-input user_stories.txt \ + --requirements technical_reqs.txt \ + --constitution principles.txt \ + --specification spec_to_verify.md +``` + +**Exit codes:** +- `0` = Passed (no critical issues) +- `1` = Failed (critical violations found) + +## What It Checks + +| Check | Severity | Finds | +|-------|----------|-------| +| Missing Requirements | CRITICAL | Requirements not in spec | +| Principle Violations | CRITICAL | Violations of mandatory rules | +| Contradictions | CRITICAL | Conflicting specs | +| Scope Creep | HIGH | Untraced specifications | +| Completeness | HIGH | Missing aspects (security, etc.) | +| Ambiguity | MEDIUM | Vague language ("reasonable", "TBD") | +| Testability | MEDIUM | No measurable criteria | +| Vagueness | MEDIUM | Lacks concrete details | +| Consistency | LOW | Inconsistent terminology | + +## Key Features + +✅ **Zero Dependencies** - Pure Python 3, no pip install needed +✅ **Format Agnostic** - Works with text, markdown, any plain text +✅ **Adversarial** - Skeptical and thorough by design +✅ **CI/CD Ready** - Exit codes, JSON output, fast execution +✅ **Detailed Reports** - Line numbers, evidence, categorized violations +✅ **Extensible** - Easy to add custom verification rules + +## Documentation + +- **Start Here**: [`examples/QUICKSTART.md`](examples/QUICKSTART.md) +- **Full Docs**: [`SPEC_VERIFIER_README.md`](SPEC_VERIFIER_README.md) +- **Summary**: [`SPEC_VERIFIER_SUMMARY.md`](SPEC_VERIFIER_SUMMARY.md) +- **Examples**: [`examples/README.md`](examples/README.md) + +## File Structure + +``` +/spec_verifier.py # Main tool (executable) +/test_verifier.sh # Test script +/SPEC_VERIFIER_README.md # Full documentation +/SPEC_VERIFIER_SUMMARY.md # Detailed summary +/VERIFIER_OVERVIEW.md # This file +/examples/ + ├── run_demo.sh # Demo script + ├── QUICKSTART.md # Quick start guide + ├── README.md # Examples documentation + ├── human_input.txt # Example: user stories + ├── reverse_eng_requirements.txt # Example: technical reqs + ├── constitution.txt # Example: principles + ├── specification_with_issues.md # Example: bad spec + └── specification_fixed.md # Example: good spec +``` + +## Testing + +Run the test suite: + +```bash +./test_verifier.sh +``` + +This verifies: +1. Python 3 is available +2. Main script is executable +3. Example files exist +4. Help flag works +5. Verification runs correctly + +## Real-World Example + +### Input: User Story +``` +REQ-001: Users must be able to reset their password via email +``` + +### Input: Security Principle +``` +PRINCIPLE: The system must never log passwords in plaintext +``` + +### Bad Specification +``` +SPEC-020: Login attempts are logged including the password for debugging +``` + +### What the Tool Finds +``` +[CRITICAL] COVERAGE: REQ-001 has NO coverage in specification + Password reset functionality is completely missing + +[CRITICAL] PRINCIPLE_VIOLATION: Logging passwords violates security principle + Line 20: Specification logs passwords in violation of mandatory principle +``` + +### Fixed Specification +``` +SPEC-020: Login attempts are logged with: timestamp, email (not password), + IP address, user-agent +Addresses: Security logging requirement + +SPEC-021: Password reset functionality +- POST /api/auth/password-reset/request - Send reset email +- Token valid for 1 hour, single-use +- POST /api/auth/password-reset/confirm - Complete reset +Addresses: REQ-001 +``` + +## Use Cases + +### 1. Pre-Implementation Review +Run before starting development to catch spec issues early. + +### 2. Stakeholder Approval +Verify spec completeness before stakeholder sign-off. + +### 3. Requirements Changes +Re-verify when requirements change to ensure spec stays aligned. + +### 4. CI/CD Pipeline +Automatically verify specs on every commit/PR. + +### 5. Quality Gate +Make passing verification a requirement for spec approval. + +## Integration Examples + +### Git Pre-commit Hook +```bash +#!/bin/bash +./spec_verifier.py [...] || exit 1 +``` + +### GitHub Actions +```yaml +- name: Verify Specification + run: ./spec_verifier.py [...] --json > violations.json +``` + +### Makefile +```makefile +verify-spec: + ./spec_verifier.py [...] || (echo "Spec verification failed" && exit 1) +``` + +## Philosophy + +The tool embodies **"Trust, but verify"** + +It applies adversarial thinking: +- "Did you REALLY address all requirements?" +- "Are you violating your own principles?" +- "Can this actually be tested?" +- "Is this specific enough to implement?" +- "Are you adding unrequested features?" + +Better to catch issues in specs (cheap to fix) than in code (expensive to fix) or production (very expensive to fix). + +## Limitations + +**False Positives**: The tool is intentionally strict and may flag valid specifications. This is by design - better to be too careful than miss real issues. + +**Keyword-Based**: Uses pattern matching, not true semantic understanding. May miss context-specific issues. + +**Format Dependent**: Works best with well-structured documents using clear requirement markers. + +These limitations are acceptable trade-offs for: +- Zero dependencies +- Fast execution +- Easy deployment +- Predictable behavior + +## Getting Started (5 Minutes) + +```bash +# 1. Test that everything works +./test_verifier.sh + +# 2. Run the demo +cd examples/ +./run_demo.sh + +# 3. Review the example specifications +less specification_with_issues.md +less specification_fixed.md + +# 4. Read the quick start +less QUICKSTART.md + +# 5. Try with your own documents +cd .. +./spec_verifier.py \ + --human-input your_input.txt \ + --requirements your_reqs.txt \ + --constitution your_principles.txt \ + --specification your_spec.md +``` + +## Success Metrics + +The tool is successful when it: +1. ✅ Finds missing requirements before coding starts +2. ✅ Catches principle violations in specifications +3. ✅ Identifies ambiguous language +4. ✅ Prevents scope creep +5. ✅ Improves spec quality over time + +## Support & Help + +- Run `./spec_verifier.py --help` for command-line options +- See `SPEC_VERIFIER_README.md` for full documentation +- Check `examples/QUICKSTART.md` for getting started +- Review example documents in `examples/` directory + +## Version + +- **Built**: December 2025 +- **Language**: Python 3 (3.7+) +- **Dependencies**: None (standard library only) +- **License**: Same as parent project + +--- + +**Remember**: This tool is adversarial by design. It's meant to find problems. Don't take violations personally - they're opportunities to improve your specifications before they become expensive bugs. + +**Start with**: `cd examples && ./run_demo.sh` + + diff --git a/docs/cart.png b/assets/images/cart.png similarity index 100% rename from docs/cart.png rename to assets/images/cart.png diff --git a/docs/checkout.png b/assets/images/checkout.png similarity index 100% rename from docs/checkout.png rename to assets/images/checkout.png diff --git a/docs/home.png b/assets/images/home.png similarity index 100% rename from docs/home.png rename to assets/images/home.png diff --git a/docs/product-category.png b/assets/images/product-category.png similarity index 100% rename from docs/product-category.png rename to assets/images/product-category.png diff --git a/docs/product.png b/assets/images/product.png similarity index 100% rename from docs/product.png rename to assets/images/product.png diff --git a/docs/REQUIREMENTS_GENERATOR_EXAMPLE.md b/docs/REQUIREMENTS_GENERATOR_EXAMPLE.md new file mode 100644 index 0000000..dd9aa09 --- /dev/null +++ b/docs/REQUIREMENTS_GENERATOR_EXAMPLE.md @@ -0,0 +1,262 @@ +# Example: Using the Requirements Generator Prompt + +> This example shows how to use the Requirements Generator Prompt with the Bookstore-R-Us stakeholder materials. + +--- + +## Complete Prompt Example + +Copy and paste this into your AI assistant to generate a requirements document: + +--- + +``` +You are a senior business analyst and requirements engineer. Your task is to synthesize input materials into a comprehensive, standardized Requirements Document. This document will be used as an input to generate formal Software Design Document (SDD) specifications when combined with architectural principles and constraints. + +--- + +## INPUT MATERIALS + +### Provided Sources + +#### SRC-001: Stakeholder Interview - VP Digital Experience - Modernization (STAKEHOLDER_TRANSCRIPT) +**Date:** December 9, 2024 +**Participant:** Sarah Mitchell, VP of Digital Experience + +**Key Points Extracted:** +- Homepage hero section is static PNG, needs animations and interactivity +- Product cards lack hover effects and microinteractions +- "Add to cart" has no satisfying visual feedback +- Typography is generic (Roboto everywhere), wants distinctive bookish feel +- Hardcoded user ID "u1001" in checkout is a security concern +- Login uses BCrypt (good) but lacks modern features (OAuth, MFA, JWT) +- Mobile experience is poor - cramped nav, hard-to-tap cart, bad product grid +- No search functionality (6,000+ products, customers can't find things) +- Wants "warm bookstore" visual identity, not generic corporate look +- Phase 1 target: Q2 2024 (board presentation) +- Phased approach preferred: MVP first, iterate + +**Stated Priorities:** +1. Visual modernization + security fixes (tied for #1) +2. Mobile experience improvements +3. Navigation and discovery (category browsing, eventually search) +4. Nice-to-haves: wishlists, profiles, order history + +#### SRC-002: Stakeholder Interview - VP Digital Experience - Mobile Strategy (STAKEHOLDER_TRANSCRIPT) +**Date:** December 12, 2024 +**Participant:** Sarah Mitchell, VP of Digital Experience + +**Key Metrics Revealed:** +- Mobile traffic: 31% (industry average: 65-70%) +- Mobile conversion: 0.8% (desktop: 3.2%) +- Mobile cart abandonment: 78% (desktop: 45%) +- Page load time: 6 seconds on 4G (target: <3 seconds) +- Mobile ad campaigns paused due to poor ROI +- Missing Gen Z/younger millennial demographic (mobile-first shoppers) + +**Strategic Direction:** +- Mobile-first design approach (design for mobile, scale to desktop) +- Progressive Web App (PWA) for Android benefits without native app cost +- No native app (for now) - revisit if metrics don't improve +- Target metrics: 60%+ mobile traffic, 2-2.5% conversion, <50% abandonment + +**Technical Requirements Discussed:** +- Minimum 44px touch targets +- Bottom navigation bar for thumb accessibility +- Apple Pay and Google Pay integration (high priority) +- Vertical feed-style product browsing +- Preserved scroll position on back navigation +- Cross-device wishlist/cart sync + +#### SRC-003: Technical Team Discussion - Stack Migration (TECHNICAL_DISCUSSION) +**Date:** December 11, 2024 +**Participants:** Mike (Tech Lead), Priya (Backend), Jordan (Full-Stack), Alex (DevOps) + +**Architecture Mandate:** +- Organization directive: Python/FastAPI for all new development +- React frontends (already aligned) +- Strangler fig migration pattern for gradual replacement + +**Service Migration Plan:** +| Service | Current | Target | Complexity | Owner | +|---------|---------|--------|------------|-------| +| Products | Spring Boot + JPA | FastAPI + SQLModel | Medium | Priya | +| Cart | Spring Boot (session-scoped) | FastAPI (stateless) | Low | Jordan | +| Checkout | Spring Boot + raw CQL | FastAPI + SQLAlchemy | High | Priya | +| Login | Spring Security | FastAPI + JWT | Medium | Jordan | +| API Gateway | Spring Cloud + Feign | FastAPI/lightweight proxy | Medium | Alex | +| Eureka | Spring Cloud Netflix | Remove (use env vars/k8s) | Low | Alex | + +**Frontend Migration:** +- React class components → Next.js with hooks +- Scattered CSS → Tailwind CSS +- Old component libraries → shadcn/ui + +**Critical Security Issues Identified:** +1. Order.setUser_id(1) - hardcoded to 1 regardless of actual user +2. Checkout always uses "u1001" - no real user flows through +3. SQL/CQL injection risk - string concatenation in transactions +4. No CSRF protection - explicitly disabled +5. Session-scoped beans may fail with load balancing + +**Timeline:** Q2 for frontend + security fixes, Q2-Q3 for full backend migration + +#### SRC-004: Current System Documentation (EXISTING_FUNCTIONALITY) +**Source:** Reverse-engineered from existing REQUIREMENTS.md + +**Implemented Features:** +- Product catalog with pagination (limit/offset) +- Product details by ASIN +- Category browsing (Books, Music, Beauty, Electronics) +- Sales rankings within categories +- Star rating display +- Shopping cart: add, view, remove, clear +- Cart total calculation +- Checkout with inventory validation +- Transactional inventory updates +- Order creation with confirmation number + +**Known Gaps (TODO items from existing docs):** +- Product search +- Product filtering (price, brand, rating) +- Update quantity in cart +- Wishlist / save for later +- Payment processing +- Shipping address/method +- Order confirmation emails +- Tax calculation +- Guest checkout +- Order history +- User profile management + +**Technical Debt:** +- Hardcoded user ID "u1001" +- Deprecated React patterns (componentWillReceiveProps, componentWillMount) +- HTTP only (no HTTPS) +- Raw CQL string concatenation + +--- + +## OUTPUT FORMAT + +Use Standard PRD Format (Option A from the template) with these modifications: +- Include a dedicated "Mobile Requirements" section under Non-Functional Requirements +- Add a "Migration Requirements" section under Technical Requirements +- Emphasize the Conflicts section given the stakeholder vs. technical team input + +--- + +## ADDITIONAL CONTEXT + +### Constitution Principles (Architectural Constraints) + +1. **Technology Stack Mandate:** + - Backend: Python 3.11+, FastAPI, SQLModel/SQLAlchemy + - Frontend: Next.js 14+, React 18+, TypeScript, Tailwind CSS + - Database: PostgreSQL (YSQL) - consolidate away from YCQL + - Authentication: JWT-based, with path to OAuth2 + +2. **Architecture Patterns:** + - Microservices with clear bounded contexts + - Stateless services (no session-scoped beans) + - Environment-based service discovery (no Eureka) + - API Gateway pattern for frontend-to-backend communication + +3. **Security Principles:** + - No hardcoded credentials or user IDs + - Parameterized queries only (no string concatenation) + - Proper authentication flow through all services + - HTTPS in production + +4. **UX Principles:** + - Mobile-first responsive design + - Minimum 44px touch targets + - Page load under 3 seconds on 4G + - Progressive Web App capabilities + +5. **Development Approach:** + - Strangler fig pattern for migration + - Phased delivery with working increments + - Parallel deployment during transition + +--- + +Now analyze the provided sources and generate the Requirements Document following the specified format. +``` + +--- + +## Expected Output Structure + +When you run this prompt, you should get a document with: + +1. **Executive Summary** - Synthesizing modernization + mobile + migration goals +2. **Stakeholder Analysis** - Sarah's business needs vs. technical team constraints +3. **Current State** - Gap analysis against existing functionality +4. **Functional Requirements** - Extracted from all sources with FR-XXX IDs +5. **Non-Functional Requirements** - Including dedicated Mobile section +6. **Technical Requirements** - Including Migration section +7. **UX Requirements** - Warm bookstore feel, modern interactions +8. **Conflicts Section** - e.g., timeline pressure vs. scope, mobile priority vs. backend migration + +--- + +## Conflict Examples the Generator Should Surface + +Based on these sources, the generator should identify conflicts like: + +### CONFLICT-001: Timeline vs. Scope +- **Sources:** SRC-001 (Sarah wants May delivery) vs. SRC-003 (team says migration is complex) +- **Nature:** Phase 1 scope may be too large for Q2 delivery +- **Recommendation:** Prioritize frontend refresh + critical security fixes; defer full backend migration + +### CONFLICT-002: Apple Pay Priority +- **Sources:** SRC-002 (Sarah says must-have) vs. SRC-003 (team says "might slip to phase 2") +- **Nature:** High-impact feature may not fit in phase 1 timeline +- **Recommendation:** Timebox integration effort; have fallback plan + +### CONFLICT-003: PWA vs. Native App +- **Sources:** SRC-002 (PWA recommended) vs. implicit iOS limitations +- **Nature:** PWA limitations on iOS may not fully address mobile gaps +- **Recommendation:** Start with PWA, measure results, revisit native if metrics don't improve + +--- + +## Tips for Your Workflow + +1. **Before generating:** Summarize long transcripts into key points (like I did above) + +2. **Include existing docs:** The REQUIREMENTS.md you already have is perfect as EXISTING_FUNCTIONALITY input + +3. **Iterate:** Run the generator, review output, add clarifications, regenerate + +4. **Version your requirements:** Keep dated versions as stakeholder input evolves + +5. **Connect to SDD:** Once requirements are stable, feed them + constitution into SDD generator + +--- + +## Quick Template (Copy-Paste Ready) + +For future stakeholder materials, use this intake format: + +```markdown +#### SRC-XXX: [Title] ([SOURCE_TYPE]) +**Date:** [Date] +**Participant(s):** [Names and Roles] + +**Key Points:** +- [Point 1] +- [Point 2] + +**Priorities Stated:** +1. [Priority 1] +2. [Priority 2] + +**Metrics/Data Mentioned:** +- [Metric]: [Value] + +**Constraints/Concerns:** +- [Constraint 1] +``` + diff --git a/docs/REQUIREMENTS_GENERATOR_PROMPT.md b/docs/REQUIREMENTS_GENERATOR_PROMPT.md new file mode 100644 index 0000000..9b38af2 --- /dev/null +++ b/docs/REQUIREMENTS_GENERATOR_PROMPT.md @@ -0,0 +1,590 @@ +# Requirements Document Generator Prompt + +> **Purpose:** This prompt template generates a standardized Requirements.md document from various input sources. The output is designed to be combined with a constitution/principles document to create formal Software Design Document (SDD) specifications. + +--- + +## PROMPT TEMPLATE + +``` +You are a senior business analyst and requirements engineer. Your task is to synthesize input materials into a comprehensive, standardized Requirements Document. This document will be used as an input to generate formal Software Design Document (SDD) specifications when combined with architectural principles and constraints. + +--- + +## INPUT MATERIALS + +### Source Type Definitions +Classify each input as one of: +- **STAKEHOLDER_TRANSCRIPT**: Summarized meeting notes, interview transcripts +- **EMAIL_THREAD**: Email correspondence with requirements discussions +- **EXISTING_FUNCTIONALITY**: Documentation of current system capabilities +- **TECHNICAL_DISCUSSION**: Engineering team discussions, technical constraints +- **BUSINESS_DOCUMENT**: Strategy docs, roadmaps, business cases + +### Provided Sources + +{{SOURCES}} + +--- + +## OUTPUT FORMAT + +{{FORMAT_TEMPLATE}} + +--- + +## ANALYSIS INSTRUCTIONS + +### Phase 1: Source Extraction +For each input source: +1. Identify explicit requirements (directly stated needs) +2. Identify implicit requirements (inferred from context, complaints, or workarounds) +3. Extract constraints and limitations mentioned +4. Note stakeholder priorities and urgency indicators +5. Capture success metrics or acceptance criteria mentioned + +### Phase 2: Requirement Classification +Categorize each extracted requirement as: +- **FUNCTIONAL**: Features and capabilities the system must provide +- **NON_FUNCTIONAL**: Performance, security, scalability, usability requirements +- **TECHNICAL**: Architecture, technology stack, integration requirements +- **BUSINESS**: Business rules, compliance, regulatory requirements +- **UX**: User experience, accessibility, design requirements + +### Phase 3: Cross-Reference Analysis +1. Compare extracted requirements against existing functionality documentation +2. Identify **NEW** requirements (not currently implemented) +3. Identify **ENHANCEMENT** requirements (improvements to existing features) +4. Identify **MIGRATION** requirements (changing how something works) +5. Identify **DEPRECATION** candidates (features to be removed or replaced) + +### Phase 4: Conflict Detection +Flag and document any conflicts: +- Contradictory requirements from different stakeholders +- Technical constraints that conflict with business requirements +- Timeline conflicts (dependencies, sequencing issues) +- Resource conflicts (competing priorities) +- Scope conflicts (feature creep vs. MVP) + +For each conflict, provide: +- Conflict ID (e.g., CONFLICT-001) +- Sources involved +- Nature of the conflict +- Recommended resolution or escalation path + +### Phase 5: Prioritization +Apply MoSCoW prioritization based on stakeholder input: +- **MUST**: Critical for launch/MVP +- **SHOULD**: Important but not blocking +- **COULD**: Nice to have if time permits +- **WON'T**: Explicitly out of scope (for this phase) + +--- + +## DOCUMENT GENERATION RULES + +1. **Traceability**: Every requirement must cite its source(s) +2. **Testability**: Requirements should be verifiable with clear acceptance criteria +3. **Atomicity**: Each requirement should be single-purpose +4. **Consistency**: Use consistent terminology throughout +5. **Completeness**: Flag gaps where requirements are implied but underspecified + +### Requirement ID Schema +- FR-XXX: Functional Requirements +- NFR-XXX: Non-Functional Requirements +- TR-XXX: Technical Requirements +- BR-XXX: Business Requirements +- UX-XXX: User Experience Requirements + +### Status Indicators +Use these status markers: +- [NEW]: Not in current system +- [ENHANCE]: Improving existing capability +- [MIGRATE]: Changing implementation approach +- [VERIFIED]: Confirmed with stakeholders +- [DRAFT]: Needs stakeholder validation +- [CONFLICT]: Has unresolved conflicts (see Conflicts section) + +--- + +## ADDITIONAL CONTEXT + +{{CONSTITUTION_PRINCIPLES}} + +--- + +Now analyze the provided sources and generate the Requirements Document following the specified format. +``` + +--- + +## FORMAT TEMPLATES + +### Option A: Standard PRD Format (Default) + +```markdown +# [PROJECT_NAME] - Product Requirements Document + +> **Version:** X.Y +> **Status:** DRAFT | REVIEW | APPROVED +> **Last Updated:** [DATE] +> **Author:** [GENERATED FROM SOURCE ANALYSIS] + +--- + +## Document Control + +| Version | Date | Author | Changes | +|---------|------|--------|---------| +| X.Y | [DATE] | [AUTHOR] | Initial generation from sources | + +### Source Materials Analyzed +| Source ID | Type | Description | Date | +|-----------|------|-------------|------| +| SRC-001 | [TYPE] | [DESCRIPTION] | [DATE] | + +--- + +## 1. Executive Summary + +[2-3 paragraph summary of the project scope, key objectives, and high-level requirements. Include primary stakeholder goals and success criteria.] + +### Key Objectives +1. [Primary objective] +2. [Secondary objective] +3. [Additional objectives...] + +### Success Metrics +| Metric | Current State | Target State | Timeline | +|--------|---------------|--------------|----------| +| [Metric] | [Current] | [Target] | [Date] | + +--- + +## 2. Stakeholder Analysis + +### Primary Stakeholders +| Stakeholder | Role | Key Concerns | Priority Requirements | +|-------------|------|--------------|----------------------| +| [Name/Role] | [Description] | [Concerns] | [Refs to requirements] | + +### Stakeholder Priority Matrix +| Requirement Area | [Stakeholder 1] | [Stakeholder 2] | [Stakeholder N] | +|------------------|-----------------|-----------------|-----------------| +| [Area] | HIGH/MED/LOW | HIGH/MED/LOW | HIGH/MED/LOW | + +--- + +## 3. Current State Analysis + +### Existing Functionality +[Summary of current system capabilities relevant to this requirements document] + +| Feature | Current Status | Gap Analysis | +|---------|----------------|--------------| +| [Feature] | ✅ Implemented / ⚠️ Partial / ❌ Missing | [Gap description] | + +### Technical Debt / Known Issues +| Issue ID | Description | Impact | Related Requirements | +|----------|-------------|--------|---------------------| +| [ID] | [Description] | [Impact] | [Requirement refs] | + +--- + +## 4. Functional Requirements + +### 4.1 [Feature Area 1] + +#### [FR-001] [Requirement Title] +- **Priority:** MUST | SHOULD | COULD +- **Status:** [NEW] | [ENHANCE] | [MIGRATE] +- **Source(s):** SRC-XXX, SRC-YYY +- **Description:** [Detailed requirement description] +- **Acceptance Criteria:** + - [ ] [Criterion 1] + - [ ] [Criterion 2] +- **Dependencies:** [Related requirement IDs] +- **Notes:** [Additional context] + +[Repeat for each functional requirement] + +### 4.2 [Feature Area 2] +[...] + +--- + +## 5. Non-Functional Requirements + +### 5.1 Performance +| ID | Requirement | Metric | Target | Priority | +|----|-------------|--------|--------|----------| +| NFR-001 | [Requirement] | [Metric] | [Target] | MUST/SHOULD | + +### 5.2 Security +| ID | Requirement | Compliance | Priority | +|----|-------------|------------|----------| +| NFR-0XX | [Requirement] | [Standard if applicable] | MUST/SHOULD | + +### 5.3 Scalability +[...] + +### 5.4 Usability/Accessibility +[...] + +### 5.5 Reliability/Availability +[...] + +--- + +## 6. Technical Requirements + +| ID | Requirement | Rationale | Source | +|----|-------------|-----------|--------| +| TR-001 | [Requirement] | [Why needed] | SRC-XXX | + +### Technology Stack Decisions +| Layer | Current | Target | Rationale | +|-------|---------|--------|-----------| +| [Layer] | [Current] | [Target] | [Reason] | + +### Integration Requirements +| System | Integration Type | Requirements | +|--------|------------------|--------------| +| [System] | [API/Event/etc.] | [Details] | + +--- + +## 7. User Experience Requirements + +### 7.1 Design Principles +[Key UX principles extracted from stakeholder input] + +### 7.2 Specific UX Requirements +| ID | Requirement | Rationale | Priority | +|----|-------------|-----------|----------| +| UX-001 | [Requirement] | [User need] | MUST/SHOULD | + +### 7.3 Accessibility Requirements +[WCAG compliance level, specific accessibility needs] + +--- + +## 8. Business Requirements + +| ID | Requirement | Business Driver | Source | +|----|-------------|-----------------|--------| +| BR-001 | [Requirement] | [Business need] | SRC-XXX | + +### Business Rules +| Rule ID | Description | Conditions | Actions | +|---------|-------------|------------|---------| +| BR-XXX | [Rule] | [When] | [Then] | + +--- + +## 9. Constraints & Assumptions + +### Constraints +| ID | Constraint | Type | Impact | +|----|------------|------|--------| +| CON-001 | [Constraint] | Technical/Business/Regulatory | [Impact] | + +### Assumptions +| ID | Assumption | Risk if Invalid | Validation Plan | +|----|------------|-----------------|-----------------| +| ASM-001 | [Assumption] | [Risk] | [How to validate] | + +--- + +## 10. Conflicts & Resolutions + +### Identified Conflicts + +#### CONFLICT-001: [Conflict Title] +- **Sources:** SRC-XXX vs SRC-YYY +- **Nature:** [Description of the conflict] +- **Option A:** [First resolution option] +- **Option B:** [Second resolution option] +- **Recommendation:** [Recommended resolution] +- **Status:** OPEN | RESOLVED | ESCALATED +- **Resolution:** [If resolved, document decision and rationale] + +[Repeat for each conflict] + +### Conflict Summary +| ID | Type | Severity | Status | Owner | +|----|------|----------|--------|-------| +| CONFLICT-001 | [Type] | HIGH/MED/LOW | [Status] | [Who decides] | + +--- + +## 11. Phasing & Roadmap + +### Phase Overview +| Phase | Scope | Target Date | Key Deliverables | +|-------|-------|-------------|------------------| +| Phase 1 | [Scope] | [Date] | [Deliverables] | +| Phase 2 | [Scope] | [Date] | [Deliverables] | + +### Requirement Phasing +| Requirement | Phase | Rationale | +|-------------|-------|-----------| +| FR-XXX | Phase 1 | [Why this phase] | + +--- + +## 12. Out of Scope + +Items explicitly excluded from this requirements document: + +| Item | Reason | Future Consideration | +|------|--------|---------------------| +| [Item] | [Why excluded] | Phase X / Never / TBD | + +--- + +## 13. Open Questions + +| ID | Question | Owner | Due Date | Status | +|----|----------|-------|----------|--------| +| Q-001 | [Question] | [Who] | [Date] | OPEN/ANSWERED | + +--- + +## 14. Glossary + +| Term | Definition | +|------|------------| +| [Term] | [Definition] | + +--- + +## 15. Appendices + +### A. Source Material Summaries +[Brief summaries of each input source] + +### B. Requirement Traceability Matrix +| Requirement ID | Source(s) | Related Requirements | Test Cases | +|----------------|-----------|---------------------|------------| +| [ID] | [Sources] | [Related] | [Tests] | + +### C. Change Log +[Track changes to this document] + +--- + +*Document generated from source analysis* +*Review required before SDD specification generation* +``` + +--- + +### Option B: Lean Requirements Format + +```markdown +# [PROJECT_NAME] - Requirements Summary + +> **Version:** X.Y | **Date:** [DATE] | **Status:** DRAFT + +--- + +## Executive Summary +[1 paragraph summary] + +## Key Requirements + +### Must Have (MVP) +| ID | Requirement | Source | Status | +|----|-------------|--------|--------| +| [ID] | [Requirement] | [Source] | [Status] | + +### Should Have +| ID | Requirement | Source | Status | +|----|-------------|--------|--------| + +### Could Have +| ID | Requirement | Source | Status | +|----|-------------|--------|--------| + +## Conflicts +| ID | Conflict | Resolution | +|----|----------|------------| + +## Open Questions +| Question | Owner | Due | +|----------|-------|-----| + +## Next Steps +1. [Action item] +2. [Action item] +``` + +--- + +### Option C: Technical Specification Focus + +```markdown +# [PROJECT_NAME] - Technical Requirements Specification + +> **Version:** X.Y | **Date:** [DATE] + +--- + +## 1. System Overview +[Technical context and scope] + +## 2. Functional Specifications + +### 2.1 [Component/Service Name] + +#### Endpoints/Interfaces +| Method | Path | Description | Request | Response | +|--------|------|-------------|---------|----------| + +#### Business Logic +[Detailed logic specifications] + +#### Data Models +| Field | Type | Constraints | Description | +|-------|------|-------------|-------------| + +### 2.2 [Next Component] +[...] + +## 3. Non-Functional Specifications +[Detailed NFRs with technical metrics] + +## 4. Integration Specifications +[API contracts, event schemas, etc.] + +## 5. Migration Specifications +[If applicable - current to future state mapping] + +## 6. Security Specifications +[Authentication, authorization, data protection] + +## 7. Appendices +[Schemas, diagrams, references] +``` + +--- + +## USAGE EXAMPLES + +### Example 1: Basic Usage + +``` +You are a senior business analyst... + +--- + +## INPUT MATERIALS + +### Provided Sources + +#### SRC-001: Stakeholder Interview - VP Digital Experience (STAKEHOLDER_TRANSCRIPT) +[Paste summarized transcript here] + +#### SRC-002: Technical Team Discussion (TECHNICAL_DISCUSSION) +[Paste meeting notes here] + +#### SRC-003: Current System Documentation (EXISTING_FUNCTIONALITY) +[Paste existing requirements/docs here] + +--- + +## OUTPUT FORMAT + +[Use Standard PRD Format - Option A] + +--- + +## ADDITIONAL CONTEXT + +### Constitution Principles +- All systems must use Python/FastAPI for backend services +- Security-first approach: all user data must be properly authenticated +- Mobile-first design philosophy +- Microservices architecture with clear service boundaries +``` + +### Example 2: With Custom Format + +``` +... + +## OUTPUT FORMAT + +Generate using this custom format: + +# Requirements Brief +## Problem Statement +## Proposed Solution +## Requirements Table (ID | Priority | Description | Acceptance Criteria) +## Dependencies +## Risks + +... +``` + +--- + +## PROMPT CUSTOMIZATION OPTIONS + +### A. Add Domain-Specific Sections +Modify the format template to include industry-specific sections: +- **E-commerce**: Payment processing, inventory management, fulfillment +- **Healthcare**: HIPAA compliance, patient data, clinical workflows +- **Finance**: Regulatory compliance, audit trails, transaction processing + +### B. Adjust Detail Level +- **Executive Brief**: High-level summary for leadership +- **Product Spec**: Detailed for product managers +- **Technical Spec**: Implementation-ready for engineers + +### C. Include Specific Analysis +Add instructions for specific analysis needs: +``` +### Additional Analysis Required +- Competitive feature comparison +- Regulatory compliance checklist +- Accessibility audit +- Performance baseline comparison +``` + +--- + +## TIPS FOR BEST RESULTS + +1. **Summarize transcripts well**: Raw transcripts work but summarized versions with key points highlighted produce better results + +2. **Include existing documentation**: The more context about current state, the better the gap analysis + +3. **Specify stakeholder roles**: Help the model understand whose voice carries which weight + +4. **Define your terms**: Include a glossary of domain-specific terms if relevant + +5. **Be explicit about constraints**: Technology mandates, timeline, budget, team size + +6. **Provide the constitution upfront**: If you have architectural principles or constraints, include them + +--- + +## INTEGRATION WITH SDD GENERATION + +This Requirements Document is designed to be an input for SDD generation. When feeding into SDD creation: + +1. **Requirements.md** provides the WHAT (features, capabilities, constraints) +2. **Constitution.md** provides the HOW (architectural patterns, technology choices, principles) +3. **SDD** synthesizes both into implementation specifications + +### Recommended Flow +``` +[Stakeholder Sources] → [Requirements Generator Prompt] → [Requirements.md] + ↓ +[Architecture Principles] → [Constitution.md] ────────────────┤ + ↓ + [SDD Generator Prompt] → [SDD.md] +``` + diff --git a/docs/inputs/architecture.mmd b/docs/inputs/architecture.mmd new file mode 100644 index 0000000..5e22ff9 --- /dev/null +++ b/docs/inputs/architecture.mmd @@ -0,0 +1,236 @@ +%% YugaStore Java Microservices Architecture +%% This diagram shows the component and class architecture of the application + +flowchart TB + subgraph Client["Client Layer"] + ReactUI["React UI"] + end + + subgraph Gateway["API Gateway Microservice :8081"] + direction TB + GatewayMain["YugastoreApiGateway<br/>@SpringBootApplication"] + + subgraph GatewayControllers["Controllers"] + ProductCatalogCtrl["ProductCatalogController"] + ShoppingCartCtrl["ShoppingCartController"] + end + + subgraph GatewayServices["Services"] + ProductCatalogSvcRest["ProductCatalogServiceRest<br/>«interface»"] + ShoppingCartSvcRest["ShoppingCartServiceRest<br/>«interface»"] + CheckoutSvcRest["CheckoutServiceRest<br/>«interface»"] + ProductCatalogSvcImpl["ProductCatalogServiceRestImpl"] + ShoppingCartSvcImpl["ShoppingCartServiceRestImpl"] + CheckoutSvcImpl["CheckoutServiceRestImpl"] + end + + subgraph GatewayFeignClients["Feign Clients"] + ProductFeignClient["ProductCatalogRestClient<br/>@FeignClient"] + CartFeignClient["ShoppingCartRestClient<br/>@FeignClient"] + CheckoutFeignClient["CheckoutRestClient<br/>@FeignClient"] + end + + ProductCatalogSvcImpl -.->|implements| ProductCatalogSvcRest + ShoppingCartSvcImpl -.->|implements| ShoppingCartSvcRest + CheckoutSvcImpl -.->|implements| CheckoutSvcRest + + ProductCatalogCtrl --> ProductCatalogSvcRest + ShoppingCartCtrl --> ShoppingCartSvcRest + ShoppingCartCtrl --> CheckoutSvcRest + + ProductCatalogSvcImpl --> ProductFeignClient + ShoppingCartSvcImpl --> CartFeignClient + CheckoutSvcImpl --> CheckoutFeignClient + end + + subgraph Products["Products Microservice :8082"] + direction TB + ProductsMain["YugastoreProducts<br/>@SpringBootApplication"] + + subgraph ProductControllers["Controllers"] + ProductCtrl["ProductCatalogController"] + end + + subgraph ProductServices["Services"] + ProductSvc["ProductService<br/>«interface»"] + ProductSvcImpl["ProductServiceImpl"] + ProductInvSvc["ProductInventoryService<br/>«interface»"] + ProductInvSvcImpl["ProductInventoryServiceImpl"] + ProductRankSvc["ProductRankingService<br/>«interface»"] + ProductRankSvcImpl["ProductRankingServiceImpl"] + end + + subgraph ProductRepos["Repositories"] + ProductMetaRepo["ProductMetadataRepo<br/>extends CassandraRepository"] + ProductInvRepo["ProductInventoryRepository<br/>extends CassandraRepository"] + ProductRankRepo["ProductRankingRepository<br/>extends CassandraRepository"] + end + + subgraph ProductDomain["Domain Models"] + ProductMetadata["ProductMetadata<br/>@Table products"] + ProductInventory["ProductInventory<br/>@Table product_inventory"] + ProductRanking["ProductRanking<br/>@Table product_rankings"] + ProductRankingKey["ProductRankingKey<br/>@PrimaryKeyClass"] + end + + ProductSvcImpl -.->|implements| ProductSvc + ProductInvSvcImpl -.->|implements| ProductInvSvc + ProductRankSvcImpl -.->|implements| ProductRankSvc + + ProductCtrl --> ProductSvc + ProductCtrl --> ProductRankSvc + + ProductSvcImpl --> ProductMetaRepo + ProductInvSvcImpl --> ProductInvRepo + ProductRankSvcImpl --> ProductRankRepo + + ProductMetaRepo --> ProductMetadata + ProductInvRepo --> ProductInventory + ProductRankRepo --> ProductRanking + ProductRanking --> ProductRankingKey + end + + subgraph Cart["Cart Microservice :8083"] + direction TB + CartMain["YugastoreCart<br/>@SpringBootApplication"] + + subgraph CartControllers["Controllers"] + CartCtrl["ShoppingCartController"] + end + + subgraph CartServices["Services"] + CartSvcImpl["ShoppingCartImpl<br/>@Transactional"] + end + + subgraph CartRepos["Repositories"] + CartRepo["ShoppingCartRepository<br/>extends CrudRepository"] + end + + subgraph CartDomain["Domain Models"] + ShoppingCart["ShoppingCart<br/>@Entity shopping_cart"] + ShoppingCartKey["ShoppingCartKey"] + end + + CartCtrl --> CartSvcImpl + CartSvcImpl --> CartRepo + CartRepo --> ShoppingCart + ShoppingCart --> ShoppingCartKey + end + + subgraph Checkout["Checkout Microservice :8086"] + direction TB + CheckoutMain["YugastoreCheckout<br/>@SpringBootApplication"] + + subgraph CheckoutControllers["Controllers"] + CheckoutCtrl["CheckoutController"] + end + + subgraph CheckoutServices["Services"] + CheckoutSvc["CheckoutServiceImpl<br/>@Transactional"] + end + + subgraph CheckoutRepos["Repositories"] + CheckoutInvRepo["ProductInventoryRepository<br/>extends CassandraRepository"] + end + + subgraph CheckoutFeignClients["Feign Clients"] + CheckoutProductClient["ProductCatalogRestClient<br/>@FeignClient"] + CheckoutCartClient["ShoppingCartRestClient<br/>@FeignClient"] + end + + subgraph CheckoutDomain["Domain Models"] + Order["Order"] + CheckoutStatus["CheckoutStatus"] + end + + CheckoutCtrl --> CheckoutSvc + CheckoutSvc --> CheckoutInvRepo + CheckoutSvc --> CheckoutProductClient + CheckoutSvc --> CheckoutCartClient + CheckoutSvc --> Order + CheckoutSvc --> CheckoutStatus + end + + subgraph Login["Login Microservice :8085"] + direction TB + LoginMain["YugastoreLoginService<br/>@SpringBootApplication"] + + subgraph LoginControllers["Controllers"] + UserCtrl["UserController"] + end + + subgraph LoginServices["Services"] + UserSvc["UserService<br/>«interface»"] + UserSvcImpl["UserServiceImpl"] + SecuritySvc["SecurityService<br/>«interface»"] + SecuritySvcImpl["SecurityServiceImpl"] + UserDetailsSvc["UserDetailsServiceImpl"] + end + + subgraph LoginRepos["Repositories"] + UserRepo["UserRepository<br/>extends JpaRepository"] + RoleRepo["RoleRepository<br/>extends JpaRepository"] + end + + subgraph LoginDomain["Domain Models"] + User["User<br/>@Entity username"] + Role["Role<br/>@Entity role"] + end + + UserSvcImpl -.->|implements| UserSvc + SecuritySvcImpl -.->|implements| SecuritySvc + + UserCtrl --> UserSvc + UserSvcImpl --> UserRepo + UserDetailsSvc --> UserRepo + UserRepo --> User + RoleRepo --> Role + User -->|ManyToMany| Role + end + + subgraph Databases["Data Layer"] + direction LR + subgraph Cassandra["YugabyteDB / Cassandra :9042"] + CassandraDB[("Keyspace: cronos<br/>- products<br/>- product_inventory<br/>- product_rankings")] + end + + subgraph Postgres["PostgreSQL :5433"] + PostgresDB[("- shopping_cart<br/>- username<br/>- role")] + end + end + + %% Client connections + ReactUI --> Gateway + + %% Feign client connections (service-to-service) + ProductFeignClient -->|REST| Products + CartFeignClient -->|REST| Cart + CheckoutFeignClient -->|REST| Checkout + CheckoutProductClient -->|REST| Products + CheckoutCartClient -->|REST| Cart + + %% Database connections + ProductMetaRepo -->|YCQL| CassandraDB + ProductInvRepo -->|YCQL| CassandraDB + ProductRankRepo -->|YCQL| CassandraDB + CheckoutInvRepo -->|YCQL| CassandraDB + CartRepo -->|JPA| PostgresDB + UserRepo -->|JPA| PostgresDB + RoleRepo -->|JPA| PostgresDB + + %% Styling + classDef controller fill:#a8d5ba,stroke:#2d6a4f + classDef service fill:#b8d4e3,stroke:#1d3557 + classDef repo fill:#f4d35e,stroke:#ee964b + classDef domain fill:#f7b267,stroke:#f25c54 + classDef feign fill:#d4a5a5,stroke:#9c6644 + classDef database fill:#c8b6ff,stroke:#7b2cbf + classDef main fill:#90be6d,stroke:#43aa8b + + class ProductCatalogCtrl,ShoppingCartCtrl,ProductCtrl,CartCtrl,CheckoutCtrl,UserCtrl controller + class ProductCatalogSvcRest,ShoppingCartSvcRest,CheckoutSvcRest,ProductCatalogSvcImpl,ShoppingCartSvcImpl,CheckoutSvcImpl,ProductSvc,ProductSvcImpl,ProductInvSvc,ProductInvSvcImpl,ProductRankSvc,ProductRankSvcImpl,CartSvcImpl,CheckoutSvc,UserSvc,UserSvcImpl,SecuritySvc,SecuritySvcImpl,UserDetailsSvc service + class ProductMetaRepo,ProductInvRepo,ProductRankRepo,CartRepo,CheckoutInvRepo,UserRepo,RoleRepo repo + class ProductMetadata,ProductInventory,ProductRanking,ProductRankingKey,ShoppingCart,ShoppingCartKey,Order,CheckoutStatus,User,Role domain + class ProductFeignClient,CartFeignClient,CheckoutFeignClient,CheckoutProductClient,CheckoutCartClient feign + class CassandraDB,PostgresDB database + class GatewayMain,ProductsMain,CartMain,CheckoutMain,LoginMain main diff --git a/docs/inputs/high_level_features.md b/docs/inputs/high_level_features.md new file mode 100644 index 0000000..987d6c7 --- /dev/null +++ b/docs/inputs/high_level_features.md @@ -0,0 +1,438 @@ +# Business Requirements & Features - Bookstore E-Commerce Platform + +## **1. Executive Summary** + +This document establishes the **business requirements, functional capabilities, and technical implementation** for a **cloud-native, scalable, resilient microservices-based e-commerce platform** (Yugastore/Bookstore-R-Us). + +The platform is designed as a **technology-agnostic**, forward-looking system that supports **AI-assisted, spec-driven development workflows**, ensuring durable engineering discipline and predictable delivery. + +**Last Updated:** 2025-12-09 + +--- + +## **2. Business Requirements** + +### **2.1 Purpose and Scope** + +The system supports: +- Online bookstore shopping experience (expandable to multi-category retail) +- Product catalog and search capabilities +- Cart and checkout workflows +- Order lifecycle & fulfillment +- Identity, authentication & authorization +- Payment routing (future/optional) +- Inventory management and data storage +- API gateway & routing +- Observability, resilience, and performance monitoring + +### **2.2 Target Performance Objectives** + +#### **Performance** +- API response time target: ≤ 200 ms at P95 +- Catalog & cart endpoints must support burst traffic +- Page load time: ≤ 2 seconds for initial render + +#### **Scalability** +- Horizontal scaling for compute and storage +- Services must avoid single points of failure +- Support for concurrent users: 10,000+ simultaneous sessions + +#### **Reliability & Availability** +- SLO: 99.9% uptime +- Redundancy for critical services +- Graceful degradation & fallback strategies +- Zero-downtime deployments + +#### **Resilience** +- Circuit breakers, retries, backoff strategies +- Rate limiting and API quota enforcement +- Fault isolation between microservices + +#### **Accessibility (UI)** +- WCAG AA compliance target +- Keyboard navigation support +- Alternative text for images +- Semantic HTML structure + +#### **Internationalization (Future)** +- Multi-language content support +- Configurable currency and locale formats +- Timezone-aware order processing + +--- + +## **3. Functional Features - Current Implementation** + +### **3.1 Product Catalog** + +**Business Requirement:** Browse/search products with rich metadata, pricing, and availability information. Support category filtering and pagination for optimal user experience. + +**Implementation Status:** ✅ **Fully Implemented** + +#### Features: +- **Product Listing** + - Browse all products with pagination (12 items per page) + - Navigate between pages (Previous/Next) + - View product thumbnails, titles, prices, and star ratings + - Quick "Add to Cart" button on each product card + +- **Category Navigation** + - Primary categories in navigation bar: Books, Music, Beauty, Electronics + - Extended categories (18 total): Kitchen & Dining, Toys & Games, Pet Supplies, Grocery & Gourmet Food, Video Games, Movies & TV, Arts, Crafts & Sewing, Home & Kitchen, Patio, Lawn & Garden, Health & Personal Care, Cell Phones & Accessories, Industrial & Scientific, Sports & Outdoors + +- **Product Details Page** + - Full product image display + - Product title and description + - Price display + - Star rating visualization (5-star system with half-stars) + - Number of reviews and total stars + - Brand information + - "Add to Cart" button + +- **Product Recommendations** + - "Also Bought" section showing related products + - Based on `also_bought`, `also_viewed`, `bought_together`, and `buy_after_viewing` data + - Cross-sell and upsell opportunities + +- **Product Sorting** + - By highest rating (`num_stars`) + - By most reviews (`num_reviews`) + - By best selling (`num_buys`) + - By most pageviews (`num_views`) + +**Gap Analysis:** +- ⚠️ Product search functionality not implemented (no search bar) +- ⚠️ Advanced filtering (price range, brand, etc.) not implemented + +--- + +### **3.2 Shopping Cart** + +**Business Requirement:** Add/remove/update items with stateless operations backed by durable storage. Persist carts for authenticated users. + +**Implementation Status:** ✅ **Fully Implemented** + +#### Features: +- **Cart Management** + - Add items to cart from product listings or detail pages + - Remove items from cart + - View cart contents with product images and details + - Real-time cart count display in navigation bar + - Visual feedback on cart errors + +- **Cart Display** + - Product image, title, and link to product page + - Individual product price + - Quantity of each item + - Running subtotal calculation + - Tax display (currently $0.00) + +- **Cart Persistence** + - Cart data persisted per user session + - Cart automatically fetched on page load + - Cart state maintained during navigation + - Backed by YugabyteDB YCQL storage + +**Performance:** Cart operations are stateless and horizontally scalable. + +--- + +### **3.3 Checkout & Order Processing** + +**Business Requirement:** Tax/shipping calculation, order summary, payment flow (future), order creation & order tracking lifecycle. + +**Implementation Status:** ✅ **Core Features Implemented** | ⚠️ **Payment Integration Pending** + +#### Features: +- **Checkout Process** + - Single-click checkout from cart page + - Inventory validation before purchase + - Out-of-stock detection with appropriate messaging + - Transactional order creation (using Cassandra transactions) + +- **Order Confirmation** + - Order number generation (UUID-based) + - Order details summary (products, quantities, total) + - "Thank you" confirmation message + - Order number displayed as `#kmp-{orderNumber}` + +- **Inventory Management** + - Real-time inventory quantity tracking + - Automatic inventory deduction on successful checkout + - Validation against available stock + - Transaction-safe operations + +- **Order Records** + - Order ID (UUID) + - User ID association + - Order details (items purchased) + - Order timestamp + - Order total amount + +**Gap Analysis:** +- ⚠️ Payment processing not integrated +- ⚠️ Shipping cost calculation not implemented +- ⚠️ Order tracking/history view not available to users +- ⚠️ Order status updates not implemented + +--- + +### **3.4 User Authentication** + +**Business Requirement:** Support login/signup with token-based session management. Integrate with cloud identity provider (Cognito/Okta/etc.). + +**Implementation Status:** ✅ **Basic Implementation** | ⚠️ **Cloud Identity Integration Pending** + +#### Features: +- **User Registration** + - Registration form with validation + - Username and password fields + - Password confirmation + - Redirect to login after successful registration + +- **User Login** + - Username/password authentication + - Error messaging for invalid credentials + - Logout functionality with confirmation message + - Session-based authentication + +- **User Management** + - User role support (role-based access) + - User validation (via UserValidator) + - Secure password handling + - Data stored in YugabyteDB YSQL (PostgreSQL-compatible) + +**Gap Analysis:** +- ⚠️ Cloud identity provider integration not implemented +- ⚠️ OAuth/SSO support not available +- ⚠️ Multi-factor authentication not implemented +- ⚠️ Password reset functionality not visible + +--- + +### **3.5 Homepage & Marketing** + +**Business Requirement:** Engaging landing page with promotional content to drive conversions and category exploration. + +**Implementation Status:** ✅ **Implemented** + +#### Features: +- **Hero Section** + - Full-width promotional banner/image + - Brand showcase area + +- **Bestseller Highlights** + - Featured products from each major category (4 items each): + - Bestsellers in Books + - Bestsellers in Music + - Bestsellers in Beauty + - Bestsellers in Electronics + - Quick links to category pages + +- **Newsletter Subscription** + - Email subscription form + - Marketing messaging ("Let's keep the conversation going") + - Call-to-action for newsletter signup + +**Gap Analysis:** +- ⚠️ Newsletter backend integration not implemented +- ⚠️ Email marketing automation not connected + +--- + +### **3.6 Navigation & User Interface** + +**Business Requirement:** Responsive, accessible, and intuitive user interface adhering to modern web standards. + +**Implementation Status:** ✅ **Implemented** + +#### Features: +- **Navigation Bar** + - Logo with link to homepage + - Category links with icons (Books, Music, Beauty, Electronics) + - Shopping cart icon with item count badge + - Scroll-responsive styling (transparent to solid) + - Active state highlighting for current category + +- **Footer** + - Logo display + - Brand attribution (YugaByte DB) + - Copyright notice + - Extended category links (18 categories) + - External link to yugabyte.com + +- **Responsive Design** + - Mobile-friendly layouts (Bootstrap grid) + - Adaptive navigation + - Responsive product grids (1-4 columns based on viewport) + - Touch-friendly interactions + +**Accessibility Status:** Partial compliance with WCAG AA (needs audit) + +--- + +### **3.7 System Management APIs** + +**Business Requirement:** Health checks, service discovery, and operational endpoints for monitoring and management. + +**Implementation Status:** ✅ **Implemented** + +#### Features: +- Service discovery via Eureka Server (port 8761) +- Health check endpoints on all microservices +- API Gateway routing and aggregation (port 8081) +- Operational observability hooks + +--- + +## **4. Technical Architecture** + +### **4.1 Microservices Architecture** + +Backend services supporting the features above: + +| Service | Port | Responsibility | Technology | +|---------|------|----------------|------------| +| Eureka Server | 8761 | Service discovery and registration | Spring Cloud Netflix | +| API Gateway | 8081 | Request routing and API aggregation | Spring Cloud Gateway | +| Products | 8082 | Product catalog and metadata | Spring Boot | +| Cart | 8083 | Shopping cart operations | Spring Boot | +| Login | 8085 | User authentication | Spring Boot | +| Checkout | 8086 | Order processing and inventory | Spring Boot | +| React UI | 8080 | Frontend web application | React + Node.js | + +**Architecture Principles:** +- Stateless services for horizontal scalability +- Domain-driven design with bounded contexts +- Event-driven communication (future: message queue integration) +- API-first design with OpenAPI specifications + +--- + +### **4.2 Data Storage Layer** + +Database layer powered by **YugabyteDB** (distributed SQL database). + +#### **YCQL (Cassandra-compatible API)** +- Products table (metadata, images, pricing) +- Product inventory tracking +- Product rankings by category +- Orders table +- Shopping cart storage + +#### **YSQL (PostgreSQL-compatible API)** +- User authentication data +- Role-based permissions +- Transactional order records + +**Benefits:** +- Distributed, fault-tolerant architecture +- Multi-region replication capabilities +- Strong consistency with horizontal scalability +- PostgreSQL and Cassandra compatibility + +--- + +## **5. Implementation Status Matrix** + +| Functional Area | Business Requirement | Implementation Status | Gaps | +|----------------|----------------------|-----------------------|------| +| **Product Browsing** | Browse/search products | ✅ Fully Implemented | Search bar not implemented | +| **Category Filtering** | Category navigation | ✅ Fully Implemented | Advanced filters missing | +| **Product Details** | Rich product pages | ✅ Fully Implemented | - | +| **Shopping Cart** | Persistent cart | ✅ Fully Implemented | - | +| **Checkout** | Order creation | ✅ Core Implemented | Payment integration pending | +| **Inventory** | Stock management | ✅ Fully Implemented | - | +| **User Authentication** | Login/signup | ✅ Basic Implemented | Cloud identity provider integration | +| **Order Tracking** | Order lifecycle | ⚠️ Backend Only | No user-facing order history view | +| **Product Reviews** | Customer reviews | ⚠️ Display Only | Cannot write reviews | +| **Recommendations** | Cross-sell/upsell | ✅ Fully Implemented | - | +| **Payment Processing** | Payment flow | ❌ Not Implemented | Payment gateway needed | +| **Wishlists** | Save for later | ❌ Not Implemented | Feature not built | +| **Newsletter** | Email marketing | ⚠️ UI Only | Backend integration pending | +| **Product Search** | Full-text search | ❌ Not Implemented | Search functionality needed | +| **Service Discovery** | Health/monitoring | ✅ Fully Implemented | - | +| **API Gateway** | Request routing | ✅ Fully Implemented | - | + +**Legend:** +- ✅ Fully Implemented +- ⚠️ Partially Implemented +- ❌ Not Implemented + +--- + +## **6. Modernization & Enhancement Roadmap** + +### **6.1 Critical Gaps (High Priority)** +1. **Payment Integration** - Payment gateway (Stripe, PayPal, etc.) +2. **Product Search** - Full-text search with Elasticsearch or similar +3. **Order History** - User-facing order tracking and history +4. **Cloud Identity Provider** - OAuth/SSO integration (Cognito, Auth0, Okta) + +### **6.2 Feature Enhancements (Medium Priority)** +1. **Product Review Writing** - Allow users to submit reviews +2. **Wishlists** - Save items for later +3. **Advanced Filtering** - Price range, brand, rating filters +4. **Email Notifications** - Order confirmations, shipping updates +5. **Newsletter Backend** - Email marketing integration + +### **6.3 Infrastructure & Operations (Ongoing)** +1. **Observability** - Distributed tracing, metrics, logging (OpenTelemetry) +2. **Security Hardening** - OWASP compliance, security scanning +3. **Performance Optimization** - Caching strategy, CDN integration +4. **Accessibility Audit** - WCAG AA compliance verification +5. **Load Testing** - Performance benchmarking and capacity planning + +--- + +## **7. Compliance & Quality Standards** + +### **7.1 Non-Functional Requirements Tracking** + +| Requirement | Target | Current Status | Notes | +|-------------|--------|----------------|-------| +| API Response Time (P95) | ≤ 200ms | To be measured | Needs performance testing | +| Uptime SLO | 99.9% | Not monitored | Requires monitoring setup | +| Concurrent Users | 10,000+ | Not tested | Needs load testing | +| WCAG Compliance | AA | Partial | Accessibility audit needed | +| Mobile Responsiveness | 100% | ✅ Implemented | Bootstrap responsive grid | + +### **7.2 Security Requirements** +- HTTPS/TLS encryption for all communications +- Secure password storage (hashing + salting) +- SQL injection prevention (parameterized queries) +- XSS protection (React auto-escaping) +- CSRF protection (token-based) +- Rate limiting on API endpoints + +--- + +## **8. Technology Stack Summary** + +**Frontend:** +- React (UI framework) +- Bootstrap (responsive design) +- JavaScript/ES6+ + +**Backend:** +- Spring Boot (microservices framework) +- Spring Cloud (Netflix stack: Eureka, Gateway) +- Java + +**Data Layer:** +- YugabyteDB (distributed SQL) + - YCQL (Cassandra-compatible) + - YSQL (PostgreSQL-compatible) + +**Infrastructure:** +- Docker (containerization) +- Cloud-ready (deployable to AWS, GCP, Azure) + +--- + +## **9. Conclusion** + +This platform represents a **solid foundation for a cloud-native e-commerce system** with strong architectural patterns including microservices, distributed data storage, and service discovery. The current implementation fulfills core e-commerce workflows (browse → cart → checkout) while maintaining clear gaps in areas like payment processing, search, and order tracking. + +The architecture is well-positioned for **modernization and enhancement** through AI-assisted development workflows, with clear requirements and implementation status providing a roadmap for future development. + diff --git a/docs/inputs/modernization-plan.md b/docs/inputs/modernization-plan.md new file mode 100644 index 0000000..8b05708 --- /dev/null +++ b/docs/inputs/modernization-plan.md @@ -0,0 +1,339 @@ +# 📘 **Ecommerce System Modernization Plan** + +*A unified vision, approach, and technical strategy for modernizing an existing ecommerce/bookstore codebase.* + +--- + +# 1. **Modernization Objective** + +Modernize the existing ecommerce/bookstore platform by: + +* Documenting the **truth of today** (legacy behavior) via automated extraction. +* Defining the **truth of the future** (modern architecture, new UX, rationalized features). +* Creating an **iterative, AI-enabled specification workflow** that keeps the future-state spec aligned with human decisions, business needs, and technical feasibility. +* Producing a **constitution** that governs how the system should evolve across engineering, design, and product domains. +* Enabling a **repeatable modernization pipeline** leveraging MEC/MCP tools, Spec Kit, multimodal LLM validation, and RAG-backed human knowledge repositories. + +The goal is not a one-time rewrite — it is to institutionalize a **machine-augmented, human-directed modernization engine**. + +--- + +# 2. **Guiding Vision** + +The modernization strategy focuses on: + +### **2.1 Evolution, not revolution** + +* Incrementally replace modules while maintaining continuity. +* Use the legacy spec as a factual baseline. +* Avoid uncontrolled rewrites or feature regressions. + +### **2.2 Human-aligned, AI-accelerated development** + +* Humans supply intent, decisions, constraints. +* AI extracts, synthesizes, and iteratively refines the specs. +* Multiple LLMs independently challenge assumptions. + +### **2.3 Continuously updated living documentation** + +The spec is not static — it evolves as understanding, decisions, and requirements evolve. + +### **2.4 Traceability** + +Every modernization change traces back to: + +* Business input +* Legacy behavior +* Human decision +* Validated future-state requirements + +### **2.5 Modularity + Interchangeability** + +Architecture favors: + +* API-first +* Stable domain models +* Swappable modules +* Decoupled front-end + back-end + +### **2.6 Enable future automation** + +The modernization framework must support: + +* Auto-generated specs +* Auto-generated scaffolds +* Auto-validated modeling +* Programmatic documentation updates + +--- + +# 3. **Modernization Framework Overview** + +The system modernization flow (derived from the whiteboard) is: + +``` +Constitution + │ + ▼ +Human Input Repository (RAG + Vector DB) + │ ▲ + ▼ │ (live transcripts, notes, decisions fed back) +Legacy Extractor (L0) → Finished Legacy Spec + │ + ▼ +Process Engine (MCP Tools + LLMs) + │ + ▼ +Future-State Spec Document + │ + ▼ +Review by People (live workshops) + │ + └──────────→ Feedback (vectorized + stored) + │ + ▼ + Iterate the Loop + │ + ▼ + “OK → Build the Thing” +``` + +--- + +# 4. **Whiteboard Interpretation: Architecture of the Modernization Engine** + +### **4.1 Constitution Layer** + +Defines: + +* Purpose and principles +* Architectural philosophy +* Quality and non-functional expectations +* Rules for divergence from legacy behavior +* Input modalities for human + machine contributions +* Allowed tech stack & modernization constraints + +### **4.2 Human Input Layer** + +Sources: + +* Requirements documents +* Email/slack decisions +* Workshop transcripts +* Pain points & existing known issues +* Old API definitions +* Code comments & domain logic +* Product vision + +Stored in: + +* **Vector DB** +* Organized using RAG +* Preprocessed (summarization, tagging, deduplication) + +### **4.3 Legacy Extraction Layer (L0)** + +Automated extraction of: + +* API endpoints +* Domain models +* UI flows +* Business logic embedded in code +* Configuration & routing +* Integration points + +Output: + +* **Finalized Legacy Spec**, human-reviewed and accepted. + +### **4.4 Modernization Process Engine** + +Uses: + +* MCP Tools +* LLMs (multiple models for adversarial validation) +* Spec Kit as the orchestrator + +Responsibilities: + +1. Generates future-state spec based on inputs. +2. Validates completeness against legacy spec + human input. +3. Challenges the spec (adversarial LLM). +4. Runs clarifying Q&A loops. + +### **4.5 Review Layer** + +Humans review: + +* Proposed future spec +* Feature removals +* UI modernization approaches +* API rationalization +* Prioritization of modernization phases + +That feedback: + +* Gets summarized +* Encoded +* Added back to the vector database + +### **4.6 Implementation Layer** + +Once approved: + +* Modernized modules are built +* Legacy modules are either wrapped, adapted, or replaced +* Code generation might be used for scaffolding + +--- + +# 5. **Modernization Principles (for Constitution)** + +### **5.1 Architecture Principles** + +* API-first decomposition +* Preference for composable domain modules +* Idempotent, deterministic business logic +* Stateless service boundaries +* Observability baked into all layers +* Backward compatibility until explicitly deprecated + +### **5.2 Engineering & Process Principles** + +* Automated spec generation & validation +* Human-in-the-loop AI-driven workflows +* Version-controlled architecture documentation +* Incremental modernization, never big-bang rewrites +* Performance and security as first-class citizens + +### **5.3 Product & UX Principles** + +* Preserve key user journeys +* Simplify UX flows where possible +* Introduce new UX capabilities incrementally +* Ensure customer-facing behavior changes have business sign-off + +--- + +# 6. **Technology Stack (Recommended)** + +### **6.1 Core Back-end** + +* **Python (FastAPI)** for new services +* **Java (existing services)** wrapped/adapted, refactored gradually +* **PostgreSQL** or **MySQL** for relational data +* **Redis** for caching/session state +* **OpenSearch/ElasticSearch** for search layers + +### **6.2 Front-end** + +* **React (existing)** → modernized incrementally: + + * Component-level refactors + * Migration to modern hooks + * Accessibility improvements + * UX modernization + +### **6.3 Integration & Messaging** + +* REST APIs +* Async events via Kafka or SNS/SQS + +### **6.4 AI / ML Support** + +* GitHub Spec Kit +* MCP Tools +* Multi-LLM validation (OpenAI, Anthropic, Gemini) +* Vector store (e.g., Pinecone, pgvector) +* RAG components +* Summarization + document parsing pipelines + +### **6.5 DevOps** + +* GitHub Actions or GitLab CI/CD +* Infrastructure as Code: Terraform +* Containerization: Docker +* K8s or AWS Lambda depending on component + +--- + +# 7. **Modernization Roadmap (Phased)** + +### **Phase 1 — Foundation** + +* Extract **legacy spec** (L0) +* Build **human knowledge repository** (RAG) +* Draft **constitution** +* Integrate Spec Kit + MCP tools + +### **Phase 2 — Future Spec Generation** + +* Generate F1/F2 iterations of future-state spec +* Human review & refinement sessions +* Multi-LLM adversarial validations + +### **Phase 3 — Architecture Definition** + +* Define new service boundaries +* Rationalize domain models +* Select modernization targets (UI components, APIs) + +### **Phase 4 — Incremental Modernization** + +* Replace modules one-by-one +* Implement new APIs +* Modernize React components +* Add observability, security improvements + +### **Phase 5 — Sunset Legacy** + +* Gradually deprecate old flows +* Remove unused features +* Stabilize new workflows + +--- + +# 8. **Deliverables Aligned With Spec Kit** + +### **8.1 Constitution File** + +Includes: + +* Vision +* Principles +* Constraints +* Modernization philosophy +* Stack decisions +* Inputs & iteration rules + +### **8.2 Legacy Spec** + +Machine-extracted + human-reviewed. + +### **8.3 Future-State Spec** + +Iteratively generated & validated with MCP + LLMs. + +### **8.4 Modernization Workflow Diagram** + +The one derived from the whiteboard. + +### **8.5 Implementation Roadmap** + +--- + +# 9. **In Summary** + +Your modernization ecosystem becomes a **closed-loop AI-augmented architecture engine**: + +* Human intent → recorded into vector DB +* Codebase → extracted into legacy spec +* AI → synthesizes future-state spec +* Humans → refine the future vision +* AI → validates gaps +* Engineers → build only once everything is clear + +This is the foundation for a **next-generation, continuously evolving ecommerce platform**. + +--- + diff --git a/docs/stakeholder-interview-mobile-expansion.md b/docs/stakeholder-interview-mobile-expansion.md new file mode 100644 index 0000000..a49224c --- /dev/null +++ b/docs/stakeholder-interview-mobile-expansion.md @@ -0,0 +1,361 @@ +# Stakeholder Interview: Mobile User Expansion Strategy + +**Date:** December 12, 2024 +**Duration:** ~25 minutes +**Participants:** +- **Sarah Mitchell** — VP of Digital Experience, Cronos Retail Group +- **Dev Team Lead** — Technical Lead / Business Analyst + +--- + +## Interview Transcript + +**[00:00]** + +**Sarah:** Hey, do you have a minute? I just got out of the quarterly analytics review and I need to talk to you about something. + +**Dev Lead:** Sure, what's up? You look concerned. + +**Sarah:** I am. I've got the traffic numbers in front of me and... look, I knew mobile wasn't our strong suit, but I didn't realize how bad it actually was. + +**Dev Lead:** How bad are we talking? + +**Sarah:** So, industry average for retail sites right now is around 65-70% mobile traffic. Some of our competitors are seeing 75% or higher. Want to guess what ours is? + +**Dev Lead:** Based on your face... 40%? + +**[01:15]** + +**Sarah:** 31%. Thirty-one percent. + +**Dev Lead:** Wow. That's... that's significantly below where we should be. + +**Sarah:** And it gets worse. Mobile conversion rate is 0.8%. Desktop is 3.2%. So not only are fewer people coming to us on mobile, the ones that do are barely buying anything. + +**Dev Lead:** That's a pretty huge gap. Industry standard mobile conversion is usually lower than desktop, but not by that much. + +**Sarah:** Right! I talked to Priya in marketing after the meeting, and she said they've basically stopped running mobile ad campaigns because the ROI is so bad. They're leaving money on the table because our mobile experience is pushing people away. + +**[02:30]** + +**Dev Lead:** Did the analytics show where people are dropping off on mobile? + +**Sarah:** Yeah, and this is the frustrating part—it's everywhere. We lose a chunk on the homepage, another chunk on product pages, and then checkout on mobile is a disaster. Something like 78% cart abandonment rate on mobile versus 45% on desktop. + +**Dev Lead:** So it's not one thing, it's death by a thousand paper cuts. + +**Sarah:** Exactly. And here's what's really keeping me up at night. Our customer base is aging with us. Our most loyal customers are 35-55, which is great, but we're not capturing younger shoppers. Gen Z and younger millennials are mobile-first—like, exclusively mobile for a lot of them—and we're basically invisible to that demographic. + +**[03:45]** + +**Dev Lead:** I pulled up the site on my phone yesterday after our last conversation. I see what you mean. The navigation is cramped, the buttons are small, scrolling through products feels clunky... + +**Sarah:** Did you try to checkout? + +**Dev Lead:** I did. The form fields are tiny, and I had to pinch-zoom to enter my credit card number. And then when I zoomed, the page layout got all messed up. + +**Sarah:** *groans* See? And that's someone who understands the app! Imagine a first-time visitor trying to do that. + +**[04:30]** + +**Dev Lead:** So we talked about mobile responsiveness as part of the phase one refresh. Are you thinking we need to go bigger? + +**Sarah:** I think mobile needs to be THE priority, not just part of phase one. Let me explain what I mean. I had a call with Jennifer from the executive team this morning. She's asking why our digital revenue is flat year-over-year when ecommerce as a whole grew 8%. Part of the answer is that we're missing the mobile market entirely. + +**Dev Lead:** Makes sense. If 70% of the market is shopping on mobile and we're only capturing 31% of traffic from that channel... + +**Sarah:** We're effectively operating at half capacity. And it's not like we can go open more physical stores—retail foot traffic is declining. Digital is supposed to be our growth engine, and our growth engine is missing a cylinder. + +**[05:45]** + +**Dev Lead:** Okay, so help me understand what you're envisioning. When you say make mobile THE priority, what does that look like? + +**Sarah:** A couple things. First, I want us to flip our design approach. Instead of designing for desktop and then making it work on mobile, we design for mobile first and then scale up to desktop. + +**Dev Lead:** Mobile-first design. That's actually a pretty common approach these days, and honestly, it usually results in better experiences on both platforms because you're forced to prioritize. + +**Sarah:** Exactly. Second thing—and I want your honest opinion on this—should we be building a native app? + +**[06:45]** + +**Dev Lead:** *pauses* That's a big question. Let me give you the honest breakdown. + +**Sarah:** Please. + +**Dev Lead:** A native app—meaning separate iOS and Android apps—gives you the best possible mobile experience. You get push notifications, offline access, smoother performance, access to device features like cameras for barcode scanning. And there's the whole "icon on the home screen" thing that keeps your brand top of mind. + +**Sarah:** That all sounds good. + +**Dev Lead:** But. Native apps are expensive to build and maintain. You're essentially building and maintaining three products—iOS, Android, and the web app. You need specialized developers for each platform. Updates have to go through app store review processes. And getting people to download an app is actually really hard—app store competition is fierce. + +**[08:00]** + +**Sarah:** So what's the alternative? + +**Dev Lead:** A few options. One is what we discussed—a really excellent mobile web experience. Responsive design done right, fast loading, touch-optimized. A lot of successful retailers do very well with just this. + +**Sarah:** But we're clearly not doing it well enough right now. + +**Dev Lead:** No, we're not. Another option is a Progressive Web App, or PWA. It's sort of a middle ground. It's still a web app, but it can be installed on a phone's home screen, can work offline, can send push notifications on Android. It gives you some of the native app benefits without building separate apps. + +**Sarah:** Interesting. I've heard of PWAs but don't really know much about them. + +**[09:15]** + +**Dev Lead:** The big advantage is you maintain one codebase. When we update the site, the PWA updates too. No app store gatekeepers. And the gap between PWAs and native apps has been shrinking—modern PWAs are really capable. + +**Sarah:** What's the downside? + +**Dev Lead:** iOS support is limited. Apple doesn't fully support PWA features because, cynically, they want you in their App Store. So push notifications don't work on iOS PWAs, for example. And some users are just trained to look in app stores for apps—they might not realize they can install from the browser. + +**Sarah:** Hmm. What would you recommend? + +**[10:00]** + +**Dev Lead:** Honestly? I'd say let's do the mobile-first web redesign really, really well. Get the responsive experience to where it should be—fast, beautiful, easy to use on any phone. We can make it a PWA at basically no extra cost, which gets us the Android benefits. And then we see if the numbers move. + +**Sarah:** And if they don't? + +**Dev Lead:** Then we have the data to justify the investment in native apps. But I think you'll be surprised how much we can move the needle with a proper mobile web experience. A lot of the "we need a native app" impulse comes from having a bad mobile website, not from actually needing native features. + +**[11:00]** + +**Sarah:** That makes sense. I don't want to spend native app money if we don't need to. Okay, let's talk specifics. What would make our mobile experience actually good? + +**Dev Lead:** Let me walk through the big ones. First, performance. Mobile users are impatient. If the site takes more than three seconds to load, most of them bounce. Right now our homepage is loading in about six seconds on a 4G connection. + +**Sarah:** Six seconds! That's an eternity. + +**Dev Lead:** Yeah. We've got unoptimized images, a lot of JavaScript that blocks rendering, no real caching strategy. Performance optimization alone could significantly improve our mobile conversion. + +**[12:15]** + +**Sarah:** Okay, that's number one. What else? + +**Dev Lead:** Touch targets. Everything needs to be big enough to tap comfortably with a thumb. Industry standard is at least 44 pixels. Our current nav links are like 24 pixels. The add-to-cart buttons are small. The form fields in checkout are tiny. + +**Sarah:** That explains the pinch-to-zoom problem. + +**Dev Lead:** Right. Number three is thumb-zone design. People hold their phones in one hand and browse with their thumb. That means the most important interactive elements should be in the bottom two-thirds of the screen where thumbs can easily reach. Right now our nav is at the very top. + +**[13:15]** + +**Sarah:** Oh, interesting. So like, a bottom navigation bar? + +**Dev Lead:** Exactly. A lot of apps do this—Instagram, the Twitter app, most banking apps. The main navigation is pinned to the bottom. You might keep a simplified header at the top for branding and search, but the key actions are at the bottom. + +**Sarah:** I like that. What about the checkout flow? + +**Dev Lead:** Checkout on mobile needs to be completely rethought. Single column layout, large form fields, smart defaults, progress indicators, support for autofill so people don't have to type their address, Apple Pay and Google Pay integration so they can skip forms entirely... + +**[14:15]** + +**Sarah:** Wait, we don't have Apple Pay? + +**Dev Lead:** We don't. And that's a big miss. Apple Pay and Google Pay reduce mobile checkout friction enormously. People can authenticate with their fingerprint or face and the payment just happens. No typing card numbers, no filling out billing addresses. + +**Sarah:** How hard is that to add? + +**Dev Lead:** It's not trivial, but it's not years of work either. A few weeks of effort, maybe a month to do it properly with testing. And the conversion lift is usually significant—I've seen studies showing 20-30% improvement in mobile checkout completion. + +**[15:00]** + +**Sarah:** Okay, that feels like a must-have then. What about the product browsing experience? + +**Dev Lead:** On mobile, people scroll more than they click. So we want a feed-style experience for product browsing—vertically scrolling, products loading as you go. The current grid layout with small tiles doesn't work great on a narrow screen. + +**Sarah:** Like how Instagram works? You just keep scrolling? + +**Dev Lead:** Similar, yeah. Larger product images, full-width product cards, easy swipe to see more images on the product detail page. And we should think about filters and sorting—right now it's kind of buried. Maybe a sticky filter bar that's always accessible. + +**[16:00]** + +**Sarah:** You know what else I noticed? When I searched for—oh wait, we don't have search. But when I'm browsing, if I accidentally tap the back button, I lose my place. I have to scroll all the way back down. + +**Dev Lead:** Yeah, that's a state management issue. We need to preserve scroll position and filters when navigating. Also something called "infinite scroll with pagination fallback"—where you can scroll through products but also jump to a specific page if you want. + +**Sarah:** All of this is making me realize just how far behind we are. + +**Dev Lead:** The good news is none of this is technically groundbreaking. It's established best practices that we just haven't implemented yet. + +**[17:00]** + +**Sarah:** Okay, let me ask you something strategic. We talked about capturing younger demographics. Is there anything specific we should be thinking about for Gen Z shoppers? + +**Dev Lead:** A few things. Speed is even more important to them—they've grown up with fast apps, so tolerance for slow is basically zero. Visual design matters a lot—things need to feel current, not dated. And social integration. + +**Sarah:** Social integration? + +**Dev Lead:** Yeah. Things like easy sharing of products to social media, maybe user reviews that feel more like social content, integration with things like "shop from Instagram" if we're running social ads. Some retailers are even doing live shopping events—kind of like QVC but on TikTok. + +**[18:00]** + +**Sarah:** We're probably not ready for live shopping, but the sharing piece makes sense. If someone finds a book they like, they should be able to easily send it to a friend or post it. + +**Dev Lead:** Exactly. And one thing we should consider for the younger demographic—a lot of them prefer to browse first and buy later. So wishlists or "save for later" functionality is important. They might add something to a wishlist on their phone during lunch, then actually purchase it later when they're on WiFi or on desktop. + +**Sarah:** That cross-device journey. If they save something on mobile, it needs to be there when they open the site on their laptop. + +**Dev Lead:** Right. Which ties back to our authentication issue from before. We need proper user accounts that sync across devices. + +**[19:00]** + +**Sarah:** Okay. Let me try to synthesize all of this because my head is spinning a little. You're saying we should do mobile-first design, make it a PWA, focus on performance, bigger touch targets, maybe bottom navigation, redesign checkout with Apple Pay and Google Pay, better product browsing experience, and make sure accounts work properly across devices. + +**Dev Lead:** That's the core of it, yes. Plus the social sharing and wishlist functionality to capture that cross-device, younger demographic behavior. + +**Sarah:** And your recommendation is to do this as part of the refresh we already discussed, not as a separate project? + +**[19:45]** + +**Dev Lead:** I think it has to be. If we do a visual refresh that doesn't prioritize mobile, we're going to be back in this same room in six months having the same conversation. Mobile-first needs to be foundational to the redesign, not an afterthought. + +**Sarah:** Fair. Does this change the timeline we talked about? You mentioned phase one by May. + +**Dev Lead:** It makes it tighter, but I think it's still doable if we're disciplined about scope. We do mobile-first, which actually simplifies some decisions because mobile forces you to prioritize. The Apple Pay and Google Pay integration might slip to early phase two unless it's a hard requirement. + +**Sarah:** Let's see if we can get it in phase one. That conversion lift you mentioned is too significant to delay. + +**[20:45]** + +**Dev Lead:** Understood. I can prioritize it. + +**Sarah:** What about the PWA stuff? + +**Dev Lead:** That's almost free if we're building with modern frameworks. We'd add a service worker and a manifest file, do the performance work we're doing anyway, and boom—it's a PWA. Users on Android can install it to their home screen, it works offline for basic browsing, the whole nine yards. + +**Sarah:** And on iOS? + +**Dev Lead:** Still works as a great mobile website, just without the push notifications. Which honestly, we're not set up to do meaningful push notifications anyway. That's a content and marketing capability we'd need to build out. + +**[21:30]** + +**Sarah:** Right. Okay, one more thing. How do we measure success? Like, what numbers should I be watching to know if this is working? + +**Dev Lead:** A few key metrics. Mobile traffic share—we want to get that from 31% up toward industry average, so 60%+. Mobile conversion rate—closing that gap with desktop, even getting from 0.8% to 1.5-2% would be significant. Cart abandonment rate on mobile—getting that down from 78%. And page load time—under 3 seconds on 4G. + +**Sarah:** What's a realistic target for conversion rate? + +**Dev Lead:** Mobile will probably always be a bit lower than desktop—people do more "browsing" on mobile—but a well-optimized mobile site should be able to hit 2-2.5% conversion. If we can get there from 0.8%, that's essentially tripling our mobile revenue. + +**[22:30]** + +**Sarah:** Tripling. I like the sound of that. Okay, I need to take this back to Jennifer and the exec team. Can you put together something that shows the current state, what we're proposing, and expected outcomes? Something I can share up the chain? + +**Dev Lead:** Sure. A mobile strategy brief with the analytics, proposed improvements, expected timeline, and projected impact? + +**Sarah:** Exactly. Include the competitive context too—that 31% versus industry 65-70% stat really hits home. And maybe some mockups or examples of what good looks like? Even rough ones? + +**[23:15]** + +**Dev Lead:** I can do that. I'll pull some examples from competitors and apps that do mobile well, annotate what they're doing right. Give people a vision. + +**Sarah:** Perfect. And be clear about the risk if we don't do this. I don't want to be alarmist, but if mobile is where the growth is and we can't capture it... + +**Dev Lead:** We're ceding market share to competitors who can. + +**Sarah:** Right. And once customers build habits with other apps, getting them back is really hard. There's a real cost to waiting. + +**[24:00]** + +**Dev Lead:** I'll make sure that's in there. Timeline for this brief? + +**Sarah:** Can you have something by end of week? I have a call with Jennifer Monday. + +**Dev Lead:** I'll make it happen. + +**Sarah:** Thank you. I know we keep piling things on, but this mobile stuff... it feels existential. Like, not this quarter, but over the next few years, if we don't figure this out... + +**Dev Lead:** No, I hear you. It's the right priority. We'll get it done. + +**Sarah:** Thanks. Really. Let's reconnect after you send the brief and we'll figure out next steps. + +**Dev Lead:** Sounds good. Talk soon, Sarah. + +--- + +## Summary of Mobile Strategy Requirements + +### Current State (Problems) +- **Mobile traffic share:** 31% vs. industry average 65-70% +- **Mobile conversion rate:** 0.8% vs. desktop 3.2% +- **Mobile cart abandonment:** 78% vs. desktop 45% +- **Page load time:** ~6 seconds on 4G (target: <3 seconds) +- **Marketing impact:** Mobile ad campaigns paused due to poor ROI +- **Demographic gap:** Not capturing Gen Z/younger millennial mobile-first shoppers + +### Strategic Approach +- **Mobile-first design** — Design for mobile, scale up to desktop +- **Progressive Web App (PWA)** — Low-cost way to get native-like features on Android +- **No native app (for now)** — Revisit if metrics don't improve after mobile web optimization + +### Technical Priorities + +#### Performance +- Page load under 3 seconds on 4G +- Image optimization +- JavaScript bundle reduction +- Caching strategy +- Lazy loading + +#### Touch & Navigation +- Minimum 44px touch targets +- Bottom navigation bar for thumb accessibility +- Mobile-friendly hamburger/drawer menu +- Sticky filter bars for product browsing + +#### Checkout Optimization +- Single-column mobile checkout layout +- Large form fields +- Autofill support +- Progress indicators +- **Apple Pay integration** (high priority) +- **Google Pay integration** (high priority) + +#### Product Browsing +- Vertical feed-style product display +- Full-width product cards +- Swipeable product images +- Preserved scroll position on back navigation +- Better filter/sort accessibility + +#### Cross-Device Experience +- Proper user authentication across all services +- Synced wishlists/saved items +- Consistent cart across devices + +#### Social & Engagement (Gen Z Focus) +- Easy product sharing to social media +- Wishlist / "save for later" functionality +- Modern, current visual design + +### Success Metrics (Targets) +| Metric | Current | Target | +|--------|---------|--------| +| Mobile traffic share | 31% | 60%+ | +| Mobile conversion rate | 0.8% | 2-2.5% | +| Mobile cart abandonment | 78% | <50% | +| Page load time (4G) | 6s | <3s | + +### Timeline +- Mobile strategy brief due: End of this week +- Phase one delivery (mobile-first refresh): Q2 2025 (May) +- Apple Pay/Google Pay: Target phase one, may slip to early phase two + +### Risks of Inaction +- Continued market share loss to mobile-optimized competitors +- Inability to capture younger demographics +- Flat or declining digital revenue while market grows +- Customer habit formation with competitor apps is hard to reverse + +### Next Steps +1. Dev Lead to prepare mobile strategy brief with: + - Current analytics and competitive benchmarks + - Proposed technical improvements + - Timeline and resource requirements + - Expected ROI / impact projections + - Visual examples of best-in-class mobile experiences +2. Sarah to present to executive team (Jennifer) early next week +3. Reconvene to finalize scope and timeline + + diff --git a/docs/stakeholder-interview-modernization.md b/docs/stakeholder-interview-modernization.md new file mode 100644 index 0000000..5418aa8 --- /dev/null +++ b/docs/stakeholder-interview-modernization.md @@ -0,0 +1,243 @@ +# Stakeholder Interview: Yugastore Modernization Initiative + +**Date:** December 9, 2024 +**Duration:** ~20 minutes +**Participants:** +- **Sarah Mitchell** — VP of Digital Experience, Cronos Retail Group +- **Dev Team Lead** — Technical Lead / Business Analyst + +--- + +## Interview Transcript + +**[00:00]** + +**Dev Lead:** Hey Sarah, thanks for making time today. I know you've been wanting to chat about the store app for a while now. + +**Sarah:** Yeah, absolutely. I've been looking at what our competitors are doing, and honestly, I think we're falling behind. When was the last time we did a real refresh on Yugastore? + +**Dev Lead:** The core architecture? That'd be... probably three, four years ago? We've been patching things here and there but nothing major. + +**Sarah:** Yeah, that's what I figured. Look, I pulled up the site on my phone the other day to show it to a vendor, and I was kind of embarrassed. The homepage still has that static banner image—it's nice and all, but every other site these days has these beautiful animations, smooth transitions. Ours just feels... I don't know, like an early 2010s website? + +**[01:45]** + +**Dev Lead:** That's fair feedback. The hero section is literally just a PNG right now. No interactivity at all. + +**Sarah:** Right! And the product cards—they work, don't get me wrong—but they're just kind of... there. No hover effects, no subtle animations. When I add something to cart on Amazon or Target, there's this satisfying little animation, you know? It feels modern. Ours just kind of... blinks? + +**Dev Lead:** *laughs* Yeah, we have a basic star rating display but it's using an older icon library. The add-to-cart is pretty bare bones too. + +**Sarah:** Exactly. And the fonts! I'm not a designer but even I can tell we're just using Roboto everywhere. It's fine, it's readable, but it doesn't have any personality. Some of our competitors have these really distinctive typography choices that make them feel premium. + +**[03:30]** + +**Dev Lead:** So you're looking for more of a design refresh then? New typography, animations, that sort of thing? + +**Sarah:** That's part of it, but here's the thing—I was talking to Marcus in IT security last week, and he mentioned something about our checkout that concerned me. He said something about the system not really knowing who's checking out? + +**Dev Lead:** Oh... yeah. I know exactly what he's referring to. + +**Sarah:** Can you explain that to me? Because that sounds bad. + +**Dev Lead:** So, when the checkout happens, the system is supposed to associate the order with a logged-in user. But right now there's this hardcoded user ID—"u1001"—that gets used for everyone. It was probably a development shortcut that never got fixed. + +**[04:45]** + +**Sarah:** Wait, so everyone's orders are going to the same fake user? + +**Dev Lead:** For the checkout service, yes. The cart itself tracks things separately, but when it comes to actually placing the order, there's no real user identity flowing through. It's a gap. + +**Sarah:** Okay, that's... that's definitely something we need to fix. What about the login itself? Is that secure? + +**Dev Lead:** The login service uses BCrypt for password hashing, which is good—that's industry standard. But there are some concerns. We're using some older Spring Security patterns, and there's no multi-factor authentication. No "remember me" functionality that's properly secured. And the session management could be tightened up. + +**Sarah:** So we're not going to end up on the news for a data breach, but we could do better? + +**Dev Lead:** *laughs* I mean, I never want to say never, but yeah—the fundamentals are okay, we're just missing modern security features that users expect in 2024. Things like OAuth integration so people can log in with Google or Apple, proper JWT tokens for the API calls, rate limiting to prevent abuse... + +**[06:30]** + +**Sarah:** Okay. So let me think about this. From my side, here's what I'm hearing from customers and from our executive team. The app looks dated. People are used to these really polished experiences now, and ours feels like we haven't invested in it. That affects brand perception. + +**Dev Lead:** Makes sense. + +**Sarah:** Second thing is mobile. I know we have a responsive layout, but have you actually used it on a phone lately? + +**Dev Lead:** Not recently, honestly. + +**Sarah:** It's rough. The navigation bar gets cramped, the cart icon is hard to tap, and the product grid doesn't really adapt well. My daughter showed me how Sephora's app works and it's night and day compared to ours. + +**[08:00]** + +**Dev Lead:** So we need better mobile responsiveness, or are you thinking a dedicated mobile experience? + +**Sarah:** I don't think we need a native app—that's a whole other budget conversation—but the mobile web experience needs to be first-class. A lot of our customers browse on their phones during commutes or lunch breaks. If the experience is clunky, they're going to go somewhere else. + +**Dev Lead:** Got it. So responsive design overhaul, touch-friendly interactions, that kind of thing. + +**Sarah:** Yeah. And speaking of interactions—the category navigation is kind of hidden right now. We have Books, Music, Beauty, Electronics, but they're just text links in a nav bar. I'd love to see something more visual. Maybe category cards with nice imagery? Something that helps people explore. + +**[09:30]** + +**Dev Lead:** That's a good point. Right now the nav is very utilitarian. Just icons and text. + +**Sarah:** And the search! Do we even have search? + +**Dev Lead:** We have products organized by category, and you can browse by bestsellers, but there's no actual search functionality on the frontend. + +**Sarah:** *sighs* Okay, that's definitely a gap. People expect to type in what they want and find it. We have what, 6,000 products? Customers aren't going to browse through pages and pages. + +**[10:15]** + +**Dev Lead:** Fair point. Adding search would mean some backend work too—we'd need to integrate a search service, maybe Elasticsearch or something similar. But it's doable. + +**Sarah:** I trust you on the technical side. Just flag if anything's going to be a huge lift. Now, let me ask you something—and be honest with me—how bad is the code? Like, is this a "repaint the house" situation or a "tear it down and rebuild" situation? + +**Dev Lead:** *pauses* It's somewhere in between, honestly. The backend services—the microservices architecture—that's actually pretty solid. Spring Boot, well-separated concerns, talks to the database properly. We could keep most of that. + +**[11:30]** + +**Sarah:** Okay, good. + +**Dev Lead:** The frontend is where the age shows. We're using React, which is great, but we're using older patterns. Class components instead of functional components with hooks, older state management patterns, the styling is scattered across a bunch of CSS files with no real design system. + +**Sarah:** What does that mean for us practically? + +**Dev Lead:** It means if we want to modernize the look and feel, we probably want to do a frontend rebuild. Not throwing everything away, but migrating to more modern React patterns, implementing a proper design system, maybe using a UI framework that gives us nice components out of the box. + +**[12:45]** + +**Sarah:** And how long does something like that take? + +**Dev Lead:** Depends on scope. If we're talking about a visual refresh with better mobile support, modern interactions, but keeping the same basic functionality? Maybe two to three months with a small team. If we're adding features like search, enhanced security, user profiles, wishlists... we're looking at longer. + +**Sarah:** What about doing it in phases? Like, could we ship the visual refresh first and then add features? + +**Dev Lead:** Absolutely. That's probably the smartest approach. Get the foundation right, ship something that looks modern and feels good on mobile, then iterate from there. + +**[14:00]** + +**Sarah:** Okay, I like that. Let me give you my priority list, just off the top of my head. Tell me if I'm crazy. + +**Dev Lead:** Go for it. + +**Sarah:** Number one—and this is tied—the app needs to look modern and the security stuff you mentioned needs to get fixed. I don't want customers thinking we're behind the times, and I definitely don't want that hardcoded user thing hanging over us. + +**Dev Lead:** Agreed. Visual refresh and security hardening as the foundation. + +**Sarah:** Number two is mobile. If someone pulls up our site on their phone, it should feel like it was designed for their phone, not like a desktop site that got squeezed. + +**[15:15]** + +**Dev Lead:** Touch targets, better responsive layouts, maybe a mobile-first approach to the redesign. + +**Sarah:** Exactly. Number three is the navigation and discovery piece. Better category browsing, and eventually search. I know search is bigger, so maybe we do the category improvements first? + +**Dev Lead:** That makes sense. We could add nice category tiles on the homepage, improve the nav to be more touch-friendly with bigger tap targets and maybe a mobile menu drawer. Search can be phase two. + +**Sarah:** And then number four would be the nice-to-haves. Things like wishlists, better user profiles, order history. Stuff that makes people want to come back. + +**[16:30]** + +**Dev Lead:** What about checkout? You want to keep the flow basically the same, or are there pain points there? + +**Sarah:** Good question. The checkout is... fine? I think? But now that you mention it, it feels very bare bones. Just your items, a total, and a checkout button. No guest checkout option, no saved payment methods, no estimated delivery. + +**Dev Lead:** Some of those are bigger features—saved payments means PCI compliance considerations. + +**Sarah:** Right, right. Let's not boil the ocean. For phase one, just make it look better. More visual feedback, maybe a progress indicator so people know where they are in the flow. The actual payment processing can stay the same for now. + +**[17:45]** + +**Dev Lead:** Makes sense. Can I ask about timeline? Is there an event or deadline driving this? + +**Sarah:** Not a hard deadline, but we're presenting to the board in Q2 and I'd love to show them something impressive. Shows we're investing in digital, which is a whole initiative the CEO cares about. + +**Dev Lead:** So ideally phase one done by... April? May? + +**Sarah:** May would be great. That gives us a month buffer before the board presentation. + +**[18:30]** + +**Dev Lead:** Okay. Let me summarize what I'm hearing and you tell me if I'm missing anything: + +Phase one priority is a modern visual redesign—new typography, colors, animations, microinteractions—combined with security fixes including proper user authentication through the checkout flow. Mobile responsiveness is part of this, so the site feels native on phones. + +**Sarah:** Yes, exactly. + +**Dev Lead:** Phase two would be enhanced navigation—visual category browsing, improved product discovery, and search functionality. + +**Sarah:** Right. + +**Dev Lead:** And future phases could tackle things like wishlists, user profiles, order history, and checkout enhancements beyond visual improvements. + +**[19:30]** + +**Sarah:** That's it. You've got it. Oh, one more thing— + +**Dev Lead:** Sure. + +**Sarah:** I don't want it to look like every other website. You know how all these sites now have the same kind of look? White background, blue buttons, very... corporate? I want ours to have personality. We sell books, we sell music—there should be some warmth to it. Some character. + +**Dev Lead:** A distinctive visual identity, not just "generic modern." + +**Sarah:** Exactly. Like, obviously it needs to be clean and professional, but if it could feel like walking into a nice bookstore? That vibe? That would be amazing. + +**[20:15]** + +**Dev Lead:** I love that direction. We can definitely explore color palettes and typography that feel more warm and inviting. Maybe some cream tones, richer accent colors, serif fonts for that bookish feel. + +**Sarah:** Yes! That's what I'm talking about. Okay, I think we've covered a lot. Can you put together a rough proposal or plan we can review next week? + +**Dev Lead:** Absolutely. I'll write up the requirements from this conversation and put together some initial thoughts on approach. We should probably get design involved too. + +**Sarah:** Great. Thanks for this—I feel a lot better knowing we're actually going to tackle this. + +**Dev Lead:** Thanks Sarah. Talk soon. + +--- + +## Summary of Informal Requirements + +### Phase 1 (Target: Q2 2024) +- **Visual Modernization** + - Modern typography (warm, bookish feel—move away from generic Roboto) + - New color palette (warm tones, distinctive brand identity, avoid generic corporate look) + - Animations and microinteractions (page transitions, hover effects, add-to-cart feedback) + - Updated product cards with better visual hierarchy + - Improved hero/banner section with interactivity + +- **Security Hardening** + - Fix hardcoded user ID issue in checkout service + - Proper user authentication flow through all services + - Session management improvements + - Consider OAuth/social login for future + +- **Mobile Experience** + - Mobile-first responsive redesign + - Touch-friendly tap targets + - Mobile navigation (drawer/hamburger menu) + - Better cart accessibility on small screens + +### Phase 2 +- **Navigation & Discovery** + - Visual category browsing (category cards with imagery) + - Improved homepage product discovery + - Search functionality (requires backend integration) + +### Future Phases +- Wishlists +- Enhanced user profiles +- Order history +- Checkout improvements (progress indicator, visual feedback) +- Guest checkout option +- Saved payment methods (PCI compliance required) + +### Constraints & Notes +- Board presentation in Q2—need something impressive to show +- Avoid "generic AI/corporate" look—want personality and warmth +- Backend microservices are solid, frontend needs rebuild +- Phased approach preferred—ship MVP, iterate +- No native mobile app needed—mobile web should be first-class + diff --git a/docs/technical-team-migration-discussion.md b/docs/technical-team-migration-discussion.md new file mode 100644 index 0000000..2489664 --- /dev/null +++ b/docs/technical-team-migration-discussion.md @@ -0,0 +1,321 @@ +# Technical Team Discussion: Stack Migration Planning + +**Date:** December 11, 2024 +**Duration:** ~20 minutes +**Participants:** +- **Mike Chen** — Technical Lead, Platform Engineering +- **Priya Sharma** — Senior Backend Developer +- **Jordan Brooks** — Full-Stack Developer +- **Alex Kim** — DevOps Engineer + +--- + +## Meeting Transcript + +**[00:00]** + +**Mike:** Alright, thanks everyone for coming in. I know it's been a crazy week, but we need to have this conversation about Yugastore. As you probably heard through the grapevine, there's a new directive from architecture governance. + +**Priya:** The Python thing? + +**Mike:** *sighs* Yeah. The Python thing. Starting Q1, all new development and major refactors need to align with the "unified stack"—React frontends, Python backends. FastAPI specifically. + +**Jordan:** Wait, we're throwing out the entire Spring Boot stack? That's like... six microservices. + +**Mike:** Look, I'm not thrilled about it either. This is a solid Java codebase. Spring Boot, Eureka for service discovery, Feign clients—it works. But the mandate came from above my pay grade, and honestly, my job security depends on us executing this. + +**[01:30]** + +**Alex:** What's the rationale? Did they actually give one? + +**Mike:** *reading from notes* "Reduce technology fragmentation across the organization, standardize on a single backend language to improve hiring efficiency, leverage Python's ecosystem for future AI/ML integration." That's the official line. + +**Priya:** I mean... the AI/ML thing isn't nothing. But we have a working system here. The products service handles 6,000 SKUs without breaking a sweat. + +**Mike:** I know. And for what it's worth, I pushed back. Hard. But the decision's been made. So let's focus on how we do this without breaking everything and losing our minds. + +**[02:45]** + +**Jordan:** Can we at least keep the frontend? The React UI is already React. + +**Mike:** That's actually one bright spot. The frontend is React, so we're already aligned there. Although... + +**Jordan:** Although what? + +**Mike:** Have you looked at that code recently? Class components everywhere, `componentWillReceiveProps`, inline CSS files scattered across forty directories. Sarah from Digital Experience wants a complete visual refresh anyway. We might as well modernize the React code while we're at it. + +**Priya:** So we're rebuilding everything. + +**Mike:** *pauses* Yes. Essentially, yes. But we can be smart about it. Let's map out what we have and figure out a migration path. + +**[04:00]** + +**Mike:** Alex, can you pull up the architecture diagram? Let's walk through the services. + +**Alex:** *shares screen* Okay, so we've got six Spring Boot services. Eureka server for discovery, API gateway, products, cart, checkout, and login. + +**Mike:** Right. Let's start with products. Priya, you know that service best. + +**Priya:** So it's a pretty standard Spring Boot setup. `ProductCatalogController` handles three main endpoints—get a single product by ASIN, list all products with pagination, and list products by category with pagination. Uses JPA repositories under the hood. + +**Mike:** And the data model? + +**Priya:** `ProductMetadata` is the main entity. Has the product ID, title, description, price, image URL, categories, review stats—num_reviews, num_stars, avg_stars—and then all these recommendation fields like `also_bought`, `also_viewed`, `bought_together`. Those are stored as element collections. + +**[05:30]** + +**Jordan:** Element collections... that's going to be interesting to migrate. Those become separate tables in JPA, right? + +**Priya:** Yeah, there's a `productmetadata_also_bought` table, `productmetadata_categories`, all that. We'll need to think about how to model that in Python. SQLAlchemy can do it but it's different. + +**Mike:** We could simplify and just store those as JSON arrays. Postgres handles that well, and it's probably cleaner than junction tables for this use case. + +**Priya:** That's... actually not a bad idea. Simplify the schema while we migrate. + +**[06:30]** + +**Mike:** What about the ranking service? + +**Priya:** `ProductRankingService` is used for the bestsellers by category. There's a `ProductRanking` entity with a composite key—category and sales rank. The category page uses this to pull top products ordered by rank. + +**Alex:** That's hitting YCQL right now, yeah? The Cassandra API? + +**Priya:** Yeah, the products service is a weird hybrid. Metadata is in YSQL via JPA, but rankings were originally YCQL. Honestly, we should consolidate that anyway. + +**Mike:** Good. Add that to the list—unify on YSQL. PostgreSQL dialect. FastAPI with SQLAlchemy or SQLModel. + +**[07:45]** + +**Mike:** Jordan, walk us through the cart service. + +**Jordan:** Sure. `ShoppingCartController` has four endpoints: add product, get products in cart, remove product, clear cart. The service layer is `ShoppingCartImpl`, and there's this weird pattern where it's session-scoped with a proxy mode. + +**Mike:** Oh god, the session-scoped beans. + +**Jordan:** Yeah. It's using WebApplicationContext.SCOPE_SESSION. Which I guess made sense when this was maybe a monolith? But in a microservices world it's... questionable. + +**Priya:** Does it even work right now? With multiple instances behind a load balancer? + +**Jordan:** Honestly? I'm not sure. There's no sticky session configuration that I can see. + +**[09:00]** + +**Mike:** Okay, so the cart service needs rethinking anyway. In the Python version, we should just make it stateless. User ID comes in on every request, cart state lives in the database, done. + +**Jordan:** The `ShoppingCart` entity is actually pretty simple. Cart key, user ID, ASIN, quantity, timestamp. Primary storage is PostgreSQL via JPA. + +**Mike:** Great. That's an easy port. SQLModel, FastAPI, maybe an hour of work for the basic CRUD. + +**Jordan:** The repository has some custom queries though—`updateQuantityForShoppingCart`, `decrementQuantityForShoppingCart`, `findProductsInCartByUserId`. Those are @Query annotations with native SQL. + +**Mike:** We'll write those as raw SQL or SQLAlchemy queries. Not a blocker. + +**[10:30]** + +**Mike:** Now the fun one. Checkout. + +**Priya:** *groans* The checkout service. + +**Mike:** Yeah. Talk us through it. + +**Priya:** `CheckoutServiceImpl` is where the magic happens. It's transactional, session-scoped—same pattern as cart. On checkout, it: +1. Calls the cart service via REST to get products in cart +2. Iterates through each product +3. Checks inventory via `ProductInventoryRepository` +4. Gets product details via REST from the product catalog +5. Builds up a CQL transaction statement—BEGIN TRANSACTION, UPDATE inventory, INSERT order, END TRANSACTION +6. Executes the whole thing as raw CQL +7. Clears the cart + +**Jordan:** Wait, it's building SQL strings with concatenation? + +**Priya:** CQL strings, but yes. + +**Mike:** *rubbing temples* Let me guess—no parameterized queries? + +**Priya:** `"UPDATE product_inventory SET quantity = quantity - " + entry.getValue() + " where asin = '" + entry.getKey() + "'"`. Direct string interpolation. + +**[12:00]** + +**Alex:** That's... that's not great from a security standpoint. + +**Mike:** Add it to the list of things we fix during migration. The Python version will use proper parameterized queries. This is non-negotiable. + +**Priya:** The other issue is the REST calls. It's using Feign clients to call other services. `ShoppingCartRestClient`, `ProductCatalogRestClient`. In Python we'll need something equivalent. + +**Mike:** HTTPX for async HTTP calls. FastAPI is async-native, so we lean into that. + +**Jordan:** What about service discovery? We're using Eureka right now. + +**Alex:** Do we need Eureka in the Python world? We could just use environment variables for service URLs when running in Docker or Kubernetes. Service mesh handles the rest. + +**[13:15]** + +**Mike:** That's a good point. Let's simplify. For local dev and Docker Compose, environment variables. For production on Kubernetes, we let the service mesh handle discovery. Drop Eureka entirely. + +**Alex:** That actually makes the deployment story cleaner. + +**Priya:** One less thing to maintain. + +**Mike:** Exactly. Okay, what about the order creation? That hardcoded user_id... + +**Priya:** Oh yeah. `order.setUser_id(1)`. It's just hardcoded to 1. The `userId` parameter comes in as "u1001" but the order always saves with user_id 1. + +**Jordan:** How is that even... how has nobody noticed this? + +**Mike:** Because nobody's looking at order history. The frontend doesn't have that feature. It just says "Order #xyz received" and moves on. + +**[14:30]** + +**Jordan:** So every order in the database looks like it came from the same user. + +**Mike:** Yep. The Python version will fix that. Proper user authentication, user ID flows through from the auth token to the order record. + +**Priya:** Speaking of auth—the login service. + +**Mike:** Right. What's the situation there? + +**Jordan:** It's Spring Security with `WebSecurityConfigurerAdapter`. BCrypt for password hashing, which is good. Form-based login, session-based auth. The `User` entity has username, password, passwordConfirm as transient, and a many-to-many with `Role`. + +**Mike:** So basic role-based access. No JWT, no OAuth. + +**Jordan:** Nope. Old school sessions. + +**[15:45]** + +**Mike:** For the Python version, let's do JWT. FastAPI has great JWT support. We can add OAuth later for social login, but for now, JWT with proper token refresh. + +**Priya:** Are we keeping the same database schema for users? + +**Mike:** We can. BCrypt hashes are BCrypt hashes. We'd just need to verify the password the same way. Existing users could log in without resetting passwords. + +**Jordan:** That's actually smooth. I was worried about a password migration nightmare. + +**[16:30]** + +**Mike:** Alright, let's talk about the API gateway. + +**Alex:** That's a beefy one. `YugastoreApiGateway` has Feign clients for all the downstream services—products, cart, checkout. It basically proxies everything. + +**Mike:** In Python, we have options. We could use FastAPI as a gateway with HTTPX calls to downstream services, or we could go with something like Kong or Traefik and have the frontend call services directly through it. + +**Priya:** I'd vote for keeping the gateway pattern but making it thinner. Just routing, maybe some request transformation, auth validation. No business logic. + +**Mike:** Agreed. The Java gateway has duplicate domain classes—`ProductMetadata`, `Order`, etc.—that mirror the ones in the downstream services. That's a maintenance headache. Python gateway should just pass through JSON. + +**[17:45]** + +**Alex:** What about the frontend build? The current setup has Maven building the React app and bundling it into a JAR. + +**Mike:** Yeah, the `frontend-maven-plugin` thing. We'll decouple that. Next.js or Vite for the frontend, containerized separately. API gateway is its own container. Clean separation. + +**Jordan:** Next.js would give us server-side rendering. Could help with SEO for product pages. + +**Mike:** Good point. Let's go Next.js. Modern React, server components, app router. Kill the class components, use hooks. + +**Priya:** And Tailwind for styling instead of those scattered CSS files? + +**Mike:** Absolutely. Tailwind, shadcn/ui for components. Modern stack. + +**[18:45]** + +**Mike:** Alright, let me summarize what we're looking at: + +**Backend Migration:** +- Products service: Spring Boot → FastAPI + SQLModel +- Cart service: Spring Boot → FastAPI + SQLModel, drop session-scoped pattern +- Checkout service: Spring Boot + raw CQL → FastAPI + SQLAlchemy with proper transactions +- Login service: Spring Security → FastAPI with JWT auth +- API Gateway: Spring Cloud Gateway → FastAPI or lightweight reverse proxy +- Kill Eureka, use env vars + Kubernetes service discovery + +**Frontend Migration:** +- React class components → Next.js with React hooks +- Scattered CSS → Tailwind CSS +- Old libraries → shadcn/ui component library + +**Security Fixes:** +- Fix hardcoded user IDs +- Parameterized queries everywhere +- Proper JWT authentication flow +- Add CSRF protection back + +**[19:45]** + +**Priya:** That's a lot. + +**Mike:** It is. But here's the thing—we're not doing this overnight. We can run both stacks in parallel. Start with products service since it's the simplest. Get that working in Python, deploy it alongside the Java version, route traffic gradually. + +**Jordan:** Strangler fig pattern. + +**Mike:** Exactly. We strangle the old system one service at a time. Cart next, then checkout—that's the hardest—then login, then we can shut down the Java services. + +**Alex:** What's the timeline looking like? + +**Mike:** Sarah wants something impressive by Q2 for a board presentation. So we need at least the frontend refresh and the security fixes done by then. The full backend migration... maybe end of Q2, early Q3 realistically. + +**[20:30]** + +**Priya:** I still think this is a lot of risk for questionable benefit. The Java code works. + +**Mike:** *sighs* I know. Believe me, I know. If it were up to me, we'd clean up the security issues, modernize the frontend, and call it a day. But it's not up to me. The org has decided Python is the future, and we either get on the train or get run over by it. + +**Jordan:** Well, at least we'll have job security for the next six months. + +**Mike:** *laughs darkly* Silver linings, Jordan. Silver linings. + +**Alex:** Should we set up a Jira board or something to track all this? + +**Mike:** Yeah. Let's break it down into epics—one per service migration, one for frontend, one for infrastructure. We'll groom next week. For now, everyone review the Java code you're going to own. Priya, you've got products and checkout. Jordan, cart and login. Alex, infrastructure and gateway. I'll handle coordination and keep management off your backs as much as I can. + +**Priya:** Thanks, Mike. I know this isn't what you wanted either. + +**Mike:** It's the job. Alright, we're over time. Let's reconvene Thursday to start breaking down the products service migration. Good work, everyone. + +--- + +## Meeting Summary + +### Services to Migrate + +| Service | Current Stack | Target Stack | Complexity | Owner | +|---------|--------------|--------------|------------|-------| +| Products | Spring Boot + JPA + YCQL | FastAPI + SQLModel | Medium | Priya | +| Cart | Spring Boot + JPA (session-scoped) | FastAPI + SQLModel (stateless) | Low | Jordan | +| Checkout | Spring Boot + CQL Templates | FastAPI + SQLAlchemy | High | Priya | +| Login | Spring Security + Sessions | FastAPI + JWT | Medium | Jordan | +| API Gateway | Spring Cloud + Feign | FastAPI or lightweight proxy | Medium | Alex | +| Eureka | Spring Cloud Netflix | Remove (use env vars/k8s) | Low | Alex | + +### Frontend Migration + +| Current | Target | +|---------|--------| +| React class components | Next.js with React hooks | +| componentWillReceiveProps | useEffect, custom hooks | +| Scattered CSS files | Tailwind CSS | +| react-materialize, react-bootstrap | shadcn/ui | +| Maven-built bundle in JAR | Standalone Next.js container | + +### Critical Security Fixes + +1. **Hardcoded user_id in checkout** — Order.setUser_id(1) always sets to 1 +2. **Hardcoded userId in checkout controller** — Always uses "u1001" +3. **SQL/CQL injection risk** — String concatenation in transaction building +4. **No CSRF protection** — Explicitly disabled in SecurityConfiguration +5. **Session management** — Session-scoped beans may not work correctly with load balancing + +### Architecture Decisions + +- Drop Eureka in favor of environment variables + Kubernetes service mesh +- Unify database on YSQL (PostgreSQL) — eliminate YCQL complexity +- JWT-based authentication instead of session-based +- Async HTTP calls with HTTPX for inter-service communication +- Strangler fig migration pattern — gradual service replacement + +### Timeline + +- **Q2 Target:** Frontend refresh + security fixes + at least Products service migrated +- **Q2-Q3:** Complete backend migration +- **Parallel deployment** during transition period + diff --git a/examples/QUICKSTART.md b/examples/QUICKSTART.md new file mode 100644 index 0000000..0209b27 --- /dev/null +++ b/examples/QUICKSTART.md @@ -0,0 +1,144 @@ +# Quick Start Guide + +## Run the Demo + +The easiest way to see the tool in action is to run the demo: + +```bash +cd examples/ +./run_demo.sh +``` + +This will run the verifier against example documents that contain deliberate issues to demonstrate the tool's capabilities. + +## Expected Output + +The demo will find multiple violations including: + +### Critical Issues +- **Missing Requirements**: Password reset functionality (REQ-012) not covered +- **Principle Violations**: Specification logs passwords in violation of security principles +- **Missing Coverage**: Several requirements completely unaddressed + +### High Severity Issues +- **Scope Creep**: Cryptocurrency payment support not in original requirements +- **Scope Creep**: Social media integration not requested +- **Incomplete Coverage**: Accessibility requirements ignored + +### Medium Severity Issues +- **Ambiguity**: Vague terms like "reasonable", "as needed", "nice, modern look" +- **Testability**: Specifications without measurable criteria +- **Vagueness**: Terms like "various techniques", "optimized" + +## Use With Your Own Documents + +### Step 1: Prepare Your Documents + +Create four types of documents: + +1. **Human Input** (`my_input.txt`): +``` +REQ-001: Users must be able to login +REQ-002: The system shall send email notifications +... +``` + +2. **Requirements** (`my_requirements.txt`): +``` +REQ-100: The API must use REST +REQ-101: Data must be encrypted +... +``` + +3. **Constitution** (`my_principles.txt`): +``` +PRINCIPLE: Passwords must never be stored in plaintext +RULE: All APIs must have authentication +... +``` + +4. **Specification** (`my_spec.md`): +``` +# Technical Specification + +SPEC-001: Login endpoint at /api/auth/login +- Accepts username and password +- Returns JWT token +... +``` + +### Step 2: Run Verification + +```bash +../spec_verifier.py \ + --human-input my_input.txt \ + --requirements my_requirements.txt \ + --constitution my_principles.txt \ + --specification my_spec.md +``` + +### Step 3: Review Report + +The tool will output a detailed report showing: +- Summary statistics +- Violations by severity +- Detailed findings with evidence +- Overall verdict + +### Step 4: Fix Issues and Re-run + +Address the violations and run again until satisfied. + +## JSON Output + +For programmatic processing: + +```bash +../spec_verifier.py \ + --human-input my_input.txt \ + --requirements my_requirements.txt \ + --constitution my_principles.txt \ + --specification my_spec.md \ + --json > violations.json +``` + +Process with jq: +```bash +# Count critical violations +cat violations.json | jq '[.[] | select(.severity=="CRITICAL")] | length' + +# List all missing requirements +cat violations.json | jq -r '.[] | select(.category=="COVERAGE") | .evidence[]' +``` + +## Tips for Best Results + +1. **Use Clear Markers**: Start requirements with REQ-001, MUST, SHALL +2. **Be Explicit**: Use specific, measurable language +3. **Reference Requirements**: Link specs to requirements (e.g., "Addresses: REQ-001") +4. **Use Consistent Terms**: Don't mix "user" and "customer" +5. **Make Principles Clear**: Use "must" and "must not" language + +## Common Issues + +**No requirements found?** +- Ensure documents use patterns like "REQ-001:", "must", "shall", "- item" + +**Too many false positives?** +- Focus on CRITICAL and HIGH severity first +- Tool is intentionally strict +- Some warnings are subjective + +**Orphaned specifications?** +- Add explicit requirement references +- Use similar terminology between requirements and specs +- May indicate missing requirements + +## Next Steps + +- Read the full [README](../SPEC_VERIFIER_README.md) +- Integrate into your CI/CD pipeline +- Customize for your project's needs +- Run iteratively during specification development + + diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..05a054b --- /dev/null +++ b/examples/README.md @@ -0,0 +1,208 @@ +# Specification Verifier Examples + +This directory contains example documents that demonstrate the Specification Verifier tool. + +## Quick Start + +### Basic Verifier +```bash +./run_demo.sh +``` + +### Enhanced Verifier (with Deep Analysis) +```bash +# Terminal 1: Start mock API server +python3 mock_source_api.py + +# Terminal 2: Run demo +./run_demo_enhanced.sh +``` + +The enhanced version fetches original source documents (transcripts, emails, design docs) when it finds violations! + +## Example Documents + +### Input Documents (Basic) + +1. **`human_input.txt`** - User stories and stakeholder requirements + - Search and discovery requirements + - Shopping cart functionality + - User authentication + - Checkout and payment + - Performance and security requirements + +2. **`reverse_eng_requirements.txt`** - Technical requirements from legacy system analysis + - System architecture + - API requirements + - Error handling + - Monitoring and logging + - Integration requirements + +3. **`constitution.txt`** - Guiding principles and architectural constraints + - Security principles + - Performance principles + - Data integrity principles + - Code quality principles + - User experience principles + - Compliance requirements + +### Specification Documents + +4. **`specification_with_issues.md`** - Specification with deliberate problems + - **Use this to see the tool in action** + - Contains missing requirements + - Has principle violations (logs passwords!) + - Includes scope creep + - Uses ambiguous language + - Demonstrates what NOT to do + +5. **`specification_fixed.md`** - Improved specification + - Shows how to address violations + - More concrete and specific + - Better requirement coverage + - Demonstrates best practices + +## What You'll See + +When you run the demo against `specification_with_issues.md`: + +### Critical Issues Found +- ❌ Password reset functionality missing +- ❌ Accessibility requirements not addressed +- ❌ Passwords being logged (security violation!) + +### High Severity Issues +- ⚠️ Admin dashboard not in requirements (scope creep) +- ⚠️ Social media features not requested +- ⚠️ Cryptocurrency support not in requirements + +### Medium Severity Issues +- ⚠️ Ambiguous terms like "fast", "efficient", "nice" +- ⚠️ Missing measurable criteria +- ⚠️ Vague specifications + +## Example Output + +``` +================================================================================ +ADVERSARIAL SPECIFICATION VERIFICATION REPORT +================================================================================ + +📊 SUMMARY STATISTICS + Requirements analyzed: 61 + Principles checked: 44 + Specification items: 91 + Total violations found: 8 + +🚨 VIOLATIONS BY SEVERITY + CRITICAL: 2 + HIGH: 2 + MEDIUM: 3 + LOW: 1 + +📋 DETAILED VIOLATIONS + +[CRITICAL] COVERAGE: 4 requirements have NO coverage in specification + The following requirements are completely missing from the specification: + Evidence: + - REQ_0499f2c1: Session tokens need to be cryptographically secure... + - REQ_e2f8333d: Sensitive data must never appear in logs... + - REQ_e93b9d65: Color contrast needs to meet WCAG 2.1 AA standards... + +[CRITICAL] PRINCIPLE_VIOLATION: 26 principle violations detected + Mandatory principles have been violated or ignored: + Evidence: + - Principle 'The system shall not log credit card numbers...' violated + - Specification logs passwords in plain text for debugging + +... + +================================================================================ +VERDICT +================================================================================ +❌ FAILED - 2 CRITICAL issues must be resolved +================================================================================ +``` + +## Try It Yourself + +### Run against the problematic spec: +```bash +../spec_verifier.py \ + --human-input human_input.txt \ + --requirements reverse_eng_requirements.txt \ + --constitution constitution.txt \ + --specification specification_with_issues.md +``` + +### Run against the fixed spec: +```bash +../spec_verifier.py \ + --human-input human_input.txt \ + --requirements reverse_eng_requirements.txt \ + --constitution constitution.txt \ + --specification specification_fixed.md +``` + +### Save report to file: +```bash +../spec_verifier.py \ + -i human_input.txt \ + -r reverse_eng_requirements.txt \ + -c constitution.txt \ + -s specification_with_issues.md \ + -o report.txt +``` + +### Get JSON output: +```bash +../spec_verifier.py \ + -i human_input.txt \ + -r reverse_eng_requirements.txt \ + -c constitution.txt \ + -s specification_with_issues.md \ + --json +``` + +## Learning Points + +By comparing the two specifications, you'll learn: + +1. **How to write concrete requirements** + - Bad: "The system should be fast" + - Good: "95th percentile response time < 200ms" + +2. **How to avoid security violations** + - Bad: "Log password attempts for debugging" + - Good: "Log timestamp, email (not password), IP address" + +3. **How to prevent scope creep** + - Don't add features not in requirements + - Trace every specification to a requirement + +4. **How to make specs testable** + - Bad: "User-friendly interface" + - Good: "WCAG 2.1 AA compliance with 4.5:1 contrast ratio" + +5. **How to address all requirements** + - Check every requirement is covered + - Don't leave requirements unaddressed + +## Next Steps + +1. ✅ Run the demo +2. ✅ Review the violations found +3. ✅ Compare the two specification documents +4. ✅ Try with your own documents +5. ✅ Integrate into your workflow + +## Documentation + +- **Quick Start**: `QUICKSTART.md` +- **Full Documentation**: `../SPEC_VERIFIER_README.md` +- **Summary**: `../SPEC_VERIFIER_SUMMARY.md` + +## Questions? + +Run `../spec_verifier.py --help` for command-line options. + diff --git a/examples/api_config.json b/examples/api_config.json new file mode 100644 index 0000000..164537b --- /dev/null +++ b/examples/api_config.json @@ -0,0 +1,9 @@ +{ + "enabled": true, + "base_url": "http://localhost:8888", + "api_key": "test-token-12345", + "timeout": 30, + "max_retries": 3 +} + + diff --git a/examples/constitution.txt b/examples/constitution.txt new file mode 100644 index 0000000..abb4f4e --- /dev/null +++ b/examples/constitution.txt @@ -0,0 +1,72 @@ +ARCHITECTURAL CONSTITUTION +Guiding Principles for System Design +===================================== + +SECURITY PRINCIPLES + +PRINCIPLE: The system must never store passwords in plaintext +PRINCIPLE: All sensitive data shall be encrypted both at rest and in transit +PRINCIPLE: Authentication tokens must have expiration times +PRINCIPLE: The system shall not log credit card numbers or CVV codes +RULE: Security vulnerabilities must be patched within 48 hours of discovery +- The system must not use deprecated cryptographic algorithms +- All user input shall be validated and sanitized +- Session management must be secure and prevent session fixation + +PERFORMANCE PRINCIPLES + +PRINCIPLE: Database queries must be optimized with proper indexing +PRINCIPLE: The system shall implement caching strategies for frequently accessed data +RULE: No single API endpoint may have response time exceeding 5 seconds +- Network calls should be asynchronous where possible +- The system must scale horizontally to handle increased load + +DATA INTEGRITY PRINCIPLES + +PRINCIPLE: All database transactions must be ACID compliant +PRINCIPLE: The system shall never lose customer data +RULE: Data modifications must be auditable with complete history +- Referential integrity must be maintained at all times +- Critical data operations shall be performed within database transactions + +CODE QUALITY PRINCIPLES + +PRINCIPLE: All code must follow established coding standards +PRINCIPLE: Code coverage for unit tests shall be at least 80% +RULE: No code may be deployed to production without peer review +- Functions should not exceed 50 lines of code +- Dependencies must be kept up to date + +USER EXPERIENCE PRINCIPLES + +PRINCIPLE: The system must provide clear feedback for all user actions +PRINCIPLE: Error messages shall be user-friendly and actionable +RULE: The UI must not use pop-up advertisements +- Loading states should be indicated to users +- The system should work on mobile devices + +OPERATIONS PRINCIPLES + +PRINCIPLE: The system must support zero-downtime deployments +PRINCIPLE: All configuration shall be externalized from code +RULE: The system must not require manual intervention for routine operations +- Logging must be structured and searchable +- The system should auto-recover from transient failures + +COMPLIANCE PRINCIPLES + +PRINCIPLE: The system must comply with GDPR requirements +PRINCIPLE: PCI DSS compliance shall be maintained for payment processing +RULE: User consent must be obtained before collecting personal data +- Data retention policies must be enforced automatically +- Users must have the ability to delete their accounts and data + +RELIABILITY PRINCIPLES + +PRINCIPLE: The system must maintain 99.9% uptime +PRINCIPLE: Critical services shall have redundancy and failover +RULE: Single points of failure must not exist in production +- Health checks must be implemented for all services +- Circuit breakers should prevent cascade failures + + diff --git a/examples/human_input.txt b/examples/human_input.txt new file mode 100644 index 0000000..8983be9 --- /dev/null +++ b/examples/human_input.txt @@ -0,0 +1,56 @@ +HUMAN INPUT DOCUMENT +User Stories and Stakeholder Requirements +========================================== + +USER STORY: Book Search and Discovery + +REQ-001: Users must be able to search for books by title, author, or ISBN +REQ-002: The system shall display search results with book cover images +REQ-003: Search results should be paginated with 20 items per page +- Users need to filter search results by category, price range, and rating +- The search function must return results within 2 seconds + +USER STORY: Shopping Cart + +REQUIREMENT: Users must be able to add books to shopping cart +REQUIREMENT: The system shall persist cart contents across sessions +- Users should be able to modify quantities in the cart +- Cart must show running total including tax +- The application should support multiple items in cart + +USER STORY: User Authentication + +REQ-010: The system must support user registration with email and password +REQ-011: Users shall be able to login with their credentials +REQ-012: The system needs to provide password reset functionality via email +- Failed login attempts should be logged for security +- User sessions must timeout after 30 minutes of inactivity + +USER STORY: Checkout Process + +REQUIREMENT: Users must be able to complete purchases with credit card payment +REQUIREMENT: The system shall send order confirmation emails +- Order history needs to be accessible to users +- The system should calculate shipping costs based on location +- Tax calculation must be accurate for user's state + +PERFORMANCE REQUIREMENTS: + +- The homepage must load in under 3 seconds +- The system needs to handle at least 500 concurrent users +- API response times should be under 200ms for 95% of requests + +SECURITY REQUIREMENTS: + +REQ-020: User passwords must be encrypted before storage +REQ-021: All payment information shall be transmitted over HTTPS +REQ-022: The system must implement protection against SQL injection +- Session tokens need to be cryptographically secure +- Sensitive data must never appear in logs + +ACCESSIBILITY: + +- The UI should be accessible to screen readers +- Color contrast needs to meet WCAG 2.1 AA standards + + diff --git a/examples/human_input_with_sources.txt b/examples/human_input_with_sources.txt new file mode 100644 index 0000000..be0509e --- /dev/null +++ b/examples/human_input_with_sources.txt @@ -0,0 +1,56 @@ +HUMAN INPUT DOCUMENT (with Source Document References) +User Stories and Stakeholder Requirements +========================================== + +USER STORY: Book Search and Discovery + +REQ-001: Users must be able to search for books by title, author, or ISBN [SRC:transcript-stakeholder-meeting-2024-01-15] +REQ-002: The system shall display search results with book cover images [SOURCE:email-product-owner-001] +REQ-003: Search results should be paginated with 20 items per page [DOC:design-doc-v1-search] +- Users need to filter search results by category, price range, and rating [SRC:transcript-user-interview-2024-01-20] +- The search function must return results within 2 seconds [SOURCE:email-cto-performance-requirements] + +USER STORY: Shopping Cart + +REQUIREMENT: Users must be able to add books to shopping cart [SRC:transcript-stakeholder-meeting-2024-01-15] +REQUIREMENT: The system shall persist cart contents across sessions [DOC:architecture-decision-record-003] +- Users should be able to modify quantities in the cart [SOURCE:email-product-owner-002] +- Cart must show running total including tax [SRC:transcript-stakeholder-meeting-2024-01-15] +- The application should support multiple items in cart + +USER STORY: User Authentication + +REQ-010: The system must support user registration with email and password [DOC:security-requirements-v2] +REQ-011: Users shall be able to login with their credentials [DOC:security-requirements-v2] +REQ-012: The system needs to provide password reset functionality via email [SOURCE:email-support-team-feedback] +- Failed login attempts should be logged for security [DOC:security-requirements-v2] +- User sessions must timeout after 30 minutes of inactivity [SRC:transcript-security-review-2024-01-25] + +USER STORY: Checkout Process + +REQUIREMENT: Users must be able to complete purchases with credit card payment [SRC:transcript-stakeholder-meeting-2024-01-15] +REQUIREMENT: The system shall send order confirmation emails [SOURCE:email-product-owner-003] +- Order history needs to be accessible to users [DOC:design-doc-v2-orders] +- The system should calculate shipping costs based on location [SOURCE:email-logistics-team] +- Tax calculation must be accurate for user's state [DOC:compliance-requirements] + +PERFORMANCE REQUIREMENTS: + +- The homepage must load in under 3 seconds [SOURCE:email-cto-performance-requirements] +- The system needs to handle at least 500 concurrent users [DOC:capacity-planning-doc] +- API response times should be under 200ms for 95% of requests [SOURCE:email-cto-performance-requirements] + +SECURITY REQUIREMENTS: + +REQ-020: User passwords must be encrypted before storage [DOC:security-requirements-v2] +REQ-021: All payment information shall be transmitted over HTTPS [DOC:compliance-requirements] +REQ-022: The system must implement protection against SQL injection [DOC:security-requirements-v2] +- Session tokens need to be cryptographically secure [SRC:transcript-security-review-2024-01-25] +- Sensitive data must never appear in logs [SRC:transcript-security-review-2024-01-25] + +ACCESSIBILITY: + +- The UI should be accessible to screen readers [SOURCE:email-accessibility-audit] +- Color contrast needs to meet WCAG 2.1 AA standards [SOURCE:email-accessibility-audit] + + diff --git a/examples/mock_source_api.py b/examples/mock_source_api.py new file mode 100755 index 0000000..34011a0 --- /dev/null +++ b/examples/mock_source_api.py @@ -0,0 +1,411 @@ +#!/usr/bin/env python3 +""" +Mock API Server for Source Documents + +This simulates an API that serves original source documents +(transcripts, emails, design docs) for the specification verifier. + +Run with: python3 mock_source_api.py +""" + +import json +from http.server import HTTPServer, BaseHTTPRequestHandler +from urllib.parse import urlparse +import sys + + +# Mock database of source documents +SOURCE_DOCUMENTS = { + 'transcript-stakeholder-meeting-2024-01-15': { + 'id': 'transcript-stakeholder-meeting-2024-01-15', + 'type': 'transcript', + 'title': 'Stakeholder Meeting - Product Requirements', + 'date': '2024-01-15', + 'participants': ['John Doe (CEO)', 'Jane Smith (Product Owner)', 'Bob Wilson (CTO)'], + 'content': ''' +Stakeholder Meeting Transcript +Date: January 15, 2024 +Duration: 1 hour 30 minutes + +John (CEO): We need a comprehensive e-commerce solution for our bookstore. The key features we discussed are: +1. Search functionality - users need to find books by title, author, or ISBN number +2. Shopping cart that persists even if they close their browser +3. Credit card payment processing +4. The cart should show running totals with tax included + +Jane (Product Owner): Regarding the search, how fast should it be? + +Bob (CTO): From a technical perspective, we should aim for sub-2-second response times for search queries. That's industry standard. + +John: Agreed. Also, the shopping cart is critical - we lose a lot of sales when users come back and their cart is empty. This MUST persist across sessions. + +Jane: What about user accounts? + +Bob: We'll need basic authentication - email and password should suffice for MVP. Standard login functionality. + +John: Make sure it's secure. We can't afford any security breaches. + +Bob: Absolutely. Passwords will be encrypted, all payment data over HTTPS, the works. + +Jane: Should we support guest checkout? + +John: For MVP, let's require account creation. We want to build our user base. + +[Discussion continues about payment processing, order confirmation emails, etc.] + +Jane: One more thing - we need order history so users can see their past purchases. + +Bob: That's straightforward. We'll add an orders page accessible after login. + +John: Great. Let's move forward with these requirements. + ''' + }, + + 'email-product-owner-001': { + 'id': 'email-product-owner-001', + 'type': 'email', + 'title': 'RE: Search Results Display', + 'date': '2024-01-16', + 'participants': ['Jane Smith (Product Owner)', 'Design Team'], + 'content': ''' +From: Jane Smith <jane.smith@company.com> +To: Design Team <design@company.com> +Date: January 16, 2024 +Subject: RE: Search Results Display + +Hi team, + +Following up on yesterday's stakeholder meeting, I wanted to clarify the search results page requirements: + +1. Each search result MUST display: + - Book title + - Author name + - Book cover image (this is critical for user experience) + - Price + - Average rating (if available) + +2. The cover images should be prominently displayed - research shows that visual browsing significantly increases conversion rates. + +3. Results should be in a grid layout on desktop, single column on mobile. + +4. Include a "Add to Cart" button directly on each result. + +Let me know if you have any questions. + +Best, +Jane + ''' + }, + + 'email-cto-performance-requirements': { + 'id': 'email-cto-performance-requirements', + 'type': 'email', + 'title': 'Performance Requirements and SLAs', + 'date': '2024-01-18', + 'participants': ['Bob Wilson (CTO)', 'Engineering Team'], + 'content': ''' +From: Bob Wilson <bob.wilson@company.com> +To: Engineering Team <engineering@company.com> +Date: January 18, 2024 +Subject: Performance Requirements and SLAs + +Team, + +I'm establishing the following performance requirements for the bookstore application: + +HARD REQUIREMENTS: +1. Homepage load time: MUST be under 3 seconds (measured at 50th percentile) +2. Search results: MUST return within 2 seconds +3. API response times: 95th percentile must be under 200ms +4. System must handle minimum 500 concurrent users without degradation + +TARGETS (not hard requirements): +- 99th percentile API responses under 500ms +- Support up to 1000 concurrent users +- Homepage under 2 seconds for 95th percentile + +These are non-negotiable for production launch. Build the infrastructure accordingly. + +If we can't meet these with current architecture, we need to discuss scaling options NOW, not after launch. + +Bob + ''' + }, + + 'transcript-security-review-2024-01-25': { + 'id': 'transcript-security-review-2024-01-25', + 'type': 'transcript', + 'title': 'Security Review Meeting', + 'date': '2024-01-25', + 'participants': ['Bob Wilson (CTO)', 'Security Team', 'Compliance Officer'], + 'content': ''' +Security Review Meeting Transcript +Date: January 25, 2024 + +Bob (CTO): Let's go through the security requirements systematically. + +Security Lead: First, authentication. We need to ensure passwords are properly secured. + +Bob: Absolutely. bcrypt with appropriate cost factor. NO plaintext storage, obviously. + +Compliance: Agreed. Also, session management is critical. What's the timeout? + +Security Lead: I recommend 30 minutes of inactivity. That's standard for e-commerce. + +Bob: Fine. Make sure sessions are using cryptographically secure random tokens. No predictable session IDs. + +Security Lead: Understood. What about logging? + +Bob: Good point. We need to log authentication attempts for security monitoring, BUT we must NEVER log sensitive data. No passwords, no credit card numbers, no CVV codes in logs. Ever. + +Compliance: That's a compliance requirement too. GDPR, PCI-DSS - both prohibit logging sensitive personal data. + +Bob: I want this in the security requirements document explicitly. "Sensitive data must never appear in logs." Make it clear. + +Security Lead: Will do. What about SQL injection protection? + +Bob: Mandatory. Use parameterized queries everywhere. No string concatenation for SQL. + +[Discussion continues about HTTPS, payment security, etc.] + +Compliance: One more thing - we need to ensure color contrast meets WCAG standards for accessibility. + +Bob: That's more of a design requirement, but yes, let's include it. WCAG 2.1 AA compliance minimum. + ''' + }, + + 'email-support-team-feedback': { + 'id': 'email-support-team-feedback', + 'type': 'email', + 'title': 'User Feedback - Password Reset Feature Request', + 'date': '2024-01-22', + 'participants': ['Support Team Lead', 'Jane Smith (Product Owner)'], + 'content': ''' +From: Support Team <support@company.com> +To: Jane Smith <jane.smith@company.com> +Date: January 22, 2024 +Subject: User Feedback - Password Reset Feature Request + +Hi Jane, + +We've been collecting feedback from our beta users and there's one feature that's been requested repeatedly: + +CRITICAL: Password reset functionality via email + +Users are getting locked out of their accounts and we have no automated way to help them reset their passwords. Currently, we're manually resetting them which is: +1. Time-consuming for support +2. Security risk (we shouldn't be handling user passwords) +3. Poor user experience + +Can we prioritize this for the MVP? It should be standard functionality: +- User clicks "Forgot Password" +- We send them a secure reset link via email +- Link is time-limited (1 hour is standard) +- They set a new password + +This is really important for launch. We can't scale support if we're manually handling password resets. + +Thanks, +Support Team Lead + ''' + }, + + 'doc-security-requirements-v2': { + 'id': 'DOC:security-requirements-v2', + 'type': 'design_doc', + 'title': 'Security Requirements Document v2', + 'date': '2024-01-26', + 'participants': ['Security Team', 'Engineering'], + 'content': ''' +SECURITY REQUIREMENTS DOCUMENT +Version: 2.0 +Date: January 26, 2024 +Status: APPROVED + +1. AUTHENTICATION + +1.1 User Registration +- System MUST support email + password registration +- Password minimum requirements: + * Minimum 8 characters + * At least one uppercase letter + * At least one lowercase letter + * At least one number +- Passwords MUST be hashed using bcrypt (cost factor 12 minimum) +- NEVER store passwords in plaintext + +1.2 User Login +- Users SHALL authenticate with email and password +- Failed login attempts MUST be logged (timestamp, email, IP - NOT password) +- Account lockout after 5 failed attempts in 15 minutes +- Session timeout: 30 minutes of inactivity +- Session tokens MUST be cryptographically secure (256-bit random minimum) + +1.3 Password Reset +- Support password reset via email +- Reset tokens valid for 1 hour maximum +- Tokens single-use only +- Old password immediately invalidated + +2. SQL INJECTION PROTECTION + +- ALL database queries MUST use parameterized statements +- NO string concatenation for SQL construction +- Input validation on all user-provided data + +3. LOGGING RESTRICTIONS + +CRITICAL: The following MUST NEVER appear in logs: +- Passwords (plaintext or hashed) +- Credit card numbers +- CVV codes +- Social Security Numbers +- Any PII classified as sensitive + +Log authentication events but exclude passwords. + +4. FAILED AUTHENTICATION HANDLING + +Log failed login attempts with: +- Timestamp +- Username/email (obfuscated if needed) +- IP address +- User agent +- Result code + +DO NOT LOG: +- The password that was attempted +- Any guessed passwords + ''' + }, + + 'email-accessibility-audit': { + 'id': 'email-accessibility-audit', + 'type': 'email', + 'title': 'Accessibility Audit Results and Requirements', + 'date': '2024-01-30', + 'participants': ['Accessibility Team', 'Design Team'], + 'content': ''' +From: Accessibility Team <accessibility@company.com> +To: Design Team <design@company.com>, Engineering <engineering@company.com> +Date: January 30, 2024 +Subject: Accessibility Audit Results and Requirements + +Team, + +We've completed our accessibility audit and have the following requirements for the bookstore application: + +WCAG 2.1 AA COMPLIANCE (MANDATORY): + +1. Color Contrast + - Normal text: Minimum 4.5:1 contrast ratio + - Large text (18pt+): Minimum 3:1 contrast ratio + - Test all text against background colors + +2. Screen Reader Support + - All images MUST have alt text + - Semantic HTML5 elements throughout + - ARIA labels on interactive elements + - Form inputs properly labeled + - Skip navigation links + +3. Keyboard Navigation + - All interactive elements keyboard accessible + - Visible focus indicators + - Logical tab order + +4. Error Identification + - Form validation errors clearly identified + - Errors announced to screen readers + - Color not the only indicator of errors + +These are not optional - they're legal requirements in many jurisdictions and part of our corporate policy. + +Please ensure all designs meet these standards before implementation. + +Best, +Accessibility Team + ''' + } +} + + +class SourceDocumentHandler(BaseHTTPRequestHandler): + """HTTP request handler for source documents API""" + + def do_GET(self): + """Handle GET requests""" + parsed_path = urlparse(self.path) + path_parts = parsed_path.path.strip('/').split('/') + + # Check for /documents/{doc_id} endpoint + if len(path_parts) == 2 and path_parts[0] == 'documents': + doc_id = path_parts[1] + self.serve_document(doc_id) + else: + self.send_error(404, "Endpoint not found") + + def serve_document(self, doc_id: str): + """Serve a source document by ID""" + # Check authorization (simple bearer token check) + auth_header = self.headers.get('Authorization', '') + if not auth_header.startswith('Bearer '): + self.send_error(401, "Unauthorized - Missing or invalid token") + return + + # Look up document (handle both formats: with and without prefix) + doc = None + if doc_id in SOURCE_DOCUMENTS: + doc = SOURCE_DOCUMENTS[doc_id] + else: + # Try with DOC: prefix removed + clean_id = doc_id.replace('DOC:', '').replace('SRC:', '').replace('SOURCE:', '') + if clean_id in SOURCE_DOCUMENTS: + doc = SOURCE_DOCUMENTS[clean_id] + + if not doc: + self.send_error(404, f"Document {doc_id} not found") + return + + # Send response + self.send_response(200) + self.send_header('Content-Type', 'application/json') + self.end_headers() + self.wfile.write(json.dumps(doc, indent=2).encode('utf-8')) + + def log_message(self, format, *args): + """Custom log format""" + print(f"[API] {self.address_string()} - {format % args}") + + +def main(): + port = 8888 + server_address = ('', port) + httpd = HTTPServer(server_address, SourceDocumentHandler) + + print("="*60) + print("Mock Source Document API Server") + print("="*60) + print(f"Server running on http://localhost:{port}") + print(f"\nAvailable documents ({len(SOURCE_DOCUMENTS)}):") + for doc_id, doc in SOURCE_DOCUMENTS.items(): + print(f" - {doc_id} ({doc['type']}): {doc['title']}") + print(f"\nEndpoint: GET /documents/{{doc_id}}") + print(f"Authorization: Bearer YOUR_TOKEN") + print(f"\nExample:") + print(f" curl -H 'Authorization: Bearer test-token' \\") + print(f" http://localhost:{port}/documents/transcript-stakeholder-meeting-2024-01-15") + print(f"\nPress Ctrl+C to stop") + print("="*60) + + try: + httpd.serve_forever() + except KeyboardInterrupt: + print("\n\nShutting down server...") + httpd.shutdown() + + +if __name__ == '__main__': + main() + + diff --git a/examples/reverse_eng_requirements.txt b/examples/reverse_eng_requirements.txt new file mode 100644 index 0000000..873846d --- /dev/null +++ b/examples/reverse_eng_requirements.txt @@ -0,0 +1,49 @@ +REVERSE-ENGINEERED REQUIREMENTS +From Legacy System Analysis +=============================== + +SYSTEM ARCHITECTURE: + +REQ-100: The application must use a microservices architecture +REQ-101: Services shall communicate via REST APIs +REQ-102: The system must use a distributed database for scalability + +DATA MANAGEMENT: + +REQ-110: All product data must be cached for performance +REQ-111: The system shall implement database connection pooling +REQ-112: Data backups must be performed daily +- The system needs to support data export in JSON format +- Product inventory must be updated in real-time + +API REQUIREMENTS: + +REQ-120: API endpoints must follow RESTful conventions +REQ-121: All API responses shall include proper HTTP status codes +REQ-122: The API must support rate limiting to prevent abuse +- API documentation needs to be auto-generated from code +- Versioning should be implemented in API URLs + +ERROR HANDLING: + +REQ-130: The system must gracefully handle all error conditions +REQ-131: Error messages shall not expose sensitive system information +REQ-132: Failed transactions must be rolled back completely +- Critical errors need to trigger immediate notifications +- User-facing errors should provide helpful recovery instructions + +MONITORING AND LOGGING: + +REQ-140: The system must log all user authentication attempts +REQ-141: Performance metrics shall be collected for all API endpoints +REQ-142: The system needs to support distributed tracing +- Log retention must be at least 90 days +- Monitoring dashboards should display real-time system health + +INTEGRATION: + +REQ-150: The system must integrate with external payment gateway +REQ-151: Email service integration shall support transactional emails +REQ-152: The system needs to integrate with inventory management system + + diff --git a/examples/run_demo.sh b/examples/run_demo.sh new file mode 100755 index 0000000..d9efdba --- /dev/null +++ b/examples/run_demo.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Demo script for the Specification Verifier + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +ROOT_DIR="$(dirname "$SCRIPT_DIR")" + +echo "================================" +echo "Specification Verifier Demo" +echo "================================" +echo "" +echo "This demo will run the adversarial specification verifier" +echo "on example documents that contain deliberate issues." +echo "" +echo "Expected findings:" +echo " - Missing requirements (password reset, accessibility, etc.)" +echo " - Principle violations (logging passwords)" +echo " - Ambiguous specifications (vague language)" +echo " - Scope creep (features not in requirements)" +echo " - Testability issues" +echo "" +read -p "Press Enter to continue..." + +echo "" +echo "Running verification..." +echo "" + +python3 "$ROOT_DIR/spec_verifier.py" \ + --human-input "$SCRIPT_DIR/human_input.txt" \ + --requirements "$SCRIPT_DIR/reverse_eng_requirements.txt" \ + --constitution "$SCRIPT_DIR/constitution.txt" \ + --specification "$SCRIPT_DIR/specification_with_issues.md" + +EXIT_CODE=$? + +echo "" +echo "================================" +if [ $EXIT_CODE -eq 0 ]; then + echo "✅ Verification PASSED" +else + echo "❌ Verification FAILED (exit code: $EXIT_CODE)" +fi +echo "================================" + +exit $EXIT_CODE + + diff --git a/examples/run_demo_enhanced.sh b/examples/run_demo_enhanced.sh new file mode 100755 index 0000000..4227af7 --- /dev/null +++ b/examples/run_demo_enhanced.sh @@ -0,0 +1,70 @@ +#!/bin/bash +# Demo script for the Enhanced Specification Verifier with Deep Analysis + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +ROOT_DIR="$(dirname "$SCRIPT_DIR")" + +echo "================================================================" +echo "Enhanced Specification Verifier Demo" +echo "with Deep Source Document Analysis" +echo "================================================================" +echo "" +echo "This demo shows the enhanced verifier that can fetch and analyze" +echo "original source documents (transcripts, emails, design docs) when" +echo "it finds violations." +echo "" +echo "Setup required:" +echo " 1. Start the mock API server (in another terminal):" +echo " cd examples && python3 mock_source_api.py" +echo "" +echo " 2. Run this demo" +echo "" + +# Check if API server is running +if ! curl -s http://localhost:8888/documents/transcript-stakeholder-meeting-2024-01-15 \ + -H "Authorization: Bearer test-token" > /dev/null 2>&1; then + echo "❌ ERROR: Mock API server not running on localhost:8888" + echo "" + echo "Please start it in another terminal:" + echo " cd $SCRIPT_DIR" + echo " python3 mock_source_api.py" + echo "" + exit 1 +fi + +echo "✓ API server is running" +echo "" +read -p "Press Enter to run verification with deep analysis..." + +echo "" +echo "Running enhanced verification..." +echo "" + +python3 "$ROOT_DIR/spec_verifier_enhanced.py" \ + --human-input "$SCRIPT_DIR/human_input_with_sources.txt" \ + --requirements "$SCRIPT_DIR/reverse_eng_requirements.txt" \ + --constitution "$SCRIPT_DIR/constitution.txt" \ + --specification "$SCRIPT_DIR/specification_with_issues.md" \ + --deep-analysis \ + --api-config "$SCRIPT_DIR/api_config.json" + +EXIT_CODE=$? + +echo "" +echo "================================================================" +if [ $EXIT_CODE -eq 0 ]; then + echo "✅ Verification PASSED" +else + echo "❌ Verification FAILED (exit code: $EXIT_CODE)" +fi +echo "================================================================" +echo "" +echo "Notice the '🔍 Deep Analysis' sections in the report above." +echo "These show insights from the original source documents!" +echo "" + +exit $EXIT_CODE + + diff --git a/examples/specification_fixed.md b/examples/specification_fixed.md new file mode 100644 index 0000000..3b80970 --- /dev/null +++ b/examples/specification_fixed.md @@ -0,0 +1,407 @@ +# Technical Specification Document +Bookstore Application - Version 1.0 (Fixed) + +## 1. System Architecture + +SPEC-001: The system implements a microservices architecture with the following services: +- API Gateway Service (port 8080) +- Products Service (port 8081) +- Cart Service (port 8082) +- Checkout Service (port 8083) +- Login Service (port 8084) + +Addresses: REQ-100, REQ-101 + +SPEC-002: Services communicate via REST APIs with JSON payloads + +SPEC-003: The system uses YugabyteDB as a distributed database solution +Addresses: REQ-102 + +## 2. Search and Product Discovery + +SPEC-010: The search endpoint is available at `/api/products/search` +- Accepts query parameters: `q` (search term), `page` (integer), `limit` (integer, max 100) +- Supports exact and fuzzy matching on title, author, and ISBN fields +- Returns paginated results with metadata including: totalResults, currentPage, totalPages + +Addresses: REQ-001, REQ-003 + +SPEC-011: Search results include product information with cover image URLs +- Each result includes: title, author, ISBN, price, rating, coverImageUrl +- Images are served via CDN with HTTPS +- Missing images fall back to placeholder + +Addresses: REQ-002 + +SPEC-012: The system provides filtering capabilities through query parameters: +- category: String enum (Fiction, Non-Fiction, Science, Technology, etc.) +- minPrice/maxPrice: Decimal values in USD +- minRating: Integer 1-5 +- Filter results must match ALL specified criteria + +Addresses: REQ for filtering by category, price range, and rating + +SPEC-013: Search response time must be under 2 seconds measured at 95th percentile +- Database queries use indexed fields +- Results are cached for 5 minutes +- Query optimization with EXPLAIN analysis + +Addresses: REQ "Search function must return results within 2 seconds" + +## 3. Shopping Cart + +SPEC-020: Cart management endpoints: +- POST `/api/cart/items` - Add item to cart (returns 201 Created) +- PUT `/api/cart/items/{id}` - Update quantity (returns 200 OK) +- DELETE `/api/cart/items/{id}` - Remove item (returns 204 No Content) +- GET `/api/cart` - Get cart contents (returns 200 OK) + +Addresses: REQ "Users must be able to add books to shopping cart" + +SPEC-021: Cart data persistence: +- Cart contents stored in database table linked to user session ID +- Cart survives browser closure and page refresh +- Cart expires after 30 days of inactivity +- Guest carts converted to user carts upon login + +Addresses: REQ "The system shall persist cart contents across sessions" + +SPEC-022: Cart displays running totals: +- Subtotal: Sum of all item prices × quantities +- Tax: Calculated based on user's shipping state tax rate +- Shipping: Calculated based on weight and destination +- Total: Subtotal + Tax + Shipping +- All amounts shown with 2 decimal places + +Addresses: REQ "Cart must show running total including tax" + +SPEC-023: Cart quantity modification: +- Users can set quantity from 1 to 99 +- Quantity field validates input and rejects non-numeric values +- Quantity 0 removes item from cart +- Updates are persisted immediately + +Addresses: REQ "Users should be able to modify quantities in the cart" + +## 4. User Authentication + +SPEC-030: User registration endpoint at `/api/auth/register` +- Required fields: email (valid format), password (min 8 chars), name +- Password requirements: minimum 8 characters, at least 1 uppercase, 1 lowercase, 1 number +- Passwords are hashed using bcrypt with cost factor 12 before storage +- Returns 201 Created with user ID on success +- Returns 400 Bad Request if email already exists + +Addresses: REQ-010, REQ-020 + +SPEC-031: Login endpoint at `/api/auth/login` +- Accepts email and password in request body +- Returns JWT token valid for 8 hours on success +- Token includes user ID, email, and role claims +- Failed login attempts are logged with: timestamp, email (not password), IP address, user-agent +- After 5 failed attempts in 15 minutes, account is temporarily locked for 15 minutes + +Addresses: REQ-011, REQ "Failed login attempts should be logged for security" + +SPEC-032: Session management: +- JWT tokens include expiration time (exp claim) +- Sessions automatically timeout after 30 minutes of inactivity +- Timeout duration configurable via SESSION_TIMEOUT_MINUTES environment variable +- Client receives 401 Unauthorized when token expires + +Addresses: REQ "User sessions must timeout after 30 minutes of inactivity" + +SPEC-033: Password reset functionality: +- POST `/api/auth/password-reset/request` - Initiates password reset +- Sends email with secure token valid for 1 hour +- POST `/api/auth/password-reset/confirm` - Completes reset with token and new password +- Tokens are single-use and cryptographically secure (256-bit random) +- Old password is invalidated immediately + +Addresses: REQ-012 "The system needs to provide password reset functionality via email" + +SPEC-034: Security measures: +- All passwords hashed with bcrypt (never stored plaintext) +- Session tokens use cryptographically secure random generation (crypto.randomBytes) +- Sensitive data (passwords, tokens, credit cards) never logged +- Failed authentication attempts trigger monitoring alerts after threshold + +Addresses: REQ-020, REQ-021, REQ "Session tokens need to be cryptographically secure", + REQ "Sensitive data must never appear in logs" + +## 5. Checkout and Payment + +SPEC-040: Checkout process endpoint at `/api/checkout/process` +- Accepts: payment method, billing address, shipping address +- Validates card via payment gateway before processing +- Calculates tax based on shipping address state using TaxJar API +- Calculates shipping via USPS API based on weight and distance +- All payment data transmitted over HTTPS/TLS 1.3 +- Credit card numbers and CVV never stored or logged + +Addresses: REQ "Users must be able to complete purchases with credit card payment", + REQ "Tax calculation must be accurate for user's state", + REQ "The system should calculate shipping costs based on location", + REQ-021, PRINCIPLE about not logging credit cards + +SPEC-041: Order confirmation emails: +- Sent immediately after successful order processing +- Includes: order number, items, quantities, prices, total, shipping address, estimated delivery +- Email sent via SendGrid API +- Failure to send email does not block order (logged for retry) + +Addresses: REQ "The system shall send order confirmation emails" + +SPEC-042: Order history: +- GET `/api/orders/history` returns paginated list of user's orders +- Each order includes: orderNumber, date, items, total, status, trackingNumber +- Orders sorted by date descending +- Pagination: 20 orders per page + +Addresses: REQ "Order history needs to be accessible to users" + +## 6. Performance Optimizations + +SPEC-050: Product catalog caching: +- Redis cache with 1 hour TTL for product details +- Cache key format: `product:{productId}` +- Cache miss triggers database query and cache population +- Cache invalidated on product updates via pub/sub +- Cache hit rate monitored (target: >90%) + +Addresses: REQ-110 + +SPEC-051: Database connection pool configuration: +- Minimum connections: 10 +- Maximum connections: 100 +- Connection timeout: 30 seconds +- Idle timeout: 10 minutes +- Connection validation query: SELECT 1 + +Addresses: REQ-111 + +SPEC-052: Homepage performance optimization: +- Lazy loading for images below the fold +- Critical CSS inlined in HTML head +- JavaScript bundles code-split by route +- CDN for static assets with cache headers +- Target: First Contentful Paint < 1.5s, Total load time < 3 seconds + +Addresses: REQ "The homepage must load in under 3 seconds" + +SPEC-053: Concurrent user handling: +- Load balancer distributes requests across multiple service instances +- Horizontal auto-scaling triggers at 70% CPU utilization +- Database read replicas for query load distribution +- Tested to handle 1000 concurrent users (exceeds requirement of 500) + +Addresses: REQ "The system needs to handle at least 500 concurrent users" + +SPEC-054: API performance targets: +- 95th percentile response time < 200ms +- 99th percentile response time < 500ms +- Monitored via Prometheus with alerts at thresholds +- Performance dashboards in Grafana + +Addresses: REQ "API response times should be under 200ms for 95% of requests" + +## 7. API Design + +SPEC-060: All APIs follow RESTful conventions: +- GET for retrieval (idempotent) +- POST for creation (returns 201 Created) +- PUT for full updates (idempotent) +- PATCH for partial updates +- DELETE for removal (idempotent, returns 204 No Content) +- Resource-based URLs: `/api/{resource}/{id}` + +Addresses: REQ-120, REQ-121 + +SPEC-061: Standard HTTP status codes: +- 200 OK - Successful GET/PUT +- 201 Created - Successful POST +- 204 No Content - Successful DELETE +- 400 Bad Request - Invalid input +- 401 Unauthorized - Missing/invalid auth +- 403 Forbidden - Insufficient permissions +- 404 Not Found - Resource doesn't exist +- 500 Internal Server Error - Server failure + +Addresses: REQ-121 + +SPEC-062: Rate limiting implementation: +- Implemented at API Gateway level using Redis +- Default: 100 requests per minute per IP address +- Configurable per endpoint in gateway configuration +- Returns 429 Too Many Requests when limit exceeded +- Response includes Retry-After header + +Addresses: REQ-122 + +## 8. Error Handling + +SPEC-070: Standardized error response format: +```json +{ + "error": { + "code": "VALIDATION_ERROR", + "message": "Invalid email format", + "field": "email", + "timestamp": "2025-12-08T10:30:00Z" + } +} +``` +- Error messages user-friendly and actionable +- No internal system details exposed in production +- Stack traces only in development environment + +Addresses: REQ-131 "Error messages shall not expose sensitive system information" + +SPEC-071: Transaction management: +- All database mutations wrapped in transactions +- Automatic rollback on any error during transaction +- Savepoints for nested transactions +- Transaction timeout: 30 seconds + +Addresses: REQ-132 "Failed transactions must be rolled back completely" + +SPEC-072: Error notification system: +- Critical errors trigger PagerDuty alerts immediately +- High severity errors logged and aggregated +- User-facing errors provide clear recovery instructions +- Example: "Payment failed. Please check your card details and try again." + +Addresses: REQ "Critical errors need to trigger immediate notifications", + REQ "User-facing errors should provide helpful recovery instructions" + +## 9. Monitoring and Logging + +SPEC-080: Authentication logging: +- All login attempts logged with structured format +- Fields: timestamp, email, ipAddress, userAgent, result (success/failure/locked) +- Passwords NEVER logged (security violation) +- Logs sent to centralized logging (ELK stack) +- Retention: 90 days + +Addresses: REQ-140, REQ "Failed login attempts should be logged for security" + +SPEC-081: API performance metrics: +- Metrics collected for every API endpoint +- Captured: response time, status code, endpoint, method +- Aggregated as: min, max, mean, p50, p95, p99 +- Error rate calculated per endpoint +- Request volume tracked per minute + +Addresses: REQ-141 + +SPEC-082: Distributed tracing: +- OpenTelemetry instrumentation for all services +- Trace ID propagated through all service calls +- Trace data exported to Jaeger +- Enables end-to-end request tracking + +Addresses: REQ-142 + +SPEC-083: Log retention and monitoring: +- Application logs retained for 90 days +- Audit logs retained for 7 years (compliance) +- Real-time monitoring dashboard shows: request rate, error rate, response times, active users +- Health checks for all services every 30 seconds + +Addresses: REQ "Log retention must be at least 90 days", + REQ "Monitoring dashboards should display real-time system health" + +## 10. Integrations + +SPEC-090: Payment gateway integration: +- Stripe API for credit card processing +- PCI DSS Level 1 certified +- Card data tokenized (never stored) +- 3D Secure support for fraud prevention +- Webhook for asynchronous payment notifications + +Addresses: REQ-150 + +SPEC-091: Email service integration: +- SendGrid API for transactional emails +- Templates: order confirmation, password reset, shipping notification +- Track email delivery status and bounces +- Retry logic for failed sends (max 3 retries) + +Addresses: REQ-151 + +SPEC-092: Inventory management integration: +- Real-time sync via REST API to external inventory system +- Updates pushed when: order placed, order cancelled, manual adjustment +- Polling fallback every 5 minutes for resilience +- Inventory levels cached with 1-minute TTL + +Addresses: REQ-152 "The system needs to integrate with inventory management system" + +## 11. Data Management + +SPEC-100: Automated backup strategy: +- Full database backup daily at 2:00 AM UTC +- Incremental backups every 6 hours +- Backups stored in S3 with encryption +- Retention: 30 days for daily, 90 days for monthly +- Backup restoration tested monthly + +Addresses: REQ-112 + +SPEC-101: Real-time inventory updates: +- Event-driven architecture using Kafka +- Events: ORDER_PLACED, ORDER_CANCELLED, INVENTORY_ADJUSTED +- Consumers update product inventory table +- Eventual consistency with conflict resolution + +Addresses: REQ "Product inventory must be updated in real-time" + +SPEC-102: Data export functionality: +- Users can export their data in JSON format +- Includes: profile, order history, cart data +- Available at GET `/api/users/export` +- Complies with GDPR data portability requirements + +Addresses: REQ "The system needs to support data export in JSON format", + PRINCIPLE "The system must comply with GDPR requirements" + +## 12. Accessibility + +SPEC-110: WCAG 2.1 AA compliance: +- Color contrast ratio minimum 4.5:1 for normal text +- All interactive elements keyboard accessible +- ARIA labels on all form inputs +- Skip navigation links for screen readers +- Alt text on all images +- Focus indicators visible on all interactive elements + +Addresses: REQ "The UI should be accessible to screen readers", + REQ "Color contrast needs to meet WCAG 2.1 AA standards" + +SPEC-111: Screen reader support: +- Semantic HTML5 elements used throughout +- Dynamic content updates announced via ARIA live regions +- Form validation errors announced to screen readers +- Loading states communicated accessibly + +Addresses: REQ "The UI should be accessible to screen readers" + +## 13. Mobile Responsiveness + +SPEC-120: Responsive design implementation: +- Breakpoints: 320px (mobile), 768px (tablet), 1024px (desktop) +- Fluid typography scales between breakpoints +- Touch targets minimum 44x44 pixels +- Mobile-first CSS approach +- Tested on: iOS Safari, Chrome Android, Samsung Internet + +Addresses: PRINCIPLE "The system should work on mobile devices" + +SPEC-121: Mobile optimizations: +- Images served in multiple sizes via srcset +- Reduced motion for users with vestibular disorders +- Touch-friendly spacing and button sizes +- Mobile navigation with hamburger menu + + diff --git a/examples/specification_with_issues.md b/examples/specification_with_issues.md new file mode 100644 index 0000000..070546e --- /dev/null +++ b/examples/specification_with_issues.md @@ -0,0 +1,171 @@ +# Technical Specification Document +Bookstore Application - Version 1.0 + +## 1. System Architecture + +SPEC-001: The system implements a microservices architecture with the following services: +- API Gateway Service (port 8080) +- Products Service (port 8081) +- Cart Service (port 8082) +- Checkout Service (port 8083) +- Login Service (port 8084) + +Addresses: REQ-100, REQ-101 + +SPEC-002: Services communicate via REST APIs with JSON payloads + +SPEC-003: The system uses YugabyteDB as a distributed database solution +Addresses: REQ-102 + +## 2. Search and Product Discovery + +SPEC-010: The search endpoint is available at `/api/products/search` +- Accepts query parameters: `q` (search term), `page`, `limit` +- Supports searching by title, author, and ISBN +- Returns paginated results with appropriate metadata + +Addresses: REQ-001, REQ-003 + +SPEC-011: Search results include product information with cover image URLs +Addresses: REQ-002 + +SPEC-012: The system provides filtering capabilities through query parameters +- Users can filter by various criteria +- The filtering should be fast and efficient + +## 3. Shopping Cart + +SPEC-020: Cart management endpoints: +- POST `/api/cart/items` - Add item to cart +- PUT `/api/cart/items/{id}` - Update quantity +- DELETE `/api/cart/items/{id}` - Remove item +- GET `/api/cart` - Get cart contents + +SPEC-021: Cart data is persisted in the database and associated with user session +Addresses: REQ related to cart persistence + +SPEC-022: Cart displays running totals including applicable taxes + +## 4. User Authentication + +SPEC-030: User registration endpoint at `/api/auth/register` +- Accepts email, password, name +- Password requirements: minimum 8 characters +- Passwords are hashed using bcrypt before storage + +Addresses: REQ-010, REQ-020 + +SPEC-031: Login endpoint at `/api/auth/login` +- Accepts email and password +- Returns JWT token valid for 8 hours +- Failed attempts are logged to the system log file including the password attempt for debugging + +Addresses: REQ-011 + +SPEC-032: Session timeout is configurable via environment variable + +## 5. Checkout and Payment + +SPEC-040: Checkout process endpoint at `/api/checkout/process` +- Accepts payment information +- Integrates with payment gateway +- Calculates appropriate shipping and tax + +SPEC-041: Order confirmation emails are sent after successful checkout +Addresses: REQ related to email confirmation + +SPEC-042: Users can view their order history at `/api/orders/history` + +## 6. Performance Optimizations + +SPEC-050: Product catalog data is cached using Redis +- Cache TTL is reasonable depending on usage patterns +- Cache invalidation happens as needed + +Addresses: REQ-110 + +SPEC-051: Database connection pool configuration: +- Minimum connections: 10 +- Maximum connections: 100 +- Connection timeout: 30 seconds + +Addresses: REQ-111 + +SPEC-052: The homepage is optimized to load quickly through various techniques + +## 7. API Design + +SPEC-060: All APIs follow RESTful conventions +- Proper use of HTTP methods (GET, POST, PUT, DELETE) +- Resource-based URL structure +- Standard HTTP status codes + +Addresses: REQ-120, REQ-121 + +SPEC-061: Rate limiting is implemented at the API Gateway level +- Default: 100 requests per minute per IP +- Configurable per endpoint + +Addresses: REQ-122 + +## 8. Error Handling + +SPEC-070: Error responses follow standard format: +```json +{ + "error": { + "code": "ERROR_CODE", + "message": "User-friendly message", + "details": "Technical details for debugging" + } +} +``` + +SPEC-071: Database transaction failures trigger automatic rollback +Addresses: REQ-132 + +## 9. Monitoring and Logging + +SPEC-080: All authentication attempts are logged with: +- Timestamp +- Username +- IP address +- Result (success/failure) + +Addresses: REQ-140 + +SPEC-081: Performance metrics collected for each API endpoint: +- Response time +- Error rate +- Request volume + +Addresses: REQ-141 + +## 10. Additional Features + +SPEC-090: The system includes an admin dashboard for managing products +- Admins can add, edit, and delete products +- The dashboard has a nice, modern look + +SPEC-091: Integration with social media for sharing book recommendations +- Users can share books on Facebook and Twitter +- Social media analytics are tracked + +SPEC-092: The system supports multiple payment methods including cryptocurrency +- Bitcoin and Ethereum support +- Blockchain validation for transactions + +## 11. Data Management + +SPEC-100: Daily backups are scheduled at 2 AM UTC +Addresses: REQ-112 + +SPEC-101: Product inventory is updated in real-time through event-driven architecture + +## 12. Mobile Support + +SPEC-110: The React UI is responsive and works on mobile devices +- Optimized layouts for different screen sizes +- Touch-friendly interface elements + + diff --git a/nextjs-frontend/.gitignore b/nextjs-frontend/.gitignore new file mode 100644 index 0000000..5ef6a52 --- /dev/null +++ b/nextjs-frontend/.gitignore @@ -0,0 +1,41 @@ +# See https://help.github.com/articles/ignoring-files/ for more about ignoring files. + +# dependencies +/node_modules +/.pnp +.pnp.* +.yarn/* +!.yarn/patches +!.yarn/plugins +!.yarn/releases +!.yarn/versions + +# testing +/coverage + +# next.js +/.next/ +/out/ + +# production +/build + +# misc +.DS_Store +*.pem + +# debug +npm-debug.log* +yarn-debug.log* +yarn-error.log* +.pnpm-debug.log* + +# env files (can opt-in for committing if needed) +.env* + +# vercel +.vercel + +# typescript +*.tsbuildinfo +next-env.d.ts diff --git a/nextjs-frontend/Dockerfile b/nextjs-frontend/Dockerfile new file mode 100644 index 0000000..eafdedb --- /dev/null +++ b/nextjs-frontend/Dockerfile @@ -0,0 +1,55 @@ +FROM node:18-alpine AS base + +# Install dependencies only when needed +FROM base AS deps +# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed. +RUN apk add --no-cache libc6-compat +WORKDIR /app + +# Install dependencies based on the preferred package manager +COPY package.json package-lock.json* ./ +RUN npm ci + +# Rebuild the source code only when needed +FROM base AS builder +WORKDIR /app +COPY --from=deps /app/node_modules ./node_modules +COPY . . + +# Next.js collects completely anonymous telemetry data about general usage. +# Learn more here: https://nextjs.org/telemetry +# Uncomment the following line in case you want to disable telemetry during the build. +ENV NEXT_TELEMETRY_DISABLED 1 + +RUN npm run build + +# Production image, copy all the files and run next +FROM base AS runner +WORKDIR /app + +ENV NODE_ENV production +ENV NEXT_TELEMETRY_DISABLED 1 + +RUN addgroup --system --gid 1001 nodejs +RUN adduser --system --uid 1001 nextjs + +COPY --from=builder /app/public ./public + +# Set the correct permission for prerender cache +RUN mkdir .next +RUN chown nextjs:nodejs .next + +# Automatically leverage output traces to reduce image size +# https://nextjs.org/docs/advanced-features/output-file-tracing +COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ +COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static + +USER nextjs + +EXPOSE 3000 + +ENV PORT 3000 +# set hostname to localhost +ENV HOSTNAME "0.0.0.0" + +CMD ["node", "server.js"] diff --git a/nextjs-frontend/README.md b/nextjs-frontend/README.md new file mode 100644 index 0000000..e215bc4 --- /dev/null +++ b/nextjs-frontend/README.md @@ -0,0 +1,36 @@ +This is a [Next.js](https://nextjs.org) project bootstrapped with [`create-next-app`](https://nextjs.org/docs/app/api-reference/cli/create-next-app). + +## Getting Started + +First, run the development server: + +```bash +npm run dev +# or +yarn dev +# or +pnpm dev +# or +bun dev +``` + +Open [http://localhost:3000](http://localhost:3000) with your browser to see the result. + +You can start editing the page by modifying `app/page.tsx`. The page auto-updates as you edit the file. + +This project uses [`next/font`](https://nextjs.org/docs/app/building-your-application/optimizing/fonts) to automatically optimize and load [Geist](https://vercel.com/font), a new font family for Vercel. + +## Learn More + +To learn more about Next.js, take a look at the following resources: + +- [Next.js Documentation](https://nextjs.org/docs) - learn about Next.js features and API. +- [Learn Next.js](https://nextjs.org/learn) - an interactive Next.js tutorial. + +You can check out [the Next.js GitHub repository](https://github.com/vercel/next.js) - your feedback and contributions are welcome! + +## Deploy on Vercel + +The easiest way to deploy your Next.js app is to use the [Vercel Platform](https://vercel.com/new?utm_medium=default-template&filter=next.js&utm_source=create-next-app&utm_campaign=create-next-app-readme) from the creators of Next.js. + +Check out our [Next.js deployment documentation](https://nextjs.org/docs/app/building-your-application/deploying) for more details. diff --git a/nextjs-frontend/__tests__/badge.test.tsx b/nextjs-frontend/__tests__/badge.test.tsx new file mode 100644 index 0000000..b617690 --- /dev/null +++ b/nextjs-frontend/__tests__/badge.test.tsx @@ -0,0 +1,65 @@ +import { render, screen } from "@testing-library/react"; +import { Badge, badgeVariants } from "@/components/ui/badge"; + +describe("Badge", () => { + it("renders with default styling", () => { + render(<Badge data-testid="badge">Default</Badge>); + const badge = screen.getByTestId("badge"); + expect(badge).toBeInTheDocument(); + expect(badge).toHaveTextContent("Default"); + expect(badge).toHaveClass("bg-primary"); + expect(badge).toHaveClass("text-primary-foreground"); + expect(badge).toHaveClass("rounded-full"); + }); + + it("renders with secondary variant", () => { + render(<Badge variant="secondary" data-testid="badge">Secondary</Badge>); + const badge = screen.getByTestId("badge"); + expect(badge).toHaveClass("bg-secondary"); + expect(badge).toHaveClass("text-secondary-foreground"); + }); + + it("renders with destructive variant", () => { + render(<Badge variant="destructive" data-testid="badge">Destructive</Badge>); + const badge = screen.getByTestId("badge"); + expect(badge).toHaveClass("bg-destructive"); + expect(badge).toHaveClass("text-destructive-foreground"); + }); + + it("renders with outline variant", () => { + render(<Badge variant="outline" data-testid="badge">Outline</Badge>); + const badge = screen.getByTestId("badge"); + expect(badge).toHaveClass("text-foreground"); + expect(badge).not.toHaveClass("bg-primary"); + }); + + it("applies custom className", () => { + render(<Badge className="custom-class" data-testid="badge">Custom</Badge>); + const badge = screen.getByTestId("badge"); + expect(badge).toHaveClass("custom-class"); + }); + + it("has correct base styles", () => { + render(<Badge data-testid="badge">Base</Badge>); + const badge = screen.getByTestId("badge"); + expect(badge).toHaveClass("inline-flex"); + expect(badge).toHaveClass("items-center"); + expect(badge).toHaveClass("border"); + expect(badge).toHaveClass("px-2.5"); + expect(badge).toHaveClass("py-0.5"); + expect(badge).toHaveClass("text-xs"); + expect(badge).toHaveClass("font-semibold"); + }); +}); + +describe("badgeVariants", () => { + it("generates correct default classes", () => { + const classes = badgeVariants(); + expect(classes).toContain("bg-primary"); + }); + + it("generates correct secondary classes", () => { + const classes = badgeVariants({ variant: "secondary" }); + expect(classes).toContain("bg-secondary"); + }); +}); diff --git a/nextjs-frontend/__tests__/button.test.tsx b/nextjs-frontend/__tests__/button.test.tsx new file mode 100644 index 0000000..7369c4e --- /dev/null +++ b/nextjs-frontend/__tests__/button.test.tsx @@ -0,0 +1,101 @@ +import { render, screen } from "@testing-library/react"; +import { Button, buttonVariants } from "@/components/ui/button"; + +describe("Button", () => { + it("renders a button with default styling", () => { + render(<Button>Click me</Button>); + const button = screen.getByRole("button", { name: /click me/i }); + expect(button).toBeInTheDocument(); + expect(button).toHaveClass("bg-primary"); + expect(button).toHaveClass("text-primary-foreground"); + }); + + it("renders with destructive variant", () => { + render(<Button variant="destructive">Delete</Button>); + const button = screen.getByRole("button", { name: /delete/i }); + expect(button).toHaveClass("bg-destructive"); + expect(button).toHaveClass("text-destructive-foreground"); + }); + + it("renders with outline variant", () => { + render(<Button variant="outline">Outline</Button>); + const button = screen.getByRole("button", { name: /outline/i }); + expect(button).toHaveClass("border"); + expect(button).toHaveClass("bg-background"); + }); + + it("renders with secondary variant", () => { + render(<Button variant="secondary">Secondary</Button>); + const button = screen.getByRole("button", { name: /secondary/i }); + expect(button).toHaveClass("bg-secondary"); + expect(button).toHaveClass("text-secondary-foreground"); + }); + + it("renders with ghost variant", () => { + render(<Button variant="ghost">Ghost</Button>); + const button = screen.getByRole("button", { name: /ghost/i }); + expect(button).not.toHaveClass("bg-primary"); + expect(button).toHaveClass("hover:bg-accent"); + }); + + it("renders with link variant", () => { + render(<Button variant="link">Link</Button>); + const button = screen.getByRole("button", { name: /link/i }); + expect(button).toHaveClass("text-primary"); + expect(button).toHaveClass("underline-offset-4"); + }); + + it("renders with small size", () => { + render(<Button size="sm">Small</Button>); + const button = screen.getByRole("button", { name: /small/i }); + expect(button).toHaveClass("h-9"); + expect(button).toHaveClass("px-3"); + }); + + it("renders with large size", () => { + render(<Button size="lg">Large</Button>); + const button = screen.getByRole("button", { name: /large/i }); + expect(button).toHaveClass("h-11"); + expect(button).toHaveClass("px-8"); + }); + + it("renders with icon size", () => { + render(<Button size="icon">Icon</Button>); + const button = screen.getByRole("button", { name: /icon/i }); + expect(button).toHaveClass("h-10"); + expect(button).toHaveClass("w-10"); + }); + + it("supports disabled state", () => { + render(<Button disabled>Disabled</Button>); + const button = screen.getByRole("button", { name: /disabled/i }); + expect(button).toBeDisabled(); + expect(button).toHaveClass("disabled:opacity-50"); + }); + + it("applies custom className", () => { + render(<Button className="custom-class">Custom</Button>); + const button = screen.getByRole("button", { name: /custom/i }); + expect(button).toHaveClass("custom-class"); + }); + + it("has focus ring styles for accessibility", () => { + render(<Button>Focus</Button>); + const button = screen.getByRole("button", { name: /focus/i }); + expect(button).toHaveClass("focus-visible:ring-2"); + expect(button).toHaveClass("focus-visible:ring-ring"); + }); +}); + +describe("buttonVariants", () => { + it("generates correct default classes", () => { + const classes = buttonVariants(); + expect(classes).toContain("bg-primary"); + expect(classes).toContain("h-10"); + }); + + it("generates correct variant classes", () => { + const classes = buttonVariants({ variant: "destructive" }); + expect(classes).toContain("bg-destructive"); + }); +}); diff --git a/nextjs-frontend/__tests__/card.test.tsx b/nextjs-frontend/__tests__/card.test.tsx new file mode 100644 index 0000000..9119852 --- /dev/null +++ b/nextjs-frontend/__tests__/card.test.tsx @@ -0,0 +1,102 @@ +import { render, screen } from "@testing-library/react"; +import { + Card, + CardHeader, + CardTitle, + CardDescription, + CardContent, + CardFooter, +} from "@/components/ui/card"; + +describe("Card", () => { + it("renders card with default styling", () => { + render(<Card data-testid="card">Content</Card>); + const card = screen.getByTestId("card"); + expect(card).toBeInTheDocument(); + expect(card).toHaveClass("rounded-lg"); + expect(card).toHaveClass("border"); + expect(card).toHaveClass("bg-card"); + expect(card).toHaveClass("text-card-foreground"); + expect(card).toHaveClass("shadow-sm"); + }); + + it("applies custom className", () => { + render(<Card data-testid="card" className="custom-card">Content</Card>); + const card = screen.getByTestId("card"); + expect(card).toHaveClass("custom-card"); + }); +}); + +describe("CardHeader", () => { + it("renders with correct styling", () => { + render(<CardHeader data-testid="header">Header</CardHeader>); + const header = screen.getByTestId("header"); + expect(header).toHaveClass("flex"); + expect(header).toHaveClass("flex-col"); + expect(header).toHaveClass("space-y-1.5"); + expect(header).toHaveClass("p-6"); + }); +}); + +describe("CardTitle", () => { + it("renders as h3 with correct styling", () => { + render(<CardTitle>Title</CardTitle>); + const title = screen.getByRole("heading", { level: 3 }); + expect(title).toBeInTheDocument(); + expect(title).toHaveTextContent("Title"); + expect(title).toHaveClass("text-2xl"); + expect(title).toHaveClass("font-semibold"); + expect(title).toHaveClass("tracking-tight"); + }); +}); + +describe("CardDescription", () => { + it("renders with muted styling", () => { + render(<CardDescription data-testid="desc">Description</CardDescription>); + const desc = screen.getByTestId("desc"); + expect(desc).toHaveTextContent("Description"); + expect(desc).toHaveClass("text-sm"); + expect(desc).toHaveClass("text-muted-foreground"); + }); +}); + +describe("CardContent", () => { + it("renders with correct padding", () => { + render(<CardContent data-testid="content">Content</CardContent>); + const content = screen.getByTestId("content"); + expect(content).toHaveClass("p-6"); + expect(content).toHaveClass("pt-0"); + }); +}); + +describe("CardFooter", () => { + it("renders with flex layout", () => { + render(<CardFooter data-testid="footer">Footer</CardFooter>); + const footer = screen.getByTestId("footer"); + expect(footer).toHaveClass("flex"); + expect(footer).toHaveClass("items-center"); + expect(footer).toHaveClass("p-6"); + expect(footer).toHaveClass("pt-0"); + }); +}); + +describe("Card composition", () => { + it("renders a complete card with all components", () => { + render( + <Card data-testid="card"> + <CardHeader> + <CardTitle>Card Title</CardTitle> + <CardDescription>Card Description</CardDescription> + </CardHeader> + <CardContent>Card Content</CardContent> + <CardFooter>Card Footer</CardFooter> + </Card> + ); + + expect(screen.getByTestId("card")).toBeInTheDocument(); + expect(screen.getByRole("heading", { name: /card title/i })).toBeInTheDocument(); + expect(screen.getByText("Card Description")).toBeInTheDocument(); + expect(screen.getByText("Card Content")).toBeInTheDocument(); + expect(screen.getByText("Card Footer")).toBeInTheDocument(); + }); +}); diff --git a/nextjs-frontend/__tests__/navbar-authenticated.test.tsx b/nextjs-frontend/__tests__/navbar-authenticated.test.tsx new file mode 100644 index 0000000..14baa97 --- /dev/null +++ b/nextjs-frontend/__tests__/navbar-authenticated.test.tsx @@ -0,0 +1,27 @@ +import { render, screen } from "@testing-library/react"; +import { Navbar } from "@/components/navbar"; + +jest.mock("next/navigation", () => ({ + useRouter: () => ({ + push: jest.fn(), + }), +})); + +jest.mock("@/context/AuthContext", () => ({ + useAuth: () => ({ + user: { username: "testuser" }, + logout: jest.fn(), + }), +})); + +describe("Navbar - Authenticated User", () => { + it("shows username when user is authenticated", () => { + render(<Navbar />); + expect(screen.getByText("Hi, testuser")).toBeInTheDocument(); + }); + + it("shows logout button when user is authenticated", () => { + render(<Navbar />); + expect(screen.getByRole("button", { name: /logout/i })).toBeInTheDocument(); + }); +}); diff --git a/nextjs-frontend/__tests__/navbar.test.tsx b/nextjs-frontend/__tests__/navbar.test.tsx new file mode 100644 index 0000000..44016ad --- /dev/null +++ b/nextjs-frontend/__tests__/navbar.test.tsx @@ -0,0 +1,58 @@ +import { render, screen } from "@testing-library/react"; +import { Navbar } from "@/components/navbar"; + +jest.mock("next/navigation", () => ({ + useRouter: () => ({ + push: jest.fn(), + }), +})); + +const mockUser = { username: "testuser" }; + +jest.mock("@/context/AuthContext", () => ({ + useAuth: () => ({ + user: null, + logout: jest.fn(), + }), +})); + +describe("Navbar", () => { + it("renders the navbar with brand name", () => { + render(<Navbar />); + expect(screen.getByText("Bookstore R Us")).toBeInTheDocument(); + }); + + it("renders navigation links for categories", () => { + render(<Navbar />); + expect(screen.getByText("Books")).toBeInTheDocument(); + expect(screen.getByText("Music")).toBeInTheDocument(); + expect(screen.getByText("Beauty")).toBeInTheDocument(); + expect(screen.getByText("Electronics")).toBeInTheDocument(); + }); + + it("renders cart button", () => { + render(<Navbar />); + expect(screen.getByRole("link", { name: /cart/i })).toBeInTheDocument(); + }); + + it("renders login button when user is not authenticated", () => { + render(<Navbar />); + expect(screen.getByText("Login")).toBeInTheDocument(); + }); + + it("has sticky positioning", () => { + render(<Navbar />); + // Get the main nav (first one) - there are nested navs in the component + const navs = screen.getAllByRole("navigation"); + const mainNav = navs[0]; + expect(mainNav).toHaveClass("sticky"); + expect(mainNav).toHaveClass("top-0"); + }); + + it("has dark-mode friendly background classes", () => { + render(<Navbar />); + const navs = screen.getAllByRole("navigation"); + const mainNav = navs[0]; + expect(mainNav).toHaveClass("bg-background/95"); + }); +}); diff --git a/nextjs-frontend/__tests__/product-card.test.tsx b/nextjs-frontend/__tests__/product-card.test.tsx new file mode 100644 index 0000000..b780edf --- /dev/null +++ b/nextjs-frontend/__tests__/product-card.test.tsx @@ -0,0 +1,84 @@ +import { render, screen } from "@testing-library/react"; +import { ProductCard, Product } from "@/components/product-card"; + +const mockProduct: Product = { + id: "test-asin-123", + title: "Test Product Title", + price: 29.99, + imUrl: "https://example.com/image.jpg", + category: "Books", +}; + +const mockProductWithObjectId: Product = { + id: { asin: "asin-object-456" }, + title: "Object ID Product", + price: 49.99, + imUrl: "https://example.com/image2.jpg", + category: "Electronics", +}; + +describe("ProductCard", () => { + it("renders product title", () => { + render(<ProductCard product={mockProduct} />); + expect(screen.getByText("Test Product Title")).toBeInTheDocument(); + }); + + it("renders product price formatted correctly", () => { + render(<ProductCard product={mockProduct} />); + expect(screen.getByText("$29.99")).toBeInTheDocument(); + }); + + it("renders product category as a badge", () => { + render(<ProductCard product={mockProduct} />); + expect(screen.getByText("Books")).toBeInTheDocument(); + }); + + it("renders product image with alt text", () => { + render(<ProductCard product={mockProduct} />); + const img = screen.getByAltText("Test Product Title"); + expect(img).toBeInTheDocument(); + expect(img).toHaveAttribute("src", "https://example.com/image.jpg"); + }); + + it("renders Add to Cart button", () => { + render(<ProductCard product={mockProduct} />); + expect(screen.getByRole("button", { name: /add to cart/i })).toBeInTheDocument(); + }); + + it("links to product page with string id", () => { + render(<ProductCard product={mockProduct} />); + const links = screen.getAllByRole("link"); + const productLinks = links.filter(link => + link.getAttribute("href")?.includes("/product/test-asin-123") + ); + expect(productLinks.length).toBeGreaterThan(0); + }); + + it("links to product page with object id", () => { + render(<ProductCard product={mockProductWithObjectId} />); + const links = screen.getAllByRole("link"); + const productLinks = links.filter(link => + link.getAttribute("href")?.includes("/product/asin-object-456") + ); + expect(productLinks.length).toBeGreaterThan(0); + }); + + it("renders with X.com-inspired styling", () => { + const { container } = render(<ProductCard product={mockProduct} />); + const card = container.firstChild as HTMLElement; + expect(card).toHaveClass("rounded-xl"); + expect(card).toHaveClass("hover:border-primary/50"); + }); + + it("displays star rating", () => { + render(<ProductCard product={mockProduct} />); + expect(screen.getByText("4.5")).toBeInTheDocument(); + }); + + it("price is styled with primary color", () => { + render(<ProductCard product={mockProduct} />); + const priceElement = screen.getByText("$29.99"); + expect(priceElement).toHaveClass("text-primary"); + expect(priceElement).toHaveClass("font-extrabold"); + }); +}); diff --git a/nextjs-frontend/eslint.config.mjs b/nextjs-frontend/eslint.config.mjs new file mode 100644 index 0000000..05e726d --- /dev/null +++ b/nextjs-frontend/eslint.config.mjs @@ -0,0 +1,18 @@ +import { defineConfig, globalIgnores } from "eslint/config"; +import nextVitals from "eslint-config-next/core-web-vitals"; +import nextTs from "eslint-config-next/typescript"; + +const eslintConfig = defineConfig([ + ...nextVitals, + ...nextTs, + // Override default ignores of eslint-config-next. + globalIgnores([ + // Default ignores of eslint-config-next: + ".next/**", + "out/**", + "build/**", + "next-env.d.ts", + ]), +]); + +export default eslintConfig; diff --git a/nextjs-frontend/jest.config.js b/nextjs-frontend/jest.config.js new file mode 100644 index 0000000..0ac7e03 --- /dev/null +++ b/nextjs-frontend/jest.config.js @@ -0,0 +1,23 @@ +const nextJest = require("next/jest"); + +const createJestConfig = nextJest({ + dir: "./", +}); + +/** @type {import('jest').Config} */ +const config = { + testEnvironment: "jsdom", + setupFilesAfterEnv: ["<rootDir>/jest.setup.ts"], + moduleNameMapper: { + "^@/(.*)$": "<rootDir>/src/$1", + }, + testPathIgnorePatterns: ["<rootDir>/.next/", "<rootDir>/node_modules/"], + collectCoverageFrom: [ + "src/**/*.{ts,tsx}", + "!src/**/*.d.ts", + "!src/app/layout.tsx", + "!src/app/providers.tsx", + ], +}; + +module.exports = createJestConfig(config); diff --git a/nextjs-frontend/jest.setup.ts b/nextjs-frontend/jest.setup.ts new file mode 100644 index 0000000..d0de870 --- /dev/null +++ b/nextjs-frontend/jest.setup.ts @@ -0,0 +1 @@ +import "@testing-library/jest-dom"; diff --git a/nextjs-frontend/next.config.mjs b/nextjs-frontend/next.config.mjs new file mode 100644 index 0000000..a3f0847 --- /dev/null +++ b/nextjs-frontend/next.config.mjs @@ -0,0 +1,26 @@ +/** @type {import('next').NextConfig} */ +const nextConfig = { + images: { + remotePatterns: [ + { + protocol: 'http', + hostname: 'ecx.images-amazon.com', + }, + { + protocol: 'https', + hostname: 'ecx.images-amazon.com', + }, + { + protocol: 'http', + hostname: 'images-na.ssl-images-amazon.com', + }, + { + protocol: 'https', + hostname: 'images-na.ssl-images-amazon.com', + } + ], + unoptimized: true + } +}; + +export default nextConfig; diff --git a/nextjs-frontend/next.config.ts b/nextjs-frontend/next.config.ts new file mode 100644 index 0000000..e9ffa30 --- /dev/null +++ b/nextjs-frontend/next.config.ts @@ -0,0 +1,7 @@ +import type { NextConfig } from "next"; + +const nextConfig: NextConfig = { + /* config options here */ +}; + +export default nextConfig; diff --git a/nextjs-frontend/package.json b/nextjs-frontend/package.json new file mode 100644 index 0000000..a05b697 --- /dev/null +++ b/nextjs-frontend/package.json @@ -0,0 +1,42 @@ +{ + "name": "nextjs-frontend", + "version": "0.1.0", + "private": true, + "scripts": { + "dev": "next dev", + "build": "next build", + "start": "next start", + "lint": "eslint", + "test": "jest", + "test:coverage": "jest --coverage" + }, + "dependencies": { + "@radix-ui/react-label": "^2.1.8", + "@radix-ui/react-slot": "^1.2.4", + "axios": "^1.13.2", + "class-variance-authority": "^0.7.1", + "clsx": "^2.1.1", + "lucide-react": "^0.556.0", + "next": "16.0.7", + "react": "19.2.0", + "react-dom": "19.2.0", + "tailwind-merge": "^3.4.0", + "tailwindcss-animate": "^1.0.7" + }, + "devDependencies": { + "@tailwindcss/postcss": "^4", + "@testing-library/jest-dom": "^6.9.1", + "@testing-library/react": "^16.3.0", + "@types/jest": "^30.0.0", + "@types/node": "^20", + "@types/react": "^19", + "@types/react-dom": "^19", + "eslint": "^9", + "eslint-config-next": "16.0.7", + "jest": "^30.2.0", + "jest-environment-jsdom": "^30.2.0", + "tailwindcss": "^4", + "ts-jest": "^29.4.6", + "typescript": "^5" + } +} diff --git a/nextjs-frontend/postcss.config.mjs b/nextjs-frontend/postcss.config.mjs new file mode 100644 index 0000000..61e3684 --- /dev/null +++ b/nextjs-frontend/postcss.config.mjs @@ -0,0 +1,7 @@ +const config = { + plugins: { + "@tailwindcss/postcss": {}, + }, +}; + +export default config; diff --git a/nextjs-frontend/public/file.svg b/nextjs-frontend/public/file.svg new file mode 100644 index 0000000..004145c --- /dev/null +++ b/nextjs-frontend/public/file.svg @@ -0,0 +1 @@ +<svg fill="none" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M14.5 13.5V5.41a1 1 0 0 0-.3-.7L9.8.29A1 1 0 0 0 9.08 0H1.5v13.5A2.5 2.5 0 0 0 4 16h8a2.5 2.5 0 0 0 2.5-2.5m-1.5 0v-7H8v-5H3v12a1 1 0 0 0 1 1h8a1 1 0 0 0 1-1M9.5 5V2.12L12.38 5zM5.13 5h-.62v1.25h2.12V5zm-.62 3h7.12v1.25H4.5zm.62 3h-.62v1.25h7.12V11z" clip-rule="evenodd" fill="#666" fill-rule="evenodd"/></svg> \ No newline at end of file diff --git a/nextjs-frontend/public/globe.svg b/nextjs-frontend/public/globe.svg new file mode 100644 index 0000000..567f17b --- /dev/null +++ b/nextjs-frontend/public/globe.svg @@ -0,0 +1 @@ +<svg fill="none" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><g clip-path="url(#a)"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.27 14.1a6.5 6.5 0 0 0 3.67-3.45q-1.24.21-2.7.34-.31 1.83-.97 3.1M8 16A8 8 0 1 0 8 0a8 8 0 0 0 0 16m.48-1.52a7 7 0 0 1-.96 0H7.5a4 4 0 0 1-.84-1.32q-.38-.89-.63-2.08a40 40 0 0 0 3.92 0q-.25 1.2-.63 2.08a4 4 0 0 1-.84 1.31zm2.94-4.76q1.66-.15 2.95-.43a7 7 0 0 0 0-2.58q-1.3-.27-2.95-.43a18 18 0 0 1 0 3.44m-1.27-3.54a17 17 0 0 1 0 3.64 39 39 0 0 1-4.3 0 17 17 0 0 1 0-3.64 39 39 0 0 1 4.3 0m1.1-1.17q1.45.13 2.69.34a6.5 6.5 0 0 0-3.67-3.44q.65 1.26.98 3.1M8.48 1.5l.01.02q.41.37.84 1.31.38.89.63 2.08a40 40 0 0 0-3.92 0q.25-1.2.63-2.08a4 4 0 0 1 .85-1.32 7 7 0 0 1 .96 0m-2.75.4a6.5 6.5 0 0 0-3.67 3.44 29 29 0 0 1 2.7-.34q.31-1.83.97-3.1M4.58 6.28q-1.66.16-2.95.43a7 7 0 0 0 0 2.58q1.3.27 2.95.43a18 18 0 0 1 0-3.44m.17 4.71q-1.45-.12-2.69-.34a6.5 6.5 0 0 0 3.67 3.44q-.65-1.27-.98-3.1" fill="#666"/></g><defs><clipPath id="a"><path fill="#fff" d="M0 0h16v16H0z"/></clipPath></defs></svg> \ No newline at end of file diff --git a/nextjs-frontend/public/next.svg b/nextjs-frontend/public/next.svg new file mode 100644 index 0000000..5174b28 --- /dev/null +++ b/nextjs-frontend/public/next.svg @@ -0,0 +1 @@ +<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 394 80"><path fill="#000" d="M262 0h68.5v12.7h-27.2v66.6h-13.6V12.7H262V0ZM149 0v12.7H94v20.4h44.3v12.6H94v21h55v12.6H80.5V0h68.7zm34.3 0h-17.8l63.8 79.4h17.9l-32-39.7 32-39.6h-17.9l-23 28.6-23-28.6zm18.3 56.7-9-11-27.1 33.7h17.8l18.3-22.7z"/><path fill="#000" d="M81 79.3 17 0H0v79.3h13.6V17l50.2 62.3H81Zm252.6-.4c-1 0-1.8-.4-2.5-1s-1.1-1.6-1.1-2.6.3-1.8 1-2.5 1.6-1 2.6-1 1.8.3 2.5 1a3.4 3.4 0 0 1 .6 4.3 3.7 3.7 0 0 1-3 1.8zm23.2-33.5h6v23.3c0 2.1-.4 4-1.3 5.5a9.1 9.1 0 0 1-3.8 3.5c-1.6.8-3.5 1.3-5.7 1.3-2 0-3.7-.4-5.3-1s-2.8-1.8-3.7-3.2c-.9-1.3-1.4-3-1.4-5h6c.1.8.3 1.6.7 2.2s1 1.2 1.6 1.5c.7.4 1.5.5 2.4.5 1 0 1.8-.2 2.4-.6a4 4 0 0 0 1.6-1.8c.3-.8.5-1.8.5-3V45.5zm30.9 9.1a4.4 4.4 0 0 0-2-3.3 7.5 7.5 0 0 0-4.3-1.1c-1.3 0-2.4.2-3.3.5-.9.4-1.6 1-2 1.6a3.5 3.5 0 0 0-.3 4c.3.5.7.9 1.3 1.2l1.8 1 2 .5 3.2.8c1.3.3 2.5.7 3.7 1.2a13 13 0 0 1 3.2 1.8 8.1 8.1 0 0 1 3 6.5c0 2-.5 3.7-1.5 5.1a10 10 0 0 1-4.4 3.5c-1.8.8-4.1 1.2-6.8 1.2-2.6 0-4.9-.4-6.8-1.2-2-.8-3.4-2-4.5-3.5a10 10 0 0 1-1.7-5.6h6a5 5 0 0 0 3.5 4.6c1 .4 2.2.6 3.4.6 1.3 0 2.5-.2 3.5-.6 1-.4 1.8-1 2.4-1.7a4 4 0 0 0 .8-2.4c0-.9-.2-1.6-.7-2.2a11 11 0 0 0-2.1-1.4l-3.2-1-3.8-1c-2.8-.7-5-1.7-6.6-3.2a7.2 7.2 0 0 1-2.4-5.7 8 8 0 0 1 1.7-5 10 10 0 0 1 4.3-3.5c2-.8 4-1.2 6.4-1.2 2.3 0 4.4.4 6.2 1.2 1.8.8 3.2 2 4.3 3.4 1 1.4 1.5 3 1.5 5h-5.8z"/></svg> \ No newline at end of file diff --git a/nextjs-frontend/public/vercel.svg b/nextjs-frontend/public/vercel.svg new file mode 100644 index 0000000..7705396 --- /dev/null +++ b/nextjs-frontend/public/vercel.svg @@ -0,0 +1 @@ +<svg fill="none" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1155 1000"><path d="m577.3 0 577.4 1000H0z" fill="#fff"/></svg> \ No newline at end of file diff --git a/nextjs-frontend/public/window.svg b/nextjs-frontend/public/window.svg new file mode 100644 index 0000000..b2b2a44 --- /dev/null +++ b/nextjs-frontend/public/window.svg @@ -0,0 +1 @@ +<svg fill="none" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path fill-rule="evenodd" clip-rule="evenodd" d="M1.5 2.5h13v10a1 1 0 0 1-1 1h-11a1 1 0 0 1-1-1zM0 1h16v11.5a2.5 2.5 0 0 1-2.5 2.5h-11A2.5 2.5 0 0 1 0 12.5zm3.75 4.5a.75.75 0 1 0 0-1.5.75.75 0 0 0 0 1.5M7 4.75a.75.75 0 1 1-1.5 0 .75.75 0 0 1 1.5 0m1.75.75a.75.75 0 1 0 0-1.5.75.75 0 0 0 0 1.5" fill="#666"/></svg> \ No newline at end of file diff --git a/nextjs-frontend/src/app/(auth)/login/page.tsx b/nextjs-frontend/src/app/(auth)/login/page.tsx new file mode 100644 index 0000000..2f108dd --- /dev/null +++ b/nextjs-frontend/src/app/(auth)/login/page.tsx @@ -0,0 +1,79 @@ +"use client" + +import { useState } from "react" +import { useAuth } from "@/context/AuthContext" +import { Button } from "@/components/ui/button" +import { Input } from "@/components/ui/input" +import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from "@/components/ui/card" +import { Label } from "@/components/ui/label" +import Link from "next/link" +import axios from "axios" + +export default function LoginPage() { + const [username, setUsername] = useState("") + const [password, setPassword] = useState("") + const [error, setError] = useState("") + const { login } = useAuth() + + const handleSubmit = async (e: React.FormEvent) => { + e.preventDefault() + setError("") + try { + // In dev we point to local API Gateway, in prod this would be env var + const API_URL = "http://localhost:8081/login-microservice/login" + const res = await axios.post(API_URL, { username, password }) + login(res.data.access_token, username) + } catch (err: any) { + if (err.response) { + setError(err.response.data.detail || "Login failed") + } else { + setError("Network error. Is the backend running?") + } + } + } + + return ( + <div className="flex items-center justify-center min-h-screen bg-muted/40"> + <Card className="w-full max-w-sm"> + <CardHeader> + <CardTitle className="text-2xl">Login</CardTitle> + <CardDescription> + Enter your credentials to access your account. + </CardDescription> + </CardHeader> + <form onSubmit={handleSubmit}> + <CardContent className="grid gap-4"> + {error && <div className="text-red-500 text-sm">{error}</div>} + <div className="grid gap-2"> + <Label htmlFor="username">Username</Label> + <Input + id="username" + type="text" + placeholder="u1001" + required + value={username} + onChange={(e) => setUsername(e.target.value)} + /> + </div> + <div className="grid gap-2"> + <Label htmlFor="password">Password</Label> + <Input + id="password" + type="password" + required + value={password} + onChange={(e) => setPassword(e.target.value)} + /> + </div> + </CardContent> + <CardFooter className="flex flex-col gap-2"> + <Button className="w-full" type="submit">Sign in</Button> + <div className="text-sm text-center text-muted-foreground"> + Don't have an account? <Link href="/register" className="underline">Sign up</Link> + </div> + </CardFooter> + </form> + </Card> + </div> + ) +} diff --git a/nextjs-frontend/src/app/(auth)/register/page.tsx b/nextjs-frontend/src/app/(auth)/register/page.tsx new file mode 100644 index 0000000..e36a6f9 --- /dev/null +++ b/nextjs-frontend/src/app/(auth)/register/page.tsx @@ -0,0 +1,90 @@ +"use client" + +import { useState } from "react" +import { useAuth } from "@/context/AuthContext" +import { Button } from "@/components/ui/button" +import { Input } from "@/components/ui/input" +import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from "@/components/ui/card" +import { Label } from "@/components/ui/label" +import Link from "next/link" +import axios from "axios" +import { useRouter } from "next/navigation" + +export default function RegisterPage() { + const [username, setUsername] = useState("") + const [password, setPassword] = useState("") + const [email, setEmail] = useState("") + const [error, setError] = useState("") + const router = useRouter() + + const handleSubmit = async (e: React.FormEvent) => { + e.preventDefault() + setError("") + try { + const API_URL = "http://localhost:8081/login-microservice/register" + await axios.post(API_URL, { username, password, email }) + router.push("/login") + } catch (err: any) { + if (err.response) { + setError(err.response.data.detail || "Registration failed") + } else { + setError("Network error") + } + } + } + + return ( + <div className="flex items-center justify-center min-h-screen bg-muted/40"> + <Card className="w-full max-w-sm"> + <CardHeader> + <CardTitle className="text-2xl">Register</CardTitle> + <CardDescription> + Create a new account to get started. + </CardDescription> + </CardHeader> + <form onSubmit={handleSubmit}> + <CardContent className="grid gap-4"> + {error && <div className="text-red-500 text-sm">{error}</div>} + <div className="grid gap-2"> + <Label htmlFor="username">Username</Label> + <Input + id="username" + type="text" + placeholder="jdoe" + required + value={username} + onChange={(e) => setUsername(e.target.value)} + /> + </div> + <div className="grid gap-2"> + <Label htmlFor="email">Email (Optional)</Label> + <Input + id="email" + type="email" + placeholder="m@example.com" + value={email} + onChange={(e) => setEmail(e.target.value)} + /> + </div> + <div className="grid gap-2"> + <Label htmlFor="password">Password</Label> + <Input + id="password" + type="password" + required + value={password} + onChange={(e) => setPassword(e.target.value)} + /> + </div> + </CardContent> + <CardFooter className="flex flex-col gap-2"> + <Button className="w-full" type="submit">Create account</Button> + <div className="text-sm text-center text-muted-foreground"> + Already have an account? <Link href="/login" className="underline">Sign in</Link> + </div> + </CardFooter> + </form> + </Card> + </div> + ) +} diff --git a/nextjs-frontend/src/app/cart/page.tsx b/nextjs-frontend/src/app/cart/page.tsx new file mode 100644 index 0000000..ad1db55 --- /dev/null +++ b/nextjs-frontend/src/app/cart/page.tsx @@ -0,0 +1,175 @@ +"use client" + +import { useEffect, useState } from "react" +import { useAuth } from "@/context/AuthContext" +import { Navbar } from "@/components/navbar" +import { Button } from "@/components/ui/button" +import { Card, CardContent, CardFooter, CardHeader, CardTitle } from "@/components/ui/card" +import { Loader2, Trash2 } from "lucide-react" +import Link from "next/link" +import axios from "axios" +import { useRouter } from "next/navigation" + +interface CartItem { + asin: string + quantity: number + title: string + price: number + imUrl: string +} + +export default function CartPage() { + const { user, token, isLoading } = useAuth() + const [cartItems, setCartItems] = useState<CartItem[]>([]) + const [loadingCart, setLoadingCart] = useState(true) + const [checkoutStatus, setCheckoutStatus] = useState("") + const router = useRouter() + + useEffect(() => { + if (!isLoading && !user) { + router.push("/login") + } else if (user) { + fetchCart() + } + }, [user, isLoading, router]) + + const fetchCart = async () => { + setLoadingCart(true) + try { + // 1. Get items (asin -> qty) + const res = await axios.get(`http://localhost:8081/cart-microservice/shoppingCart/productsInCart?userid=${user?.username}`) + const itemsMap = res.data + + // 2. Hydrate with product details + const hydratedItems: CartItem[] = [] + for (const [asin, qty] of Object.entries(itemsMap)) { + try { + const prodRes = await axios.get(`http://localhost:8081/products-microservice/product/${asin}`) + const prod = prodRes.data + hydratedItems.push({ + asin: asin, + quantity: qty as number, + title: prod.title, + price: prod.price, + imUrl: prod.imUrl + }) + } catch (e) { + // If product not found, maybe just skip or show minimal + console.error("Failed to fetch product", asin) + } + } + setCartItems(hydratedItems) + } catch (error) { + console.error("Failed to fetch cart", error) + } finally { + setLoadingCart(false) + } + } + + const removeItem = async (asin: string) => { + try { + await axios.get(`http://localhost:8081/cart-microservice/shoppingCart/removeProduct?userid=${user?.username}&asin=${asin}`) + fetchCart() // Refresh + } catch (error) { + console.error("Failed to remove item", error) + } + } + + const checkout = async () => { + try { + setCheckoutStatus("processing") + const res = await axios.post(`http://localhost:8081/checkout-microservice/shoppingCart/checkout?userid=${user?.username}`) + if (res.data.status === "SUCCESS") { + setCheckoutStatus("success") + setCartItems([]) // Clear local cart + } else { + setCheckoutStatus("failed") + alert(res.data.orderDetails) + } + } catch (error) { + console.error("Checkout failed", error) + setCheckoutStatus("failed") + } + } + + if (isLoading || (loadingCart && user)) { + return ( + <div className="flex min-h-screen flex-col"> + <Navbar /> + <div className="flex-1 flex items-center justify-center"> + <Loader2 className="h-8 w-8 animate-spin" /> + </div> + </div> + ) + } + + const total = cartItems.reduce((acc, item) => acc + item.price * item.quantity, 0) + + return ( + <div className="flex min-h-screen flex-col"> + <Navbar /> + <main className="container py-8 flex-1"> + <h1 className="text-3xl font-bold tracking-tight mb-8">Shopping Cart</h1> + + {checkoutStatus === "success" ? ( + <Card className="max-w-md mx-auto text-center p-8"> + <CardTitle className="mb-4 text-green-600">Order Placed Successfully!</CardTitle> + <p className="text-muted-foreground mb-6">Thank you for your purchase.</p> + <Link href="/"> + <Button>Continue Shopping</Button> + </Link> + </Card> + ) : cartItems.length === 0 ? ( + <div className="text-center py-20"> + <p className="text-muted-foreground mb-4">Your cart is empty.</p> + <Link href="/"> + <Button>Start Shopping</Button> + </Link> + </div> + ) : ( + <div className="grid grid-cols-1 lg:grid-cols-3 gap-8"> + <div className="lg:col-span-2 space-y-4"> + {cartItems.map((item) => ( + <Card key={item.asin} className="flex flex-row p-4 items-center gap-4"> + <div className="w-20 h-20 relative overflow-hidden rounded border shrink-0"> + <img src={item.imUrl} alt={item.title} className="object-cover w-full h-full" /> + </div> + <div className="flex-1"> + <h3 className="font-semibold line-clamp-1">{item.title}</h3> + <div className="text-sm text-muted-foreground">Qty: {item.quantity}</div> + <div className="font-bold">${item.price.toFixed(2)}</div> + </div> + <Button variant="ghost" size="icon" className="text-destructive" onClick={() => removeItem(item.asin)}> + <Trash2 className="h-5 w-5" /> + </Button> + </Card> + ))} + </div> + <div> + <Card> + <CardHeader> + <CardTitle>Order Summary</CardTitle> + </CardHeader> + <CardContent className="space-y-2"> + <div className="flex justify-between"> + <span>Subtotal</span> + <span>${total.toFixed(2)}</span> + </div> + <div className="flex justify-between font-bold text-lg pt-4 border-t"> + <span>Total</span> + <span>${total.toFixed(2)}</span> + </div> + </CardContent> + <CardFooter> + <Button className="w-full" size="lg" onClick={checkout} disabled={checkoutStatus === "processing"}> + {checkoutStatus === "processing" ? "Processing..." : "Checkout"} + </Button> + </CardFooter> + </Card> + </div> + </div> + )} + </main> + </div> + ) +} diff --git a/nextjs-frontend/src/app/favicon.ico b/nextjs-frontend/src/app/favicon.ico new file mode 100644 index 0000000..718d6fe Binary files /dev/null and b/nextjs-frontend/src/app/favicon.ico differ diff --git a/nextjs-frontend/src/app/globals.css b/nextjs-frontend/src/app/globals.css new file mode 100644 index 0000000..cc24148 --- /dev/null +++ b/nextjs-frontend/src/app/globals.css @@ -0,0 +1,81 @@ +@tailwind base; +@tailwind components; +@tailwind utilities; + +@layer base { + /* X.com / Twitter-inspired color scheme */ + /* Default: Dark mode (X.com style) */ + :root { + --background: 0 0% 0%; + --foreground: 0 0% 100%; + + --card: 0 0% 0%; + --card-foreground: 0 0% 100%; + + --popover: 0 0% 8%; + --popover-foreground: 0 0% 100%; + + /* X.com Blue: #1D9BF0 = hsl(204, 88%, 53%) */ + --primary: 204 88% 53%; + --primary-foreground: 0 0% 100%; + + --secondary: 0 0% 15%; + --secondary-foreground: 0 0% 100%; + + --muted: 0 0% 15%; + --muted-foreground: 0 0% 60%; + + --accent: 0 0% 15%; + --accent-foreground: 0 0% 100%; + + --destructive: 0 100% 50%; + --destructive-foreground: 0 0% 100%; + + --border: 0 0% 20%; + --input: 0 0% 20%; + --ring: 204 88% 53%; + + --radius: 9999px; + } + + /* Light mode option */ + .light { + --background: 0 0% 100%; + --foreground: 0 0% 0%; + + --card: 0 0% 100%; + --card-foreground: 0 0% 0%; + + --popover: 0 0% 100%; + --popover-foreground: 0 0% 0%; + + --primary: 204 88% 53%; + --primary-foreground: 0 0% 100%; + + --secondary: 0 0% 96%; + --secondary-foreground: 0 0% 0%; + + --muted: 0 0% 96%; + --muted-foreground: 0 0% 45%; + + --accent: 0 0% 96%; + --accent-foreground: 0 0% 0%; + + --destructive: 0 100% 50%; + --destructive-foreground: 0 0% 100%; + + --border: 0 0% 90%; + --input: 0 0% 90%; + --ring: 204 88% 53%; + } +} + +@layer base { + * { + @apply border-border; + } + body { + @apply bg-background text-foreground; + font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif; + } +} diff --git a/nextjs-frontend/src/app/layout.tsx b/nextjs-frontend/src/app/layout.tsx new file mode 100644 index 0000000..a545183 --- /dev/null +++ b/nextjs-frontend/src/app/layout.tsx @@ -0,0 +1,28 @@ +import type { Metadata } from "next"; +import { Inter } from "next/font/google"; +import "./globals.css"; +import { Providers } from "./providers"; +import { cn } from "@/lib/utils"; + +const inter = Inter({ subsets: ["latin"] }); + +export const metadata: Metadata = { + title: "Bookstore R Us", + description: "Your favorite bookstore, reimagined.", +}; + +export default function RootLayout({ + children, +}: Readonly<{ + children: React.ReactNode; +}>) { + return ( + <html lang="en"> + <body className={cn(inter.className, "min-h-screen bg-background font-sans antialiased")}> + <Providers> + {children} + </Providers> + </body> + </html> + ); +} diff --git a/nextjs-frontend/src/app/page.tsx b/nextjs-frontend/src/app/page.tsx new file mode 100644 index 0000000..a56e82c --- /dev/null +++ b/nextjs-frontend/src/app/page.tsx @@ -0,0 +1,109 @@ +import { Navbar } from "@/components/navbar"; +import { ProductCard } from "@/components/product-card"; +import { Button } from "@/components/ui/button"; +import Link from "next/link"; +import { ArrowRight } from "lucide-react"; + +async function getProducts(category: string) { + // SSR Fetch + try { + // Use Docker internal URL if running in Docker, else localhost + // Since specific instructions said "Run services locally (Docker)", we might be outside docker now calling localhost + const res = await fetch(`http://localhost:8081/products-microservice/products/category/${category}?page=0&size=4`, { cache: 'no-store' }); + if (!res.ok) return []; + const data = await res.json(); + return data.content || []; + } catch (e) { + console.error(e); + return []; + } +} + +export default async function Home() { + const books = await getProducts("Books"); + const music = await getProducts("Music"); + const electronics = await getProducts("Electronics"); + + return ( + <div className="flex min-h-screen flex-col"> + <Navbar /> + <main className="flex-1"> + {/* Hero Section - X.com inspired */} + <section className="py-16 md:py-24 lg:py-32 border-b border-border"> + <div className="container px-4 md:px-6"> + <div className="flex flex-col items-center space-y-6 text-center"> + <div className="space-y-4"> + <h1 className="text-4xl font-extrabold tracking-tight sm:text-5xl md:text-6xl lg:text-7xl"> + Your Favorite Bookstore, <span className="text-primary">Reimagined.</span> + </h1> + <p className="mx-auto max-w-[700px] text-muted-foreground text-lg md:text-xl"> + Discover the best books, music, and electronics. Secure, fast, and built for you. + </p> + </div> + <div className="flex gap-4"> + <Link href="/products/Books"> + <Button size="lg" className="font-bold px-8">Shop Books</Button> + </Link> + <Link href="/register"> + <Button variant="outline" size="lg" className="font-bold px-8 border-primary text-primary hover:bg-primary hover:text-primary-foreground">Join Now</Button> + </Link> + </div> + </div> + </div> + </section> + + {/* Bestsellers Section */} + <section className="container py-12 space-y-16"> + {books.length > 0 && ( + <div className="space-y-6"> + <div className="flex items-center justify-between border-b border-border pb-4"> + <h2 className="text-xl font-extrabold tracking-tight">Best Sellers in Books</h2> + <Link href="/products/Books" className="flex items-center text-primary font-semibold hover:underline"> + View all <ArrowRight className="ml-2 h-4 w-4" /> + </Link> + </div> + <div className="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-4 gap-6"> + {books.map((p: any) => <ProductCard key={p.id.asin || p.id} product={p} />)} + </div> + </div> + )} + + {music.length > 0 && ( + <div className="space-y-6"> + <div className="flex items-center justify-between border-b border-border pb-4"> + <h2 className="text-xl font-extrabold tracking-tight">Top Music</h2> + <Link href="/products/Music" className="flex items-center text-primary font-semibold hover:underline"> + View all <ArrowRight className="ml-2 h-4 w-4" /> + </Link> + </div> + <div className="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-4 gap-6"> + {music.map((p: any) => <ProductCard key={p.id.asin || p.id} product={p} />)} + </div> + </div> + )} + + {electronics.length > 0 && ( + <div className="space-y-6"> + <div className="flex items-center justify-between border-b border-border pb-4"> + <h2 className="text-xl font-extrabold tracking-tight">Electronics & Gadgets</h2> + <Link href="/products/Electronics" className="flex items-center text-primary font-semibold hover:underline"> + View all <ArrowRight className="ml-2 h-4 w-4" /> + </Link> + </div> + <div className="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-4 gap-6"> + {electronics.map((p: any) => <ProductCard key={p.id.asin || p.id} product={p} />)} + </div> + </div> + )} + </section> + </main> + <footer className="border-t border-border py-8 md:px-8"> + <div className="container flex flex-col items-center justify-between gap-4 md:h-16 md:flex-row"> + <p className="text-sm text-muted-foreground"> + Built by Antigravity. Source code available on GitHub. + </p> + </div> + </footer> + </div> + ); +} diff --git a/nextjs-frontend/src/app/products/[category]/page.tsx b/nextjs-frontend/src/app/products/[category]/page.tsx new file mode 100644 index 0000000..761b74f --- /dev/null +++ b/nextjs-frontend/src/app/products/[category]/page.tsx @@ -0,0 +1,38 @@ +import { Navbar } from "@/components/navbar"; +import { ProductCard } from "@/components/product-card"; +import { Button } from "@/components/ui/button"; // For pagination if needed + +async function getProducts(category: string) { + try { + const res = await fetch(`http://localhost:8081/products-microservice/products/category/${category}?page=0&size=20`, { cache: 'no-store' }); + if (!res.ok) return []; + const data = await res.json(); + return data.content || []; + } catch (e) { + console.error(e); + return []; + } +} + +export default async function CategoryPage({ params }: { params: { category: string } }) { + const products = await getProducts(params.category); + + return ( + <div className="flex min-h-screen flex-col"> + <Navbar /> + <main className="container py-8 flex-1"> + <h1 className="text-3xl font-bold tracking-tight mb-8 capitalize">{params.category}</h1> + + {products.length === 0 ? ( + <div className="text-center py-20 text-muted-foreground"> + No products found in this category. + </div> + ) : ( + <div className="grid grid-cols-1 sm:grid-cols-2 md:grid-cols-3 lg:grid-cols-4 gap-6"> + {products.map((p: any) => <ProductCard key={p.id.asin || p.id} product={p} />)} + </div> + )} + </main> + </div> + ); +} diff --git a/nextjs-frontend/src/app/providers.tsx b/nextjs-frontend/src/app/providers.tsx new file mode 100644 index 0000000..5a0fcbf --- /dev/null +++ b/nextjs-frontend/src/app/providers.tsx @@ -0,0 +1,7 @@ +"use client" + +import { AuthProvider } from "@/context/AuthContext" + +export function Providers({ children }: { children: React.ReactNode }) { + return <AuthProvider>{children}</AuthProvider> +} diff --git a/nextjs-frontend/src/components/navbar.tsx b/nextjs-frontend/src/components/navbar.tsx new file mode 100644 index 0000000..7e72dce --- /dev/null +++ b/nextjs-frontend/src/components/navbar.tsx @@ -0,0 +1,58 @@ +"use client" + +import Link from "next/link" +import { useAuth } from "@/context/AuthContext" +import { Button } from "@/components/ui/button" +import { ShoppingCart, LogOut, LogIn, User } from "lucide-react" + +export function Navbar() { + const { user, logout } = useAuth() + + return ( + <nav className="border-b bg-background/95 backdrop-blur supports-[backdrop-filter]:bg-background/60 sticky top-0 z-50"> + <div className="container flex h-14 items-center"> + <div className="mr-4 hidden md:flex"> + <Link href="/" className="mr-6 flex items-center space-x-2"> + <span className="hidden font-extrabold text-xl sm:inline-block tracking-tight">Bookstore R Us</span> + </Link> + <nav className="flex items-center space-x-6 text-sm font-medium"> + <Link href="/products/Books" className="transition-colors hover:text-primary text-muted-foreground">Books</Link> + <Link href="/products/Music" className="transition-colors hover:text-primary text-muted-foreground">Music</Link> + <Link href="/products/Beauty" className="transition-colors hover:text-primary text-muted-foreground">Beauty</Link> + <Link href="/products/Electronics" className="transition-colors hover:text-primary text-muted-foreground">Electronics</Link> + </nav> + </div> + <div className="flex flex-1 items-center justify-between space-x-2 md:justify-end"> + <div className="w-full flex-1 md:w-auto md:flex-none"> + {/* Search could go here */} + </div> + <nav className="flex items-center space-x-2"> + <Link href="/cart"> + <Button variant="ghost" size="icon" className="hover:bg-primary/10 hover:text-primary"> + <ShoppingCart className="h-5 w-5" /> + <span className="sr-only">Cart</span> + </Button> + </Link> + + {user ? ( + <> + <span className="text-sm text-muted-foreground hidden sm:inline-block">Hi, {user.username}</span> + <Button variant="ghost" size="icon" onClick={logout} className="hover:bg-destructive/10 hover:text-destructive"> + <LogOut className="h-5 w-5" /> + <span className="sr-only">Logout</span> + </Button> + </> + ) : ( + <Link href="/login"> + <Button variant="ghost" size="sm" className="hover:bg-primary/10 hover:text-primary"> + <LogIn className="mr-2 h-4 w-4" /> + Login + </Button> + </Link> + )} + </nav> + </div> + </div> + </nav> + ) +} diff --git a/nextjs-frontend/src/components/product-card.tsx b/nextjs-frontend/src/components/product-card.tsx new file mode 100644 index 0000000..69cdde0 --- /dev/null +++ b/nextjs-frontend/src/components/product-card.tsx @@ -0,0 +1,47 @@ +import Link from "next/link" +import { Card, CardContent, CardFooter } from "@/components/ui/card" +import { Button } from "@/components/ui/button" +import { Badge } from "@/components/ui/badge" +import { Star } from "lucide-react" + +export interface Product { + id: string | { asin: string } + title: string + price: number + imUrl: string + category: string +} + +export function ProductCard({ product }: { product: Product }) { + const asin = typeof product.id === 'string' ? product.id : product.id.asin + + return ( + <Card className="flex flex-col h-full overflow-hidden transition-all hover:border-primary/50 rounded-xl"> + <Link href={`/product/${asin}`} className="flex-1"> + <div className="aspect-[3/4] overflow-hidden relative group bg-secondary"> + <img + src={product.imUrl} + alt={product.title} + className="object-cover w-full h-full transition-transform group-hover:scale-105" + /> + </div> + </Link> + <CardContent className="p-4"> + <div className="flex justify-between items-start mb-2"> + <Badge variant="secondary" className="text-xs">{product.category}</Badge> + <div className="flex items-center text-primary"> + <Star className="w-3 h-3 fill-current" /> + <span className="text-xs ml-1 font-semibold">4.5</span> + </div> + </div> + <Link href={`/product/${asin}`}> + <h3 className="font-bold text-base leading-tight line-clamp-2 hover:text-primary transition-colors">{product.title}</h3> + </Link> + <div className="mt-2 font-extrabold text-xl text-primary">${product.price.toFixed(2)}</div> + </CardContent> + <CardFooter className="p-4 pt-0 mt-auto"> + <Button className="w-full font-bold">Add to Cart</Button> + </CardFooter> + </Card> + ) +} diff --git a/nextjs-frontend/src/components/ui/badge.tsx b/nextjs-frontend/src/components/ui/badge.tsx new file mode 100644 index 0000000..b6eccbc --- /dev/null +++ b/nextjs-frontend/src/components/ui/badge.tsx @@ -0,0 +1,36 @@ +import * as React from "react" +import { cva, type VariantProps } from "class-variance-authority" + +import { cn } from "@/lib/utils" + +const badgeVariants = cva( + "inline-flex items-center rounded-full border px-2.5 py-0.5 text-xs font-semibold transition-colors focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2", + { + variants: { + variant: { + default: + "border-transparent bg-primary text-primary-foreground", + secondary: + "border-transparent bg-secondary text-secondary-foreground", + destructive: + "border-transparent bg-destructive text-destructive-foreground", + outline: "text-foreground", + }, + }, + defaultVariants: { + variant: "default", + }, + } +) + +export interface BadgeProps + extends React.HTMLAttributes<HTMLDivElement>, + VariantProps<typeof badgeVariants> {} + +function Badge({ className, variant, ...props }: BadgeProps) { + return ( + <div className={cn(badgeVariants({ variant }), className)} {...props} /> + ) +} + +export { Badge, badgeVariants } diff --git a/nextjs-frontend/src/components/ui/button.tsx b/nextjs-frontend/src/components/ui/button.tsx new file mode 100644 index 0000000..28b2fa4 --- /dev/null +++ b/nextjs-frontend/src/components/ui/button.tsx @@ -0,0 +1,56 @@ +import * as React from "react" +import { Slot } from "@radix-ui/react-slot" +import { cva, type VariantProps } from "class-variance-authority" + +import { cn } from "@/lib/utils" + +const buttonVariants = cva( + "inline-flex items-center justify-center whitespace-nowrap rounded-md text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50", + { + variants: { + variant: { + default: "bg-primary text-primary-foreground hover:bg-primary/90", + destructive: + "bg-destructive text-destructive-foreground hover:bg-destructive/90", + outline: + "border border-input bg-background hover:bg-accent hover:text-accent-foreground", + secondary: + "bg-secondary text-secondary-foreground hover:bg-secondary/80", + ghost: "hover:bg-accent hover:text-accent-foreground", + link: "text-primary underline-offset-4 hover:underline", + }, + size: { + default: "h-10 px-4 py-2", + sm: "h-9 rounded-md px-3", + lg: "h-11 rounded-md px-8", + icon: "h-10 w-10", + }, + }, + defaultVariants: { + variant: "default", + size: "default", + }, + } +) + +export interface ButtonProps + extends React.ButtonHTMLAttributes<HTMLButtonElement>, + VariantProps<typeof buttonVariants> { + asChild?: boolean +} + +const Button = React.forwardRef<HTMLButtonElement, ButtonProps>( + ({ className, variant, size, asChild = false, ...props }, ref) => { + const Comp = asChild ? Slot : "button" + return ( + <Comp + className={cn(buttonVariants({ variant, size, className }))} + ref={ref} + {...props} + /> + ) + } +) +Button.displayName = "Button" + +export { Button, buttonVariants } diff --git a/nextjs-frontend/src/components/ui/card.tsx b/nextjs-frontend/src/components/ui/card.tsx new file mode 100644 index 0000000..5b8e64f --- /dev/null +++ b/nextjs-frontend/src/components/ui/card.tsx @@ -0,0 +1,79 @@ +import * as React from "react" + +import { cn } from "@/lib/utils" + +const Card = React.forwardRef< + HTMLDivElement, + React.HTMLAttributes<HTMLDivElement> +>(({ className, ...props }, ref) => ( + <div + ref={ref} + className={cn( + "rounded-lg border bg-card text-card-foreground shadow-sm", + className + )} + {...props} + /> +)) +Card.displayName = "Card" + +const CardHeader = React.forwardRef< + HTMLDivElement, + React.HTMLAttributes<HTMLDivElement> +>(({ className, ...props }, ref) => ( + <div + ref={ref} + className={cn("flex flex-col space-y-1.5 p-6", className)} + {...props} + /> +)) +CardHeader.displayName = "CardHeader" + +const CardTitle = React.forwardRef< + HTMLParagraphElement, + React.HTMLAttributes<HTMLHeadingElement> +>(({ className, ...props }, ref) => ( + <h3 + ref={ref} + className={cn( + "text-2xl font-semibold leading-none tracking-tight", + className + )} + {...props} + /> +)) +CardTitle.displayName = "CardTitle" + +const CardDescription = React.forwardRef< + HTMLParagraphElement, + React.HTMLAttributes<HTMLParagraphElement> +>(({ className, ...props }, ref) => ( + <p + ref={ref} + className={cn("text-sm text-muted-foreground", className)} + {...props} + /> +)) +CardDescription.displayName = "CardDescription" + +const CardContent = React.forwardRef< + HTMLDivElement, + React.HTMLAttributes<HTMLDivElement> +>(({ className, ...props }, ref) => ( + <div ref={ref} className={cn("p-6 pt-0", className)} {...props} /> +)) +CardContent.displayName = "CardContent" + +const CardFooter = React.forwardRef< + HTMLDivElement, + React.HTMLAttributes<HTMLDivElement> +>(({ className, ...props }, ref) => ( + <div + ref={ref} + className={cn("flex items-center p-6 pt-0", className)} + {...props} + /> +)) +CardFooter.displayName = "CardFooter" + +export { Card, CardHeader, CardFooter, CardTitle, CardDescription, CardContent } diff --git a/nextjs-frontend/src/components/ui/input.tsx b/nextjs-frontend/src/components/ui/input.tsx new file mode 100644 index 0000000..d191cb8 --- /dev/null +++ b/nextjs-frontend/src/components/ui/input.tsx @@ -0,0 +1,25 @@ +import * as React from "react" + +import { cn } from "@/lib/utils" + +export interface InputProps + extends React.InputHTMLAttributes<HTMLInputElement> { } + +const Input = React.forwardRef<HTMLInputElement, InputProps>( + ({ className, type, ...props }, ref) => { + return ( + <input + type={type} + className={cn( + "flex h-10 w-full rounded-md border border-input bg-background px-3 py-2 text-sm ring-offset-background file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50", + className + )} + ref={ref} + {...props} + /> + ) + } +) +Input.displayName = "Input" + +export { Input } diff --git a/nextjs-frontend/src/components/ui/label.tsx b/nextjs-frontend/src/components/ui/label.tsx new file mode 100644 index 0000000..ef090dc --- /dev/null +++ b/nextjs-frontend/src/components/ui/label.tsx @@ -0,0 +1,24 @@ +import * as React from "react" +import * as LabelPrimitive from "@radix-ui/react-label" +import { cva, type VariantProps } from "class-variance-authority" + +import { cn } from "@/lib/utils" + +const labelVariants = cva( + "text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70" +) + +const Label = React.forwardRef< + React.ElementRef<typeof LabelPrimitive.Root>, + React.ComponentPropsWithoutRef<typeof LabelPrimitive.Root> & + VariantProps<typeof labelVariants> +>(({ className, ...props }, ref) => ( + <LabelPrimitive.Root + ref={ref} + className={cn(labelVariants(), className)} + {...props} + /> +)) +Label.displayName = LabelPrimitive.Root.displayName + +export { Label } diff --git a/nextjs-frontend/src/context/AuthContext.tsx b/nextjs-frontend/src/context/AuthContext.tsx new file mode 100644 index 0000000..11e1d18 --- /dev/null +++ b/nextjs-frontend/src/context/AuthContext.tsx @@ -0,0 +1,72 @@ +"use client" + +import React, { createContext, useContext, useState, useEffect } from "react" +import axios from "axios" +import { useRouter } from "next/navigation" + +interface User { + username: string +} + +interface AuthContextType { + user: User | null + token: string | null + login: (token: string, username: string) => void + logout: () => void + isLoading: boolean +} + +const AuthContext = createContext<AuthContextType | undefined>(undefined) + +export function AuthProvider({ children }: { children: React.ReactNode }) { + const [user, setUser] = useState<User | null>(null) + const [token, setToken] = useState<string | null>(null) + const [isLoading, setIsLoading] = useState(true) + const router = useRouter() + + useEffect(() => { + // Check for token in localStorage on mount + const storedToken = localStorage.getItem("token") + const storedUser = localStorage.getItem("username") + + if (storedToken && storedUser) { + setToken(storedToken) + setUser({ username: storedUser }) + // Unsafe: setting global axios header here + axios.defaults.headers.common["Authorization"] = `Bearer ${storedToken}` + } + setIsLoading(false) + }, []) + + const login = (newToken: string, newUsername: string) => { + setToken(newToken) + setUser({ username: newUsername }) + localStorage.setItem("token", newToken) + localStorage.setItem("username", newUsername) + axios.defaults.headers.common["Authorization"] = `Bearer ${newToken}` + router.push("/") + } + + const logout = () => { + setToken(null) + setUser(null) + localStorage.removeItem("token") + localStorage.removeItem("username") + delete axios.defaults.headers.common["Authorization"] + router.push("/login") + } + + return ( + <AuthContext.Provider value={{ user, token, login, logout, isLoading }}> + {children} + </AuthContext.Provider> + ) +} + +export function useAuth() { + const context = useContext(AuthContext) + if (context === undefined) { + throw new Error("useAuth must be used within an AuthProvider") + } + return context +} diff --git a/nextjs-frontend/src/lib/utils.ts b/nextjs-frontend/src/lib/utils.ts new file mode 100644 index 0000000..03aaa4b --- /dev/null +++ b/nextjs-frontend/src/lib/utils.ts @@ -0,0 +1,6 @@ +import { type ClassValue, clsx } from "clsx" +import { twMerge } from "tailwind-merge" + +export function cn(...inputs: ClassValue[]) { + return twMerge(clsx(inputs)) +} diff --git a/nextjs-frontend/tailwind.config.ts b/nextjs-frontend/tailwind.config.ts new file mode 100644 index 0000000..ae97845 --- /dev/null +++ b/nextjs-frontend/tailwind.config.ts @@ -0,0 +1,77 @@ +import type { Config } from "tailwindcss"; + +const config: Config = { + darkMode: ["class"], + content: [ + "./src/pages/**/*.{js,ts,jsx,tsx,mdx}", + "./src/components/**/*.{js,ts,jsx,tsx,mdx}", + "./src/app/**/*.{js,ts,jsx,tsx,mdx}", + ], + theme: { + container: { + center: true, + padding: "2rem", + screens: { + "2xl": "1400px", + }, + }, + extend: { + colors: { + border: "hsl(var(--border))", + input: "hsl(var(--input))", + ring: "hsl(var(--ring))", + background: "hsl(var(--background))", + foreground: "hsl(var(--foreground))", + primary: { + DEFAULT: "hsl(var(--primary))", + foreground: "hsl(var(--primary-foreground))", + }, + secondary: { + DEFAULT: "hsl(var(--secondary))", + foreground: "hsl(var(--secondary-foreground))", + }, + destructive: { + DEFAULT: "hsl(var(--destructive))", + foreground: "hsl(var(--destructive-foreground))", + }, + muted: { + DEFAULT: "hsl(var(--muted))", + foreground: "hsl(var(--muted-foreground))", + }, + accent: { + DEFAULT: "hsl(var(--accent))", + foreground: "hsl(var(--accent-foreground))", + }, + popover: { + DEFAULT: "hsl(var(--popover))", + foreground: "hsl(var(--popover-foreground))", + }, + card: { + DEFAULT: "hsl(var(--card))", + foreground: "hsl(var(--card-foreground))", + }, + }, + borderRadius: { + lg: "var(--radius)", + md: "calc(var(--radius) - 2px)", + sm: "calc(var(--radius) - 4px)", + }, + keyframes: { + "accordion-down": { + from: { height: "0" }, + to: { height: "var(--radix-accordion-content-height)" }, + }, + "accordion-up": { + from: { height: "var(--radix-accordion-content-height)" }, + to: { height: "0" }, + }, + }, + animation: { + "accordion-down": "accordion-down 0.2s ease-out", + "accordion-up": "accordion-up 0.2s ease-out", + }, + }, + }, + plugins: [require("tailwindcss-animate")], +}; +export default config; diff --git a/nextjs-frontend/tsconfig.json b/nextjs-frontend/tsconfig.json new file mode 100644 index 0000000..cf9c65d --- /dev/null +++ b/nextjs-frontend/tsconfig.json @@ -0,0 +1,34 @@ +{ + "compilerOptions": { + "target": "ES2017", + "lib": ["dom", "dom.iterable", "esnext"], + "allowJs": true, + "skipLibCheck": true, + "strict": true, + "noEmit": true, + "esModuleInterop": true, + "module": "esnext", + "moduleResolution": "bundler", + "resolveJsonModule": true, + "isolatedModules": true, + "jsx": "react-jsx", + "incremental": true, + "plugins": [ + { + "name": "next" + } + ], + "paths": { + "@/*": ["./src/*"] + } + }, + "include": [ + "next-env.d.ts", + "**/*.ts", + "**/*.tsx", + ".next/types/**/*.ts", + ".next/dev/types/**/*.ts", + "**/*.mts" + ], + "exclude": ["node_modules"] +} diff --git a/openapi/README.md b/openapi/README.md new file mode 100644 index 0000000..d5caba9 --- /dev/null +++ b/openapi/README.md @@ -0,0 +1,128 @@ +# OpenAPI Specifications + +This directory contains OpenAPI 3.0 specifications for all microservices in the Yugastore e-commerce platform. + +## Service Overview + +| Service | Port | Specification | Description | +|---------|------|---------------|-------------| +| API Gateway | 8081 | [api-gateway.yaml](./api-gateway.yaml) | Central entry point, routes to microservices | +| Products | 8082 | [products-microservice.yaml](./products-microservice.yaml) | Product catalog and metadata | +| Cart | 8083 | [cart-microservice.yaml](./cart-microservice.yaml) | Shopping cart operations | +| Login | 8085 | [login-microservice.yaml](./login-microservice.yaml) | User authentication | +| Checkout | 8086 | [checkout-microservice.yaml](./checkout-microservice.yaml) | Order processing | +| React UI (BFF) | 8080 | [react-ui-bff.yaml](./react-ui-bff.yaml) | Backend-for-Frontend API | + +## Architecture + +``` +┌─────────────────┐ +│ React UI │ :8080 +│ (Frontend) │ +└────────┬────────┘ + │ + ▼ +┌─────────────────┐ +│ React UI BFF │ :8080 (same service) +│ (Backend API) │ +└────────┬────────┘ + │ + ▼ +┌─────────────────┐ +│ API Gateway │ :8081 +└────────┬────────┘ + │ + ┌────┴────┬──────────┐ + ▼ ▼ ▼ +┌───────┐ ┌───────┐ ┌──────────┐ +│Products│ │ Cart │ │ Checkout │ +│ :8082 │ │ :8083 │ │ :8086 │ +└───────┘ └───────┘ └──────────┘ + │ │ │ + └────┬────┴──────────┘ + ▼ +┌─────────────────┐ +│ YugabyteDB │ +│ YCQL:9042 │ +│ YSQL:5433 │ +└─────────────────┘ + +┌─────────────────┐ +│ Login Service │ :8085 (standalone) +└─────────────────┘ + +┌─────────────────┐ +│ Eureka Server │ :8761 (service discovery) +└─────────────────┘ +``` + +## Viewing the Specifications + +### Swagger UI +You can use Swagger UI to view and test these specifications: + +```bash +# Using Docker +docker run -p 8090:8080 -e SWAGGER_JSON=/api/api-gateway.yaml -v $(pwd):/api swaggerapi/swagger-ui + +# Or visit https://editor.swagger.io and paste the YAML content +``` + +### Redoc +For documentation-focused viewing: + +```bash +docker run -p 8090:80 -e SPEC_URL=/api/api-gateway.yaml -v $(pwd):/usr/share/nginx/html/api redocly/redoc +``` + +## API Endpoints Summary + +### Products Microservice (`/products-microservice`) +- `GET /product/{asin}` - Get product details +- `GET /products` - List all products (paginated) +- `GET /products/category/{category}` - List products by category + +### Cart Microservice (`/cart-microservice`) +- `GET /shoppingCart/addProduct` - Add product to cart +- `GET /shoppingCart/productsInCart` - Get cart contents +- `GET /shoppingCart/removeProduct` - Remove from cart +- `GET /shoppingCart/clearCart` - Clear entire cart + +### Checkout Microservice (`/checkout-microservice`) +- `POST /shoppingCart/checkout` - Process checkout + +### Login Microservice +- `GET /registration` - Show registration form +- `POST /registration` - Process registration +- `GET /login` - Show login form + +### API Gateway (`/api/v1`) +- `GET /product/{asin}` - Get product details +- `GET /products` - List all products +- `GET /products/category/{category}` - List by category +- `POST /shoppingCart` - Get cart contents +- `POST /shoppingCart/addProduct` - Add to cart +- `POST /shoppingCart/removeProduct` - Remove from cart +- `POST /shoppingCart/checkout` - Process checkout + +### React UI BFF +- `GET /api/hello` - Health check +- `GET /products` - Homepage products +- `GET /products/category/{category}` - Category products +- `GET /products/details` - Product details +- `POST /cart/add` - Add to cart +- `POST /cart/get` - Get cart +- `POST /cart/remove` - Remove from cart +- `POST /cart/checkout` - Checkout + +## Validation + +Validate the OpenAPI specifications using: + +```bash +# Using npm +npx @apidevtools/swagger-cli validate api-gateway.yaml + +# Using Docker +docker run --rm -v $(pwd):/spec openapitools/openapi-generator-cli validate -i /spec/api-gateway.yaml +``` diff --git a/openapi/api-gateway.yaml b/openapi/api-gateway.yaml new file mode 100644 index 0000000..6b86c76 --- /dev/null +++ b/openapi/api-gateway.yaml @@ -0,0 +1,369 @@ +openapi: 3.0.3 +info: + title: API Gateway + description: | + API Gateway for the Yugastore e-commerce platform. + This service acts as the central entry point for all API requests, routing them to the appropriate microservices. + + The API Gateway aggregates functionality from: + - Products Microservice (product catalog) + - Cart Microservice (shopping cart) + - Checkout Microservice (order processing) + + It uses Netflix Eureka for service discovery and Feign clients for inter-service communication. + version: 1.0.0 + contact: + name: Yugastore Team +servers: + - url: http://localhost:8081 + description: Local development server + +paths: + /api/v1/product/{asin}: + get: + summary: Get product details + description: Retrieves detailed metadata for a specific product. Proxies to Products Microservice. + operationId: getProductDetails + tags: + - Product Catalog + parameters: + - name: asin + in: path + required: true + description: The Amazon Standard Identification Number (product ID) + schema: + type: string + example: "B00BKQT2OI" + responses: + '200': + description: Successfully retrieved product details + content: + application/json: + schema: + $ref: '#/components/schemas/ProductMetadata' + '404': + description: Product not found + '500': + description: Internal server error or downstream service unavailable + + /api/v1/products: + get: + summary: Get all products + description: Retrieves a paginated list of all products. Proxies to Products Microservice. + operationId: getProducts + tags: + - Product Catalog + parameters: + - name: limit + in: query + required: true + description: Maximum number of products to return + schema: + type: integer + minimum: 1 + maximum: 100 + example: 12 + - name: offset + in: query + required: true + description: Number of products to skip for pagination + schema: + type: integer + minimum: 0 + example: 0 + responses: + '200': + description: Successfully retrieved product list + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/ProductMetadata' + '500': + description: Internal server error + + /api/v1/products/category/{category}: + get: + summary: Get products by category + description: Retrieves products within a specific category. Proxies to Products Microservice. + operationId: getProductsByCategory + tags: + - Product Catalog + parameters: + - name: category + in: path + required: true + description: Product category name + schema: + type: string + example: "Books" + - name: limit + in: query + required: true + description: Maximum number of products to return + schema: + type: integer + example: 12 + - name: offset + in: query + required: true + description: Number of products to skip for pagination + schema: + type: integer + example: 0 + responses: + '200': + description: Successfully retrieved category products + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/ProductRanking' + '500': + description: Internal server error + + /api/v1/shoppingCart: + post: + summary: Get shopping cart contents + description: Retrieves all products in the current user's shopping cart. Proxies to Cart Microservice. + operationId: getShoppingCart + tags: + - Shopping Cart + responses: + '200': + description: Successfully retrieved cart contents + content: + application/json: + schema: + $ref: '#/components/schemas/CartContents' + '500': + description: Internal server error + + /api/v1/shoppingCart/addProduct: + post: + summary: Add product to cart + description: Adds a product to the current user's shopping cart. Proxies to Cart Microservice. + operationId: addProductToCart + tags: + - Shopping Cart + parameters: + - name: asin + in: query + required: true + description: The Amazon Standard Identification Number (product ID) + schema: + type: string + example: "B00BKQT2OI" + responses: + '200': + description: Product added, returns updated cart contents + content: + application/json: + schema: + $ref: '#/components/schemas/CartContents' + '500': + description: Internal server error + + /api/v1/shoppingCart/removeProduct: + post: + summary: Remove product from cart + description: Removes a product from the current user's shopping cart. Proxies to Cart Microservice. + operationId: removeProductFromCart + tags: + - Shopping Cart + parameters: + - name: asin + in: query + required: true + description: The Amazon Standard Identification Number (product ID) + schema: + type: string + example: "B00BKQT2OI" + responses: + '200': + description: Product removed, returns updated cart contents + content: + application/json: + schema: + $ref: '#/components/schemas/CartContents' + '500': + description: Internal server error + + /api/v1/shoppingCart/checkout: + post: + summary: Process checkout + description: | + Processes checkout for the current user's shopping cart. + Validates inventory, creates order, and clears cart. + Proxies to Checkout Microservice. + operationId: checkout + tags: + - Checkout + responses: + '200': + description: Checkout processed (check status for success/failure) + content: + application/json: + schema: + $ref: '#/components/schemas/CheckoutStatus' + '500': + description: Internal server error + +components: + schemas: + ProductMetadata: + type: object + description: Complete product metadata + properties: + id: + type: string + description: Product ASIN + example: "B00BKQT2OI" + brand: + type: string + description: Product brand name + categories: + type: array + items: + type: string + description: Product categories + imUrl: + type: string + description: Product image URL + price: + type: number + format: double + description: Product price in USD + title: + type: string + description: Product title + description: + type: string + description: Product description + also_bought: + type: array + items: + type: string + description: Related product ASINs + also_viewed: + type: array + items: + type: string + bought_together: + type: array + items: + type: string + buy_after_viewing: + type: array + items: + type: string + num_reviews: + type: integer + description: Number of reviews + num_stars: + type: number + format: double + description: Total stars + avg_stars: + type: number + format: double + description: Average rating (0-5) + + ProductRanking: + type: object + description: Product with category ranking + properties: + id: + type: object + properties: + asin: + type: string + category: + type: string + salesRank: + type: integer + title: + type: string + price: + type: number + format: double + imUrl: + type: string + num_reviews: + type: integer + num_stars: + type: number + format: double + avg_stars: + type: number + format: double + + CartContents: + type: object + description: Map of product ASINs to quantities + additionalProperties: + type: integer + example: + "B00BKQT2OI": 2 + "B00BKQT3XT": 1 + + CheckoutStatus: + type: object + description: Checkout operation result + properties: + status: + type: string + enum: [SUCCESS, FAILURE] + description: Checkout status + orderNumber: + type: string + description: Order UUID (empty on failure) + orderDetails: + type: string + description: Order summary or error message + + Order: + type: object + description: Order record + properties: + id: + type: string + description: Order UUID + user_id: + type: integer + order_details: + type: string + order_time: + type: string + order_total: + type: number + format: double + + ProductInventory: + type: object + description: Product inventory + properties: + id: + type: string + description: Product ASIN + quantity: + type: integer + description: Available stock + + ImageInfo: + type: object + description: Product image metadata + properties: + url: + type: string + description: Image URL + +tags: + - name: Product Catalog + description: Product browsing and search operations + - name: Shopping Cart + description: Shopping cart management + - name: Checkout + description: Order processing diff --git a/openapi/cart-microservice.yaml b/openapi/cart-microservice.yaml new file mode 100644 index 0000000..6cfa1a0 --- /dev/null +++ b/openapi/cart-microservice.yaml @@ -0,0 +1,174 @@ +openapi: 3.0.3 +info: + title: Cart Microservice API + description: | + Shopping cart management microservice for the Yugastore e-commerce platform. + Handles adding, removing, and retrieving products in a user's shopping cart. + version: 1.0.0 + contact: + name: Yugastore Team +servers: + - url: http://localhost:8083 + description: Local development server + +paths: + /cart-microservice/shoppingCart/addProduct: + get: + summary: Add product to cart + description: Adds a product to the user's shopping cart. If the product already exists, increments the quantity. + operationId: addProductToCart + tags: + - Shopping Cart + parameters: + - name: userid + in: query + required: true + description: The unique identifier of the user + schema: + type: string + example: "u1001" + - name: asin + in: query + required: true + description: The Amazon Standard Identification Number (product ID) + schema: + type: string + example: "B00BKQT2OI" + responses: + '200': + description: Product successfully added to cart + content: + application/json: + schema: + type: string + example: "Added to Cart" + '500': + description: Internal server error + + /cart-microservice/shoppingCart/productsInCart: + get: + summary: Get products in cart + description: Retrieves all products currently in the user's shopping cart with their quantities. + operationId: getProductsInCart + tags: + - Shopping Cart + parameters: + - name: userid + in: query + required: true + description: The unique identifier of the user + schema: + type: string + example: "u1001" + responses: + '200': + description: Successfully retrieved cart contents + content: + application/json: + schema: + $ref: '#/components/schemas/CartContents' + example: + "B00BKQT2OI": 2 + "B00BKQT3XT": 1 + '500': + description: Internal server error + + /cart-microservice/shoppingCart/removeProduct: + get: + summary: Remove product from cart + description: Removes a product from the user's shopping cart. Decrements quantity or removes entirely if quantity reaches zero. + operationId: removeProductFromCart + tags: + - Shopping Cart + parameters: + - name: userid + in: query + required: true + description: The unique identifier of the user + schema: + type: string + example: "u1001" + - name: asin + in: query + required: true + description: The Amazon Standard Identification Number (product ID) + schema: + type: string + example: "B00BKQT2OI" + responses: + '200': + description: Product successfully removed from cart + content: + application/json: + schema: + type: string + example: "Removing from Cart" + '500': + description: Internal server error + + /cart-microservice/shoppingCart/clearCart: + get: + summary: Clear cart + description: Removes all products from the user's shopping cart. Typically called after successful checkout. + operationId: clearCart + tags: + - Shopping Cart + parameters: + - name: userid + in: query + required: true + description: The unique identifier of the user + schema: + type: string + example: "u1001" + responses: + '200': + description: Cart successfully cleared + content: + application/json: + schema: + type: string + example: "Clearing Cart, Checkout successful" + '500': + description: Internal server error + +components: + schemas: + CartContents: + type: object + description: Map of product ASINs to quantities + additionalProperties: + type: integer + description: Quantity of the product in cart + example: + "B00BKQT2OI": 2 + "B00BKQT3XT": 1 + + ShoppingCart: + type: object + description: Shopping cart entity + properties: + cartKey: + type: string + description: Unique cart entry key + userId: + type: string + description: User identifier + asin: + type: string + description: Product ASIN + time_added: + type: string + description: Timestamp when product was added + quantity: + type: integer + description: Quantity of product in cart + required: + - cartKey + - userId + - asin + - quantity + +tags: + - name: Shopping Cart + description: Operations for managing the shopping cart diff --git a/openapi/checkout-microservice.yaml b/openapi/checkout-microservice.yaml new file mode 100644 index 0000000..753f7f4 --- /dev/null +++ b/openapi/checkout-microservice.yaml @@ -0,0 +1,129 @@ +openapi: 3.0.3 +info: + title: Checkout Microservice API + description: | + Order processing and checkout microservice for the Yugastore e-commerce platform. + Handles order creation, inventory validation, and transactional checkout processing. + version: 1.0.0 + contact: + name: Yugastore Team +servers: + - url: http://localhost:8086 + description: Local development server + +paths: + /checkout-microservice/shoppingCart/checkout: + post: + summary: Process checkout + description: | + Processes the checkout for the current user's shopping cart. + + This operation: + 1. Retrieves all products in the user's cart + 2. Validates inventory availability for each product + 3. Decrements inventory quantities using a Cassandra transaction + 4. Creates an order record with order details + 5. Clears the shopping cart + + If any product is out of stock, the checkout fails and no changes are made. + operationId: checkout + tags: + - Checkout + responses: + '200': + description: Checkout processed (check status field for success/failure) + content: + application/json: + schema: + $ref: '#/components/schemas/CheckoutStatus' + examples: + success: + summary: Successful checkout + value: + status: "SUCCESS" + orderNumber: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + orderDetails: "Customer bought these Items: Product: The Great Gatsby, Quantity: 2; Order Total is : 29.98" + failure: + summary: Failed checkout (out of stock) + value: + status: "FAILURE" + orderNumber: "" + orderDetails: "Product is Out of Stock!" + '500': + description: Internal server error + +components: + schemas: + CheckoutStatus: + type: object + description: Result of checkout operation + properties: + status: + type: string + enum: + - SUCCESS + - FAILURE + description: Status of the checkout operation + example: "SUCCESS" + orderNumber: + type: string + description: UUID of the created order (empty on failure) + example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + orderDetails: + type: string + description: Human-readable order details or error message + example: "Customer bought these Items: Product: The Great Gatsby, Quantity: 2; Order Total is : 29.98" + required: + - status + + Order: + type: object + description: Order record stored in the database + properties: + id: + type: string + description: Unique order identifier (UUID) + example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890" + user_id: + type: integer + description: User identifier who placed the order + example: 1 + order_details: + type: string + description: Human-readable summary of ordered items + example: "Customer bought these Items: Product: The Great Gatsby, Quantity: 2; Order Total is : 29.98" + order_time: + type: string + description: Timestamp when the order was placed + example: "2024-01-15T10:30:00" + order_total: + type: number + format: double + description: Total order amount in USD + example: 29.98 + required: + - id + - user_id + - order_details + - order_time + - order_total + + ProductInventory: + type: object + description: Product inventory record + properties: + id: + type: string + description: Product ASIN + example: "B00BKQT2OI" + quantity: + type: integer + description: Available quantity in stock + example: 150 + required: + - id + - quantity + +tags: + - name: Checkout + description: Order processing and checkout operations diff --git a/openapi/login-microservice.yaml b/openapi/login-microservice.yaml new file mode 100644 index 0000000..7e1dcab --- /dev/null +++ b/openapi/login-microservice.yaml @@ -0,0 +1,201 @@ +openapi: 3.0.3 +info: + title: Login Microservice API + description: | + User authentication and registration microservice for the Yugastore e-commerce platform. + Provides user registration, login, and session management functionality. + + Note: This service uses server-side rendering with Thymeleaf templates for the UI. + The endpoints below return HTML pages, not JSON responses. + version: 1.0.0 + contact: + name: Yugastore Team +servers: + - url: http://localhost:8085 + description: Local development server + +paths: + /registration: + get: + summary: Display registration page + description: Returns the user registration form page. + operationId: showRegistrationForm + tags: + - Authentication + responses: + '200': + description: Registration page HTML + content: + text/html: + schema: + type: string + description: HTML page with registration form + + post: + summary: Process registration + description: | + Processes user registration form submission. + Validates the user input and creates a new user account if valid. + Redirects to login page on success, or back to registration form with errors. + operationId: processRegistration + tags: + - Authentication + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/UserRegistrationForm' + responses: + '302': + description: Redirect to login page on success + headers: + Location: + schema: + type: string + description: Redirect URL (/login) + '200': + description: Registration form with validation errors + content: + text/html: + schema: + type: string + description: HTML page with error messages + + /login: + get: + summary: Display login page + description: Returns the user login form page. + operationId: showLoginForm + tags: + - Authentication + parameters: + - name: error + in: query + required: false + description: Present if login failed + schema: + type: string + - name: logout + in: query + required: false + description: Present if user just logged out + schema: + type: string + responses: + '200': + description: Login page HTML + content: + text/html: + schema: + type: string + description: HTML page with login form + + /: + get: + summary: Welcome/home redirect + description: Redirects to the main application (React UI). + operationId: welcome + tags: + - Navigation + responses: + '302': + description: Redirect to main application + headers: + Location: + schema: + type: string + description: Redirect URL (configured in application properties) + + /welcome: + get: + summary: Welcome page redirect + description: Redirects to the main application (React UI). + operationId: welcomePage + tags: + - Navigation + responses: + '302': + description: Redirect to main application + headers: + Location: + schema: + type: string + description: Redirect URL (configured in application properties) + +components: + schemas: + UserRegistrationForm: + type: object + description: User registration form data + properties: + username: + type: string + description: Desired username + minLength: 3 + maxLength: 32 + example: "johndoe" + password: + type: string + format: password + description: Password + minLength: 8 + example: "securePassword123" + passwordConfirm: + type: string + format: password + description: Password confirmation (must match password) + example: "securePassword123" + required: + - username + - password + - passwordConfirm + + User: + type: object + description: User entity stored in the database + properties: + id: + type: integer + format: int64 + description: Unique user identifier + example: 1 + username: + type: string + description: Username + example: "johndoe" + password: + type: string + format: password + description: Hashed password (never returned in responses) + roles: + type: array + items: + $ref: '#/components/schemas/Role' + description: User roles for authorization + required: + - id + - username + + Role: + type: object + description: User role for authorization + properties: + id: + type: integer + format: int64 + description: Role identifier + example: 1 + name: + type: string + description: Role name + example: "ROLE_USER" + required: + - id + - name + +tags: + - name: Authentication + description: User registration and login operations + - name: Navigation + description: Navigation and redirect endpoints diff --git a/openapi/products-microservice.yaml b/openapi/products-microservice.yaml new file mode 100644 index 0000000..fa16fa2 --- /dev/null +++ b/openapi/products-microservice.yaml @@ -0,0 +1,259 @@ +openapi: 3.0.3 +info: + title: Products Microservice API + description: | + Product catalog microservice for the Yugastore e-commerce platform. + Provides product metadata, catalog browsing, and category-based product rankings. + version: 1.0.0 + contact: + name: Yugastore Team +servers: + - url: http://localhost:8082 + description: Local development server + +paths: + /products-microservice/product/{asin}: + get: + summary: Get product details + description: Retrieves detailed metadata for a specific product by its ASIN (Amazon Standard Identification Number). + operationId: getProductDetails + tags: + - Products + parameters: + - name: asin + in: path + required: true + description: The Amazon Standard Identification Number (product ID) + schema: + type: string + example: "B00BKQT2OI" + responses: + '200': + description: Successfully retrieved product details + content: + application/json: + schema: + $ref: '#/components/schemas/ProductMetadata' + '404': + description: Product not found + '500': + description: Internal server error + + /products-microservice/products: + get: + summary: Get all products + description: Retrieves a paginated list of all products in the catalog. + operationId: getProducts + tags: + - Products + parameters: + - name: limit + in: query + required: true + description: Maximum number of products to return + schema: + type: integer + minimum: 1 + maximum: 100 + example: 12 + - name: offset + in: query + required: true + description: Number of products to skip for pagination + schema: + type: integer + minimum: 0 + example: 0 + responses: + '200': + description: Successfully retrieved product list + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/ProductMetadata' + '500': + description: Internal server error + + /products-microservice/products/category/{category}: + get: + summary: Get products by category + description: Retrieves products within a specific category, sorted by sales rank. + operationId: getProductsByCategory + tags: + - Products + parameters: + - name: category + in: path + required: true + description: Product category name + schema: + type: string + example: "Books" + - name: limit + in: query + required: true + description: Maximum number of products to return + schema: + type: integer + minimum: 1 + maximum: 100 + example: 12 + - name: offset + in: query + required: true + description: Number of products to skip for pagination + schema: + type: integer + minimum: 0 + example: 0 + responses: + '200': + description: Successfully retrieved category products + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/ProductRanking' + '500': + description: Internal server error + +components: + schemas: + ProductMetadata: + type: object + description: Complete product metadata + properties: + id: + type: string + description: Product ASIN (Amazon Standard Identification Number) + example: "B00BKQT2OI" + brand: + type: string + description: Product brand name + example: "Penguin Books" + categories: + type: array + items: + type: string + description: List of categories the product belongs to + example: ["Books", "Fiction", "Literature"] + imUrl: + type: string + description: URL to the product image + example: "https://images-na.ssl-images-amazon.com/images/I/51example.jpg" + price: + type: number + format: double + description: Product price in USD + example: 14.99 + title: + type: string + description: Product title + example: "The Great Gatsby" + description: + type: string + description: Product description + example: "A novel written by American author F. Scott Fitzgerald..." + also_bought: + type: array + items: + type: string + description: ASINs of products frequently bought together + example: ["B00BKQT3XT", "B00BKQT4YU"] + also_viewed: + type: array + items: + type: string + description: ASINs of products frequently viewed together + example: ["B00BKQT5ZV"] + bought_together: + type: array + items: + type: string + description: ASINs of products bought in the same order + example: ["B00BKQT6AW"] + buy_after_viewing: + type: array + items: + type: string + description: ASINs of products bought after viewing this one + example: ["B00BKQT7BX"] + num_reviews: + type: integer + description: Total number of reviews + example: 1250 + num_stars: + type: number + format: double + description: Total number of stars from all reviews + example: 4875.5 + avg_stars: + type: number + format: double + description: Average star rating (0-5) + example: 3.9 + required: + - id + - title + - price + + ProductRanking: + type: object + description: Product with ranking information for category browsing + properties: + id: + $ref: '#/components/schemas/ProductRankingKey' + salesRank: + type: integer + description: Sales rank within the category + example: 1 + title: + type: string + description: Product title + example: "The Great Gatsby" + price: + type: number + format: double + description: Product price in USD + example: 14.99 + imUrl: + type: string + description: URL to the product image + example: "https://images-na.ssl-images-amazon.com/images/I/51example.jpg" + num_reviews: + type: integer + description: Total number of reviews + example: 1250 + num_stars: + type: number + format: double + description: Total number of stars from all reviews + example: 4875.5 + avg_stars: + type: number + format: double + description: Average star rating (0-5) + example: 3.9 + + ProductRankingKey: + type: object + description: Composite key for product ranking + properties: + asin: + type: string + description: Product ASIN + example: "B00BKQT2OI" + category: + type: string + description: Product category + example: "Books" + required: + - asin + - category + +tags: + - name: Products + description: Product catalog operations diff --git a/openapi/react-ui-bff.yaml b/openapi/react-ui-bff.yaml new file mode 100644 index 0000000..dacb0f4 --- /dev/null +++ b/openapi/react-ui-bff.yaml @@ -0,0 +1,221 @@ +openapi: 3.0.3 +info: + title: React UI Backend-for-Frontend (BFF) API + description: | + Backend-for-Frontend API layer for the Yugastore React UI. + This service provides endpoints specifically designed for the React frontend, + proxying requests to the API Gateway and formatting responses for the UI. + + The BFF pattern allows the frontend to make simpler calls while the backend + handles the complexity of coordinating with multiple microservices. + version: 1.0.0 + contact: + name: Yugastore Team +servers: + - url: http://localhost:8080 + description: Local development server (React UI) + +paths: + /api/hello: + get: + summary: Health check endpoint + description: Simple health check that returns the current server time. + operationId: hello + tags: + - Health + responses: + '200': + description: Server is healthy + content: + text/plain: + schema: + type: string + example: "Hello, the time at the server is now Mon Jan 15 10:30:00 EST 2024" + + /products: + get: + summary: Get homepage products + description: Retrieves products for the homepage display (default 10 products). + operationId: getHomePageProducts + tags: + - Products + responses: + '200': + description: Successfully retrieved products + content: + application/json: + schema: + type: string + description: JSON string of product array (parsed by frontend) + + /products/category/{category}: + get: + summary: Get products by category + description: Retrieves products within a specific category with pagination. + operationId: getProductsByCategory + tags: + - Products + parameters: + - name: category + in: path + required: true + description: Product category name + schema: + type: string + example: "Books" + - name: limit + in: query + required: true + description: Maximum number of products to return + schema: + type: integer + example: 12 + - name: offset + in: query + required: true + description: Number of products to skip for pagination + schema: + type: integer + example: 0 + responses: + '200': + description: Successfully retrieved category products + content: + application/json: + schema: + type: string + description: JSON string of product ranking array + + /products/details: + get: + summary: Get product details + description: Retrieves detailed metadata for a specific product. + operationId: getProductDetails + tags: + - Products + parameters: + - name: asin + in: query + required: true + description: The Amazon Standard Identification Number (product ID) + schema: + type: string + example: "B00BKQT2OI" + responses: + '200': + description: Successfully retrieved product details + content: + application/json: + schema: + type: string + description: JSON string of product metadata + + /cart/add: + post: + summary: Add product to cart + description: Adds a product to the current user's shopping cart. + operationId: addProductToCart + tags: + - Cart + parameters: + - name: asin + in: query + required: true + description: The Amazon Standard Identification Number (product ID) + schema: + type: string + example: "B00BKQT2OI" + responses: + '200': + description: Product added, returns updated cart contents + content: + application/json: + schema: + type: string + description: JSON string of cart contents (ASIN -> quantity map) + + /cart/get: + post: + summary: Get cart contents + description: Retrieves all products in the current user's shopping cart. + operationId: showCart + tags: + - Cart + responses: + '200': + description: Successfully retrieved cart contents + content: + application/json: + schema: + type: string + description: JSON string of cart contents (ASIN -> quantity map) + example: '{"B00BKQT2OI": 2, "B00BKQT3XT": 1}' + + /cart/getCart: + post: + summary: Get cart contents (alternate endpoint) + description: Alternative endpoint to retrieve shopping cart contents. + operationId: getCart + tags: + - Cart + responses: + '200': + description: Successfully retrieved cart contents + content: + application/json: + schema: + type: string + description: JSON string of cart contents + + /cart/remove: + post: + summary: Remove product from cart + description: Removes a product from the current user's shopping cart. + operationId: removeProductFromCart + tags: + - Cart + parameters: + - name: asin + in: query + required: true + description: The Amazon Standard Identification Number (product ID) + schema: + type: string + example: "B00BKQT2OI" + responses: + '200': + description: Product removed, returns updated cart contents + content: + application/json: + schema: + type: string + description: JSON string of updated cart contents + + /cart/checkout: + post: + summary: Process checkout + description: | + Processes checkout for the current user's shopping cart. + Validates inventory, creates order, and clears cart. + operationId: checkoutCart + tags: + - Checkout + responses: + '200': + description: Checkout processed + content: + application/json: + schema: + type: string + description: JSON string with checkout status, order number, and details + example: '{"status": "SUCCESS", "orderNumber": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", "orderDetails": "Customer bought these Items: Product: The Great Gatsby, Quantity: 2; Order Total is : 29.98"}' + +tags: + - name: Health + description: Health check endpoints + - name: Products + description: Product catalog operations for the UI + - name: Cart + description: Shopping cart management for the UI + - name: Checkout + description: Checkout operations for the UI diff --git a/parity-tests/api-gateway-tests/requirements.txt b/parity-tests/api-gateway-tests/requirements.txt new file mode 100644 index 0000000..020ba71 --- /dev/null +++ b/parity-tests/api-gateway-tests/requirements.txt @@ -0,0 +1,4 @@ +requests>=2.28.0 +pytest>=7.0.0 +pytest-cov>=4.0.0 +responses>=0.22.0 diff --git a/parity-tests/api-gateway-tests/test_api_gateway.py b/parity-tests/api-gateway-tests/test_api_gateway.py new file mode 100644 index 0000000..b7a9864 --- /dev/null +++ b/parity-tests/api-gateway-tests/test_api_gateway.py @@ -0,0 +1,528 @@ +""" +Unit tests for API Gateway + +Tests cover all endpoints defined in openapi/api-gateway.yaml: +- GET /api/v1/product/{asin} - Get product details +- GET /api/v1/products - Get all products +- GET /api/v1/products/category/{category} - Get products by category +- POST /api/v1/shoppingCart - Get shopping cart contents +- POST /api/v1/shoppingCart/addProduct - Add product to cart +- POST /api/v1/shoppingCart/removeProduct - Remove product from cart +- POST /api/v1/shoppingCart/checkout - Process checkout +""" + +import unittest +from unittest.mock import patch, MagicMock +import requests +import json + + +class TestApiGatewayConfig: + """Configuration for API Gateway tests""" + BASE_URL = "http://localhost:8081" + API_BASE = f"{BASE_URL}/api/v1" + + +class TestGetProductDetails(unittest.TestCase): + """Tests for GET /api/v1/product/{asin} endpoint""" + + def setUp(self): + self.base_url = TestApiGatewayConfig.API_BASE + self.endpoint = f"{self.base_url}/product" + + @patch('requests.get') + def test_get_product_details_success(self, mock_get): + """Test successfully retrieving product details""" + expected_product = { + "id": "B00BKQT2OI", + "brand": "Penguin Books", + "categories": ["Books", "Fiction"], + "imUrl": "https://images-na.ssl-images-amazon.com/images/I/51example.jpg", + "price": 14.99, + "title": "The Great Gatsby", + "description": "A novel by F. Scott Fitzgerald", + "also_bought": ["B00BKQT3XT"], + "also_viewed": ["B00BKQT4YU"], + "num_reviews": 1250, + "avg_stars": 3.9 + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_product + mock_get.return_value = mock_response + + response = requests.get(f"{self.endpoint}/B00BKQT2OI") + + self.assertEqual(response.status_code, 200) + product = response.json() + self.assertEqual(product["id"], "B00BKQT2OI") + + @patch('requests.get') + def test_get_product_not_found(self, mock_get): + """Test getting a non-existent product""" + mock_response = MagicMock() + mock_response.status_code = 404 + mock_get.return_value = mock_response + + response = requests.get(f"{self.endpoint}/NONEXISTENT") + + self.assertEqual(response.status_code, 404) + + @patch('requests.get') + def test_get_product_server_error(self, mock_get): + """Test server error when downstream service unavailable""" + mock_response = MagicMock() + mock_response.status_code = 500 + mock_get.return_value = mock_response + + response = requests.get(f"{self.endpoint}/B00BKQT2OI") + + self.assertEqual(response.status_code, 500) + + +class TestGetAllProducts(unittest.TestCase): + """Tests for GET /api/v1/products endpoint""" + + def setUp(self): + self.base_url = TestApiGatewayConfig.API_BASE + self.endpoint = f"{self.base_url}/products" + + @patch('requests.get') + def test_get_products_success(self, mock_get): + """Test successfully retrieving product list""" + expected_products = [ + {"id": "B001", "title": "Product 1", "price": 9.99}, + {"id": "B002", "title": "Product 2", "price": 19.99} + ] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + products = response.json() + self.assertIsInstance(products, list) + + @patch('requests.get') + def test_get_products_with_pagination(self, mock_get): + """Test product list pagination""" + expected_products = [{"id": f"B{i:03d}", "title": f"Product {i}", "price": 9.99} + for i in range(12)] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + products = response.json() + self.assertLessEqual(len(products), 12) + + @patch('requests.get') + def test_get_products_requires_limit_param(self, mock_get): + """Test that limit parameter is required""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"limit": 10, "offset": 0} + ) + + call_args = mock_get.call_args + params = call_args.kwargs.get("params", {}) + self.assertIn("limit", params) + self.assertIn("offset", params) + + +class TestGetProductsByCategory(unittest.TestCase): + """Tests for GET /api/v1/products/category/{category} endpoint""" + + def setUp(self): + self.base_url = TestApiGatewayConfig.API_BASE + self.endpoint = f"{self.base_url}/products/category" + + @patch('requests.get') + def test_get_products_by_category_success(self, mock_get): + """Test successfully retrieving products by category""" + expected_products = [ + { + "id": {"asin": "B001", "category": "Books"}, + "salesRank": 1, + "title": "Book 1", + "price": 14.99, + "avg_stars": 4.5 + } + ] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Books", + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + products = response.json() + self.assertIsInstance(products, list) + + @patch('requests.get') + def test_get_products_category_returns_rankings(self, mock_get): + """Test that category products include ranking information""" + expected_products = [ + { + "id": {"asin": "B001", "category": "Books"}, + "salesRank": 1, + "title": "Book 1", + "price": 14.99 + } + ] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Books", + params={"limit": 12, "offset": 0} + ) + + products = response.json() + if products: + self.assertIn("salesRank", products[0]) + self.assertIn("id", products[0]) + + @patch('requests.get') + def test_get_products_various_categories(self, mock_get): + """Test fetching products from various categories""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + categories = ["Books", "Music", "Electronics", "Beauty"] + for category in categories: + response = requests.get( + f"{self.endpoint}/{category}", + params={"limit": 12, "offset": 0} + ) + self.assertEqual(response.status_code, 200) + + +class TestShoppingCart(unittest.TestCase): + """Tests for POST /api/v1/shoppingCart endpoint""" + + def setUp(self): + self.base_url = TestApiGatewayConfig.API_BASE + self.endpoint = f"{self.base_url}/shoppingCart" + + @patch('requests.post') + def test_get_cart_contents_success(self, mock_post): + """Test successfully retrieving cart contents""" + expected_cart = {"B00BKQT2OI": 2, "B00BKQT3XT": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 200) + cart = response.json() + self.assertIsInstance(cart, dict) + + @patch('requests.post') + def test_get_cart_empty(self, mock_post): + """Test retrieving empty cart""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = {} + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 200) + cart = response.json() + self.assertEqual(cart, {}) + + @patch('requests.post') + def test_cart_contents_format(self, mock_post): + """Test that cart contents are ASIN -> quantity map""" + expected_cart = {"B00BKQT2OI": 2, "B00BKQT3XT": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + cart = response.json() + for asin, quantity in cart.items(): + self.assertIsInstance(asin, str) + self.assertIsInstance(quantity, int) + + +class TestAddProductToCart(unittest.TestCase): + """Tests for POST /api/v1/shoppingCart/addProduct endpoint""" + + def setUp(self): + self.base_url = TestApiGatewayConfig.API_BASE + self.endpoint = f"{self.base_url}/shoppingCart/addProduct" + + @patch('requests.post') + def test_add_product_success(self, mock_post): + """Test successfully adding product to cart""" + expected_cart = {"B00BKQT2OI": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + self.assertEqual(response.status_code, 200) + cart = response.json() + self.assertIn("B00BKQT2OI", cart) + + @patch('requests.post') + def test_add_product_increments_quantity(self, mock_post): + """Test adding same product increases quantity""" + expected_cart = {"B00BKQT2OI": 2} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + cart = response.json() + self.assertEqual(cart["B00BKQT2OI"], 2) + + @patch('requests.post') + def test_add_product_requires_asin(self, mock_post): + """Test that ASIN parameter is required""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = {"B00TEST": 1} + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00TEST"} + ) + + call_args = mock_post.call_args + params = call_args.kwargs.get("params", {}) + self.assertIn("asin", params) + + +class TestRemoveProductFromCart(unittest.TestCase): + """Tests for POST /api/v1/shoppingCart/removeProduct endpoint""" + + def setUp(self): + self.base_url = TestApiGatewayConfig.API_BASE + self.endpoint = f"{self.base_url}/shoppingCart/removeProduct" + + @patch('requests.post') + def test_remove_product_success(self, mock_post): + """Test successfully removing product from cart""" + expected_cart = {} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + self.assertEqual(response.status_code, 200) + + @patch('requests.post') + def test_remove_product_decrements_quantity(self, mock_post): + """Test removing product decreases quantity""" + expected_cart = {"B00BKQT2OI": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + cart = response.json() + self.assertEqual(cart.get("B00BKQT2OI"), 1) + + @patch('requests.post') + def test_remove_nonexistent_product(self, mock_post): + """Test removing product not in cart""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = {} + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "NONEXISTENT"} + ) + + self.assertEqual(response.status_code, 200) + + +class TestCheckout(unittest.TestCase): + """Tests for POST /api/v1/shoppingCart/checkout endpoint""" + + def setUp(self): + self.base_url = TestApiGatewayConfig.API_BASE + self.endpoint = f"{self.base_url}/shoppingCart/checkout" + + @patch('requests.post') + def test_checkout_success(self, mock_post): + """Test successful checkout""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "orderDetails": "Customer bought these Items: Product: The Great Gatsby, Quantity: 2; Order Total is : 29.98" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 200) + result = response.json() + self.assertEqual(result["status"], "SUCCESS") + + @patch('requests.post') + def test_checkout_failure_out_of_stock(self, mock_post): + """Test checkout failure when out of stock""" + expected_response = { + "status": "FAILURE", + "orderNumber": "", + "orderDetails": "Product is Out of Stock!" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + self.assertEqual(result["status"], "FAILURE") + + @patch('requests.post') + def test_checkout_returns_order_number_on_success(self, mock_post): + """Test that successful checkout returns order number""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "test-order-uuid", + "orderDetails": "Order details" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + if result["status"] == "SUCCESS": + self.assertNotEqual(result["orderNumber"], "") + + @patch('requests.post') + def test_checkout_server_error(self, mock_post): + """Test checkout server error""" + mock_response = MagicMock() + mock_response.status_code = 500 + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 500) + + +class TestApiGatewaySchemas(unittest.TestCase): + """Tests for API Gateway schema validation""" + + @patch('requests.get') + def test_product_metadata_complete_schema(self, mock_get): + """Test ProductMetadata schema contains all expected fields""" + complete_product = { + "id": "B00BKQT2OI", + "brand": "Penguin Books", + "categories": ["Books", "Fiction"], + "imUrl": "https://example.com/image.jpg", + "price": 14.99, + "title": "The Great Gatsby", + "description": "A novel", + "also_bought": ["B001"], + "also_viewed": ["B002"], + "bought_together": ["B003"], + "buy_after_viewing": ["B004"], + "num_reviews": 1250, + "num_stars": 4875.5, + "avg_stars": 3.9 + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = complete_product + mock_get.return_value = mock_response + + response = requests.get( + f"{TestApiGatewayConfig.API_BASE}/product/B00BKQT2OI" + ) + + product = response.json() + expected_fields = ["id", "title", "price"] + for field in expected_fields: + self.assertIn(field, product) + + @patch('requests.post') + def test_checkout_status_schema(self, mock_post): + """Test CheckoutStatus schema""" + checkout_result = { + "status": "SUCCESS", + "orderNumber": "uuid-here", + "orderDetails": "Order details" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = checkout_result + mock_post.return_value = mock_response + + response = requests.post( + f"{TestApiGatewayConfig.API_BASE}/shoppingCart/checkout" + ) + + result = response.json() + self.assertIn("status", result) + self.assertIn(result["status"], ["SUCCESS", "FAILURE"]) + + +if __name__ == '__main__': + unittest.main() diff --git a/parity-tests/cart-microservice-tests/requirements.txt b/parity-tests/cart-microservice-tests/requirements.txt new file mode 100644 index 0000000..020ba71 --- /dev/null +++ b/parity-tests/cart-microservice-tests/requirements.txt @@ -0,0 +1,4 @@ +requests>=2.28.0 +pytest>=7.0.0 +pytest-cov>=4.0.0 +responses>=0.22.0 diff --git a/parity-tests/cart-microservice-tests/test_cart_microservice.py b/parity-tests/cart-microservice-tests/test_cart_microservice.py new file mode 100644 index 0000000..b51fa4e --- /dev/null +++ b/parity-tests/cart-microservice-tests/test_cart_microservice.py @@ -0,0 +1,337 @@ +""" +Unit tests for Cart Microservice API + +Tests cover all endpoints defined in openapi/cart-microservice.yaml: +- GET /cart-microservice/shoppingCart/addProduct +- GET /cart-microservice/shoppingCart/productsInCart +- GET /cart-microservice/shoppingCart/removeProduct +- GET /cart-microservice/shoppingCart/clearCart +""" + +import unittest +from unittest.mock import patch, MagicMock +import requests +import json + + +class TestCartMicroserviceConfig: + """Configuration for Cart Microservice tests""" + BASE_URL = "http://localhost:8083" + CART_BASE = f"{BASE_URL}/cart-microservice/shoppingCart" + + +class TestAddProductToCart(unittest.TestCase): + """Tests for POST /cart-microservice/shoppingCart/addProduct endpoint""" + + def setUp(self): + self.base_url = TestCartMicroserviceConfig.CART_BASE + self.endpoint = f"{self.base_url}/addProduct" + + @patch('requests.get') + def test_add_product_success(self, mock_get): + """Test successfully adding a product to cart""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = "Added to Cart" + mock_response.json.return_value = "Added to Cart" + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "u1001", "asin": "B00BKQT2OI"} + ) + + self.assertEqual(response.status_code, 200) + self.assertIn("Added to Cart", response.text) + mock_get.assert_called_once() + + @patch('requests.get') + def test_add_product_with_valid_userid_and_asin(self, mock_get): + """Test adding product with valid user ID and ASIN""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = "Added to Cart" + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "test_user_123", "asin": "B00TEST123"} + ) + + self.assertEqual(response.status_code, 200) + call_args = mock_get.call_args + self.assertIn("userid", call_args.kwargs.get("params", {})) + self.assertIn("asin", call_args.kwargs.get("params", {})) + + @patch('requests.get') + def test_add_product_missing_userid(self, mock_get): + """Test adding product without userid parameter""" + mock_response = MagicMock() + mock_response.status_code = 400 + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + # Should fail without required userid + self.assertIn(response.status_code, [400, 500]) + + @patch('requests.get') + def test_add_product_missing_asin(self, mock_get): + """Test adding product without asin parameter""" + mock_response = MagicMock() + mock_response.status_code = 400 + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "u1001"} + ) + + # Should fail without required asin + self.assertIn(response.status_code, [400, 500]) + + +class TestGetProductsInCart(unittest.TestCase): + """Tests for GET /cart-microservice/shoppingCart/productsInCart endpoint""" + + def setUp(self): + self.base_url = TestCartMicroserviceConfig.CART_BASE + self.endpoint = f"{self.base_url}/productsInCart" + + @patch('requests.get') + def test_get_products_in_cart_success(self, mock_get): + """Test successfully retrieving products in cart""" + expected_cart = {"B00BKQT2OI": 2, "B00BKQT3XT": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "u1001"} + ) + + self.assertEqual(response.status_code, 200) + cart_contents = response.json() + self.assertIsInstance(cart_contents, dict) + + @patch('requests.get') + def test_get_products_in_cart_empty(self, mock_get): + """Test retrieving an empty cart""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = {} + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "new_user"} + ) + + self.assertEqual(response.status_code, 200) + cart_contents = response.json() + self.assertEqual(cart_contents, {}) + + @patch('requests.get') + def test_get_products_cart_contents_format(self, mock_get): + """Test that cart contents are in correct format (ASIN -> quantity)""" + expected_cart = {"B00BKQT2OI": 2, "B00BKQT3XT": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "u1001"} + ) + + cart_contents = response.json() + for asin, quantity in cart_contents.items(): + self.assertIsInstance(asin, str) + self.assertIsInstance(quantity, int) + self.assertGreater(quantity, 0) + + @patch('requests.get') + def test_get_products_missing_userid(self, mock_get): + """Test getting cart without userid parameter""" + mock_response = MagicMock() + mock_response.status_code = 400 + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + self.assertIn(response.status_code, [400, 500]) + + +class TestRemoveProductFromCart(unittest.TestCase): + """Tests for GET /cart-microservice/shoppingCart/removeProduct endpoint""" + + def setUp(self): + self.base_url = TestCartMicroserviceConfig.CART_BASE + self.endpoint = f"{self.base_url}/removeProduct" + + @patch('requests.get') + def test_remove_product_success(self, mock_get): + """Test successfully removing a product from cart""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = "Removing from Cart" + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "u1001", "asin": "B00BKQT2OI"} + ) + + self.assertEqual(response.status_code, 200) + self.assertIn("Removing from Cart", response.text) + + @patch('requests.get') + def test_remove_product_not_in_cart(self, mock_get): + """Test removing a product that's not in the cart""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = "Removing from Cart" + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "u1001", "asin": "NONEXISTENT"} + ) + + # Should still return success (idempotent operation) + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_remove_product_missing_userid(self, mock_get): + """Test removing product without userid""" + mock_response = MagicMock() + mock_response.status_code = 400 + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + self.assertIn(response.status_code, [400, 500]) + + @patch('requests.get') + def test_remove_product_missing_asin(self, mock_get): + """Test removing product without asin""" + mock_response = MagicMock() + mock_response.status_code = 400 + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "u1001"} + ) + + self.assertIn(response.status_code, [400, 500]) + + +class TestClearCart(unittest.TestCase): + """Tests for GET /cart-microservice/shoppingCart/clearCart endpoint""" + + def setUp(self): + self.base_url = TestCartMicroserviceConfig.CART_BASE + self.endpoint = f"{self.base_url}/clearCart" + + @patch('requests.get') + def test_clear_cart_success(self, mock_get): + """Test successfully clearing the cart""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = "Clearing Cart, Checkout successful" + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "u1001"} + ) + + self.assertEqual(response.status_code, 200) + self.assertIn("Clearing Cart", response.text) + + @patch('requests.get') + def test_clear_empty_cart(self, mock_get): + """Test clearing an already empty cart""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = "Clearing Cart, Checkout successful" + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"userid": "empty_cart_user"} + ) + + # Should succeed even if cart is already empty + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_clear_cart_missing_userid(self, mock_get): + """Test clearing cart without userid""" + mock_response = MagicMock() + mock_response.status_code = 400 + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + self.assertIn(response.status_code, [400, 500]) + + +class TestCartWorkflow(unittest.TestCase): + """Integration-style tests for cart workflows""" + + def setUp(self): + self.base_url = TestCartMicroserviceConfig.CART_BASE + + @patch('requests.get') + def test_add_get_remove_workflow(self, mock_get): + """Test complete workflow: add product, get cart, remove product""" + # Setup mock responses for sequence of calls + add_response = MagicMock() + add_response.status_code = 200 + add_response.text = "Added to Cart" + + get_response = MagicMock() + get_response.status_code = 200 + get_response.json.return_value = {"B00BKQT2OI": 1} + + remove_response = MagicMock() + remove_response.status_code = 200 + remove_response.text = "Removing from Cart" + + mock_get.side_effect = [add_response, get_response, remove_response] + + # Add product + response1 = requests.get( + f"{self.base_url}/addProduct", + params={"userid": "u1001", "asin": "B00BKQT2OI"} + ) + self.assertEqual(response1.status_code, 200) + + # Get cart + response2 = requests.get( + f"{self.base_url}/productsInCart", + params={"userid": "u1001"} + ) + self.assertEqual(response2.status_code, 200) + + # Remove product + response3 = requests.get( + f"{self.base_url}/removeProduct", + params={"userid": "u1001", "asin": "B00BKQT2OI"} + ) + self.assertEqual(response3.status_code, 200) + + +if __name__ == '__main__': + unittest.main() diff --git a/parity-tests/checkout-microservice-tests/requirements.txt b/parity-tests/checkout-microservice-tests/requirements.txt new file mode 100644 index 0000000..020ba71 --- /dev/null +++ b/parity-tests/checkout-microservice-tests/requirements.txt @@ -0,0 +1,4 @@ +requests>=2.28.0 +pytest>=7.0.0 +pytest-cov>=4.0.0 +responses>=0.22.0 diff --git a/parity-tests/checkout-microservice-tests/test_checkout_microservice.py b/parity-tests/checkout-microservice-tests/test_checkout_microservice.py new file mode 100644 index 0000000..838489a --- /dev/null +++ b/parity-tests/checkout-microservice-tests/test_checkout_microservice.py @@ -0,0 +1,245 @@ +""" +Unit tests for Checkout Microservice API + +Tests cover all endpoints defined in openapi/checkout-microservice.yaml: +- POST /checkout-microservice/shoppingCart/checkout +""" + +import unittest +from unittest.mock import patch, MagicMock +import requests +import json + + +class TestCheckoutMicroserviceConfig: + """Configuration for Checkout Microservice tests""" + BASE_URL = "http://localhost:8086" + CHECKOUT_BASE = f"{BASE_URL}/checkout-microservice/shoppingCart" + + +class TestCheckout(unittest.TestCase): + """Tests for POST /checkout-microservice/shoppingCart/checkout endpoint""" + + def setUp(self): + self.base_url = TestCheckoutMicroserviceConfig.CHECKOUT_BASE + self.endpoint = f"{self.base_url}/checkout" + + @patch('requests.post') + def test_checkout_success(self, mock_post): + """Test successful checkout""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "orderDetails": "Customer bought these Items: Product: The Great Gatsby, Quantity: 2; Order Total is : 29.98" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 200) + result = response.json() + self.assertEqual(result["status"], "SUCCESS") + self.assertIn("orderNumber", result) + self.assertIn("orderDetails", result) + + @patch('requests.post') + def test_checkout_returns_order_number(self, mock_post): + """Test that successful checkout returns a valid order number""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "orderDetails": "Customer bought these Items: Product: Test Product, Quantity: 1" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + self.assertIsInstance(result["orderNumber"], str) + self.assertGreater(len(result["orderNumber"]), 0) + + @patch('requests.post') + def test_checkout_failure_out_of_stock(self, mock_post): + """Test checkout failure when product is out of stock""" + expected_response = { + "status": "FAILURE", + "orderNumber": "", + "orderDetails": "Product is Out of Stock!" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 200) + result = response.json() + self.assertEqual(result["status"], "FAILURE") + self.assertEqual(result["orderNumber"], "") + + @patch('requests.post') + def test_checkout_status_enum_values(self, mock_post): + """Test that status field contains valid enum values""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "test-order-123", + "orderDetails": "Order details" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + self.assertIn(result["status"], ["SUCCESS", "FAILURE"]) + + @patch('requests.post') + def test_checkout_order_details_format(self, mock_post): + """Test that order details are properly formatted""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "test-order-123", + "orderDetails": "Customer bought these Items: Product: The Great Gatsby, Quantity: 2; Order Total is : 29.98" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + self.assertIsInstance(result["orderDetails"], str) + # Successful orders should contain product information + if result["status"] == "SUCCESS": + self.assertIn("Product:", result["orderDetails"]) + + @patch('requests.post') + def test_checkout_multiple_items(self, mock_post): + """Test checkout with multiple items in cart""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "multi-item-order-456", + "orderDetails": "Customer bought these Items: Product: Book 1, Quantity: 2; Product: Book 2, Quantity: 1; Order Total is : 44.97" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + self.assertEqual(result["status"], "SUCCESS") + self.assertIn("Order Total", result["orderDetails"]) + + @patch('requests.post') + def test_checkout_empty_cart(self, mock_post): + """Test checkout with empty cart""" + expected_response = { + "status": "FAILURE", + "orderNumber": "", + "orderDetails": "Cart is empty" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + # Empty cart should result in failure or appropriate message + self.assertIn(result["status"], ["SUCCESS", "FAILURE"]) + + @patch('requests.post') + def test_checkout_server_error(self, mock_post): + """Test checkout when server returns error""" + mock_response = MagicMock() + mock_response.status_code = 500 + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 500) + + +class TestCheckoutStatusSchema(unittest.TestCase): + """Tests for CheckoutStatus schema validation""" + + @patch('requests.post') + def test_checkout_status_has_required_fields(self, mock_post): + """Test that CheckoutStatus contains required 'status' field""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "test-123", + "orderDetails": "Order completed" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post( + f"{TestCheckoutMicroserviceConfig.CHECKOUT_BASE}/checkout" + ) + + result = response.json() + # 'status' is required per schema + self.assertIn("status", result) + + @patch('requests.post') + def test_checkout_status_success_has_order_number(self, mock_post): + """Test that successful checkout includes non-empty order number""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "orderDetails": "Order details here" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post( + f"{TestCheckoutMicroserviceConfig.CHECKOUT_BASE}/checkout" + ) + + result = response.json() + if result["status"] == "SUCCESS": + self.assertIn("orderNumber", result) + self.assertNotEqual(result["orderNumber"], "") + + @patch('requests.post') + def test_checkout_status_failure_has_empty_order_number(self, mock_post): + """Test that failed checkout has empty order number""" + expected_response = { + "status": "FAILURE", + "orderNumber": "", + "orderDetails": "Product is Out of Stock!" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post( + f"{TestCheckoutMicroserviceConfig.CHECKOUT_BASE}/checkout" + ) + + result = response.json() + if result["status"] == "FAILURE": + self.assertEqual(result["orderNumber"], "") + + +if __name__ == '__main__': + unittest.main() diff --git a/parity-tests/login-microservice-tests/requirements.txt b/parity-tests/login-microservice-tests/requirements.txt new file mode 100644 index 0000000..020ba71 --- /dev/null +++ b/parity-tests/login-microservice-tests/requirements.txt @@ -0,0 +1,4 @@ +requests>=2.28.0 +pytest>=7.0.0 +pytest-cov>=4.0.0 +responses>=0.22.0 diff --git a/parity-tests/login-microservice-tests/test_login_microservice.py b/parity-tests/login-microservice-tests/test_login_microservice.py new file mode 100644 index 0000000..b3d2950 --- /dev/null +++ b/parity-tests/login-microservice-tests/test_login_microservice.py @@ -0,0 +1,329 @@ +""" +Unit tests for Login Microservice API + +Tests cover all endpoints defined in openapi/login-microservice.yaml: +- GET /registration - Display registration page +- POST /registration - Process registration +- GET /login - Display login page +- GET / - Welcome redirect +- GET /welcome - Welcome page redirect +""" + +import unittest +from unittest.mock import patch, MagicMock +import requests + + +class TestLoginMicroserviceConfig: + """Configuration for Login Microservice tests""" + BASE_URL = "http://localhost:8085" + + +class TestRegistrationPage(unittest.TestCase): + """Tests for GET /registration endpoint""" + + def setUp(self): + self.base_url = TestLoginMicroserviceConfig.BASE_URL + self.endpoint = f"{self.base_url}/registration" + + @patch('requests.get') + def test_get_registration_page_success(self, mock_get): + """Test successfully retrieving registration page""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.headers = {'Content-Type': 'text/html'} + mock_response.text = '<html><body><form>Registration Form</form></body></html>' + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + self.assertEqual(response.status_code, 200) + self.assertIn('text/html', response.headers.get('Content-Type', '')) + + @patch('requests.get') + def test_registration_page_contains_form(self, mock_get): + """Test that registration page contains form elements""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = ''' + <html> + <body> + <form> + <input name="username" /> + <input name="password" type="password" /> + <input name="passwordConfirm" type="password" /> + <button type="submit">Register</button> + </form> + </body> + </html> + ''' + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + self.assertIn('username', response.text) + self.assertIn('password', response.text) + + +class TestRegistrationProcess(unittest.TestCase): + """Tests for POST /registration endpoint""" + + def setUp(self): + self.base_url = TestLoginMicroserviceConfig.BASE_URL + self.endpoint = f"{self.base_url}/registration" + + @patch('requests.post') + def test_registration_success_redirect(self, mock_post): + """Test successful registration redirects to login""" + mock_response = MagicMock() + mock_response.status_code = 302 + mock_response.headers = {'Location': '/login'} + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + data={ + 'username': 'newuser', + 'password': 'securePassword123', + 'passwordConfirm': 'securePassword123' + } + ) + + self.assertEqual(response.status_code, 302) + + @patch('requests.post') + def test_registration_with_valid_data(self, mock_post): + """Test registration with valid form data""" + mock_response = MagicMock() + mock_response.status_code = 302 + mock_post.return_value = mock_response + + form_data = { + 'username': 'johndoe', + 'password': 'securePassword123', + 'passwordConfirm': 'securePassword123' + } + response = requests.post(self.endpoint, data=form_data) + + self.assertIn(response.status_code, [200, 302]) + + @patch('requests.post') + def test_registration_password_mismatch(self, mock_post): + """Test registration fails when passwords don't match""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = '<html><body>Passwords do not match</body></html>' + mock_post.return_value = mock_response + + form_data = { + 'username': 'johndoe', + 'password': 'password123', + 'passwordConfirm': 'differentPassword' + } + response = requests.post(self.endpoint, data=form_data) + + # Should return form with errors (200) not redirect (302) + self.assertEqual(response.status_code, 200) + + @patch('requests.post') + def test_registration_username_too_short(self, mock_post): + """Test registration fails with short username""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = '<html><body>Username too short</body></html>' + mock_post.return_value = mock_response + + form_data = { + 'username': 'ab', # Less than 3 characters + 'password': 'securePassword123', + 'passwordConfirm': 'securePassword123' + } + response = requests.post(self.endpoint, data=form_data) + + self.assertEqual(response.status_code, 200) + + @patch('requests.post') + def test_registration_password_too_short(self, mock_post): + """Test registration fails with short password""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = '<html><body>Password too short</body></html>' + mock_post.return_value = mock_response + + form_data = { + 'username': 'johndoe', + 'password': 'short', # Less than 8 characters + 'passwordConfirm': 'short' + } + response = requests.post(self.endpoint, data=form_data) + + self.assertEqual(response.status_code, 200) + + @patch('requests.post') + def test_registration_duplicate_username(self, mock_post): + """Test registration fails with existing username""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = '<html><body>Username already exists</body></html>' + mock_post.return_value = mock_response + + form_data = { + 'username': 'existinguser', + 'password': 'securePassword123', + 'passwordConfirm': 'securePassword123' + } + response = requests.post(self.endpoint, data=form_data) + + self.assertEqual(response.status_code, 200) + + +class TestLoginPage(unittest.TestCase): + """Tests for GET /login endpoint""" + + def setUp(self): + self.base_url = TestLoginMicroserviceConfig.BASE_URL + self.endpoint = f"{self.base_url}/login" + + @patch('requests.get') + def test_get_login_page_success(self, mock_get): + """Test successfully retrieving login page""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.headers = {'Content-Type': 'text/html'} + mock_response.text = '<html><body><form>Login Form</form></body></html>' + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_login_page_with_error_param(self, mock_get): + """Test login page shows error message when error param present""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = '<html><body>Invalid credentials</body></html>' + mock_get.return_value = mock_response + + response = requests.get(self.endpoint, params={'error': ''}) + + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_login_page_with_logout_param(self, mock_get): + """Test login page shows logout message when logout param present""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = '<html><body>You have been logged out</body></html>' + mock_get.return_value = mock_response + + response = requests.get(self.endpoint, params={'logout': ''}) + + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_login_page_contains_form(self, mock_get): + """Test that login page contains login form elements""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = ''' + <html> + <body> + <form> + <input name="username" /> + <input name="password" type="password" /> + <button type="submit">Login</button> + </form> + </body> + </html> + ''' + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + self.assertIn('username', response.text) + self.assertIn('password', response.text) + + +class TestWelcomeRedirect(unittest.TestCase): + """Tests for GET / and GET /welcome endpoints""" + + def setUp(self): + self.base_url = TestLoginMicroserviceConfig.BASE_URL + + @patch('requests.get') + def test_root_redirects_to_app(self, mock_get): + """Test that root path redirects to main application""" + mock_response = MagicMock() + mock_response.status_code = 302 + mock_response.headers = {'Location': 'http://localhost:8080'} + mock_get.return_value = mock_response + + response = requests.get(f"{self.base_url}/") + + self.assertEqual(response.status_code, 302) + + @patch('requests.get') + def test_welcome_redirects_to_app(self, mock_get): + """Test that /welcome path redirects to main application""" + mock_response = MagicMock() + mock_response.status_code = 302 + mock_response.headers = {'Location': 'http://localhost:8080'} + mock_get.return_value = mock_response + + response = requests.get(f"{self.base_url}/welcome") + + self.assertEqual(response.status_code, 302) + + +class TestUserRegistrationFormSchema(unittest.TestCase): + """Tests for UserRegistrationForm schema validation""" + + @patch('requests.post') + def test_registration_form_has_required_fields(self, mock_post): + """Test that registration accepts all required fields""" + mock_response = MagicMock() + mock_response.status_code = 302 + mock_post.return_value = mock_response + + # All required fields per schema + form_data = { + 'username': 'testuser', + 'password': 'testpassword123', + 'passwordConfirm': 'testpassword123' + } + response = requests.post( + f"{TestLoginMicroserviceConfig.BASE_URL}/registration", + data=form_data + ) + + call_args = mock_post.call_args + submitted_data = call_args.kwargs.get('data', {}) + self.assertIn('username', submitted_data) + self.assertIn('password', submitted_data) + self.assertIn('passwordConfirm', submitted_data) + + @patch('requests.post') + def test_registration_username_length_validation(self, mock_post): + """Test username length constraints (3-32 characters)""" + mock_response = MagicMock() + mock_response.status_code = 302 + mock_post.return_value = mock_response + + # Valid username (within 3-32 chars) + form_data = { + 'username': 'validuser', # 9 characters + 'password': 'testpassword123', + 'passwordConfirm': 'testpassword123' + } + response = requests.post( + f"{TestLoginMicroserviceConfig.BASE_URL}/registration", + data=form_data + ) + + # Should succeed with valid length + self.assertIn(response.status_code, [200, 302]) + + +if __name__ == '__main__': + unittest.main() diff --git a/parity-tests/products-microservice-tests/requirements.txt b/parity-tests/products-microservice-tests/requirements.txt new file mode 100644 index 0000000..020ba71 --- /dev/null +++ b/parity-tests/products-microservice-tests/requirements.txt @@ -0,0 +1,4 @@ +requests>=2.28.0 +pytest>=7.0.0 +pytest-cov>=4.0.0 +responses>=0.22.0 diff --git a/parity-tests/products-microservice-tests/test_products_microservice.py b/parity-tests/products-microservice-tests/test_products_microservice.py new file mode 100644 index 0000000..0b73ce3 --- /dev/null +++ b/parity-tests/products-microservice-tests/test_products_microservice.py @@ -0,0 +1,443 @@ +""" +Unit tests for Products Microservice API + +Tests cover all endpoints defined in openapi/products-microservice.yaml: +- GET /products-microservice/product/{asin} +- GET /products-microservice/products +- GET /products-microservice/products/category/{category} +""" + +import unittest +from unittest.mock import patch, MagicMock +import requests +import json + + +class TestProductsMicroserviceConfig: + """Configuration for Products Microservice tests""" + BASE_URL = "http://localhost:8082" + PRODUCTS_BASE = f"{BASE_URL}/products-microservice" + + +class TestGetProductDetails(unittest.TestCase): + """Tests for GET /products-microservice/product/{asin} endpoint""" + + def setUp(self): + self.base_url = TestProductsMicroserviceConfig.PRODUCTS_BASE + self.endpoint = f"{self.base_url}/product" + + @patch('requests.get') + def test_get_product_details_success(self, mock_get): + """Test successfully retrieving product details""" + expected_product = { + "id": "B00BKQT2OI", + "brand": "Penguin Books", + "categories": ["Books", "Fiction"], + "imUrl": "https://images-na.ssl-images-amazon.com/images/I/51example.jpg", + "price": 14.99, + "title": "The Great Gatsby", + "description": "A novel by F. Scott Fitzgerald", + "also_bought": ["B00BKQT3XT"], + "also_viewed": ["B00BKQT4YU"], + "bought_together": [], + "buy_after_viewing": [], + "num_reviews": 1250, + "num_stars": 4875.5, + "avg_stars": 3.9 + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_product + mock_get.return_value = mock_response + + response = requests.get(f"{self.endpoint}/B00BKQT2OI") + + self.assertEqual(response.status_code, 200) + product = response.json() + self.assertEqual(product["id"], "B00BKQT2OI") + self.assertEqual(product["title"], "The Great Gatsby") + + @patch('requests.get') + def test_get_product_details_has_required_fields(self, mock_get): + """Test that product response contains required fields""" + expected_product = { + "id": "B00BKQT2OI", + "title": "The Great Gatsby", + "price": 14.99 + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_product + mock_get.return_value = mock_response + + response = requests.get(f"{self.endpoint}/B00BKQT2OI") + + product = response.json() + self.assertIn("id", product) + self.assertIn("title", product) + self.assertIn("price", product) + + @patch('requests.get') + def test_get_product_details_not_found(self, mock_get): + """Test getting a non-existent product""" + mock_response = MagicMock() + mock_response.status_code = 404 + mock_get.return_value = mock_response + + response = requests.get(f"{self.endpoint}/NONEXISTENT") + + self.assertEqual(response.status_code, 404) + + @patch('requests.get') + def test_get_product_price_is_numeric(self, mock_get): + """Test that product price is a number""" + expected_product = { + "id": "B00BKQT2OI", + "title": "The Great Gatsby", + "price": 14.99 + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_product + mock_get.return_value = mock_response + + response = requests.get(f"{self.endpoint}/B00BKQT2OI") + + product = response.json() + self.assertIsInstance(product["price"], (int, float)) + self.assertGreaterEqual(product["price"], 0) + + @patch('requests.get') + def test_get_product_with_recommendations(self, mock_get): + """Test product with recommendation arrays""" + expected_product = { + "id": "B00BKQT2OI", + "title": "The Great Gatsby", + "price": 14.99, + "also_bought": ["B001", "B002", "B003"], + "also_viewed": ["B004"], + "bought_together": ["B005"], + "buy_after_viewing": ["B006"] + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_product + mock_get.return_value = mock_response + + response = requests.get(f"{self.endpoint}/B00BKQT2OI") + + product = response.json() + self.assertIsInstance(product.get("also_bought", []), list) + self.assertIsInstance(product.get("also_viewed", []), list) + + @patch('requests.get') + def test_get_product_rating_fields(self, mock_get): + """Test product rating fields are present and valid""" + expected_product = { + "id": "B00BKQT2OI", + "title": "The Great Gatsby", + "price": 14.99, + "num_reviews": 1250, + "num_stars": 4875.5, + "avg_stars": 3.9 + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_product + mock_get.return_value = mock_response + + response = requests.get(f"{self.endpoint}/B00BKQT2OI") + + product = response.json() + self.assertIsInstance(product.get("num_reviews"), int) + self.assertIsInstance(product.get("avg_stars"), (int, float)) + self.assertGreaterEqual(product.get("avg_stars", 0), 0) + self.assertLessEqual(product.get("avg_stars", 0), 5) + + +class TestGetAllProducts(unittest.TestCase): + """Tests for GET /products-microservice/products endpoint""" + + def setUp(self): + self.base_url = TestProductsMicroserviceConfig.PRODUCTS_BASE + self.endpoint = f"{self.base_url}/products" + + @patch('requests.get') + def test_get_products_success(self, mock_get): + """Test successfully retrieving product list""" + expected_products = [ + {"id": "B001", "title": "Product 1", "price": 9.99}, + {"id": "B002", "title": "Product 2", "price": 19.99} + ] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + products = response.json() + self.assertIsInstance(products, list) + + @patch('requests.get') + def test_get_products_with_pagination(self, mock_get): + """Test product list pagination""" + expected_products = [{"id": f"B{i:03d}", "title": f"Product {i}", "price": 9.99} + for i in range(12)] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"limit": 12, "offset": 0} + ) + + products = response.json() + self.assertLessEqual(len(products), 12) + + @patch('requests.get') + def test_get_products_with_offset(self, mock_get): + """Test product list with offset for pagination""" + expected_products = [{"id": f"B{i:03d}", "title": f"Product {i}", "price": 9.99} + for i in range(12, 24)] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"limit": 12, "offset": 12} + ) + + self.assertEqual(response.status_code, 200) + call_args = mock_get.call_args + params = call_args.kwargs.get("params", {}) + self.assertEqual(params.get("offset"), 12) + + @patch('requests.get') + def test_get_products_empty_result(self, mock_get): + """Test getting products when none exist""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"limit": 12, "offset": 1000} + ) + + self.assertEqual(response.status_code, 200) + products = response.json() + self.assertEqual(products, []) + + @patch('requests.get') + def test_get_products_limit_parameter(self, mock_get): + """Test that limit parameter is respected""" + expected_products = [{"id": "B001", "title": "Product 1", "price": 9.99}] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"limit": 1, "offset": 0} + ) + + products = response.json() + self.assertLessEqual(len(products), 1) + + +class TestGetProductsByCategory(unittest.TestCase): + """Tests for GET /products-microservice/products/category/{category} endpoint""" + + def setUp(self): + self.base_url = TestProductsMicroserviceConfig.PRODUCTS_BASE + self.endpoint = f"{self.base_url}/products/category" + + @patch('requests.get') + def test_get_products_by_category_success(self, mock_get): + """Test successfully retrieving products by category""" + expected_products = [ + { + "id": {"asin": "B001", "category": "Books"}, + "salesRank": 1, + "title": "Book 1", + "price": 14.99, + "imUrl": "https://example.com/img1.jpg", + "num_reviews": 100, + "num_stars": 450.0, + "avg_stars": 4.5 + } + ] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Books", + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + products = response.json() + self.assertIsInstance(products, list) + + @patch('requests.get') + def test_get_products_by_category_books(self, mock_get): + """Test getting products in Books category""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Books", + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_get_products_by_category_music(self, mock_get): + """Test getting products in Music category""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Music", + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_get_products_by_category_beauty(self, mock_get): + """Test getting products in Beauty category""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Beauty", + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_get_products_by_category_electronics(self, mock_get): + """Test getting products in Electronics category""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Electronics", + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_get_products_category_has_ranking_info(self, mock_get): + """Test that category products include ranking information""" + expected_products = [ + { + "id": {"asin": "B001", "category": "Books"}, + "salesRank": 1, + "title": "Book 1", + "price": 14.99, + "avg_stars": 4.5 + } + ] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Books", + params={"limit": 12, "offset": 0} + ) + + products = response.json() + if products: + self.assertIn("salesRank", products[0]) + self.assertIn("id", products[0]) + + @patch('requests.get') + def test_get_products_category_with_special_characters(self, mock_get): + """Test category with special characters (URL encoded)""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + # Categories like "Kitchen & Dining" need URL encoding + response = requests.get( + f"{self.endpoint}/Kitchen%20%26%20Dining", + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + + +class TestProductMetadataSchema(unittest.TestCase): + """Tests for ProductMetadata schema validation""" + + @patch('requests.get') + def test_product_metadata_complete_schema(self, mock_get): + """Test complete ProductMetadata schema""" + complete_product = { + "id": "B00BKQT2OI", + "brand": "Penguin Books", + "categories": ["Books", "Fiction", "Literature"], + "imUrl": "https://images-na.ssl-images-amazon.com/images/I/51example.jpg", + "price": 14.99, + "title": "The Great Gatsby", + "description": "A novel written by American author F. Scott Fitzgerald...", + "also_bought": ["B00BKQT3XT", "B00BKQT4YU"], + "also_viewed": ["B00BKQT5ZV"], + "bought_together": ["B00BKQT6AW"], + "buy_after_viewing": ["B00BKQT7BX"], + "num_reviews": 1250, + "num_stars": 4875.5, + "avg_stars": 3.9 + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = complete_product + mock_get.return_value = mock_response + + response = requests.get( + f"{TestProductsMicroserviceConfig.PRODUCTS_BASE}/product/B00BKQT2OI" + ) + + product = response.json() + + # Validate all expected fields are present + expected_fields = [ + "id", "brand", "categories", "imUrl", "price", "title", + "description", "also_bought", "also_viewed", "bought_together", + "buy_after_viewing", "num_reviews", "num_stars", "avg_stars" + ] + for field in expected_fields: + self.assertIn(field, product) + + +if __name__ == '__main__': + unittest.main() diff --git a/parity-tests/react-ui-bff-tests/requirements.txt b/parity-tests/react-ui-bff-tests/requirements.txt new file mode 100644 index 0000000..020ba71 --- /dev/null +++ b/parity-tests/react-ui-bff-tests/requirements.txt @@ -0,0 +1,4 @@ +requests>=2.28.0 +pytest>=7.0.0 +pytest-cov>=4.0.0 +responses>=0.22.0 diff --git a/parity-tests/react-ui-bff-tests/test_react_ui_bff.py b/parity-tests/react-ui-bff-tests/test_react_ui_bff.py new file mode 100644 index 0000000..dc043e0 --- /dev/null +++ b/parity-tests/react-ui-bff-tests/test_react_ui_bff.py @@ -0,0 +1,594 @@ +""" +Unit tests for React UI Backend-for-Frontend (BFF) API + +Tests cover all endpoints defined in openapi/react-ui-bff.yaml: +- GET /api/hello - Health check endpoint +- GET /products - Get homepage products +- GET /products/category/{category} - Get products by category +- GET /products/details - Get product details +- POST /cart/add - Add product to cart +- POST /cart/get - Get cart contents +- POST /cart/getCart - Get cart contents (alternate) +- POST /cart/remove - Remove product from cart +- POST /cart/checkout - Process checkout +""" + +import unittest +from unittest.mock import patch, MagicMock +import requests +import json + + +class TestReactUiBffConfig: + """Configuration for React UI BFF tests""" + BASE_URL = "http://localhost:8080" + + +class TestHealthCheck(unittest.TestCase): + """Tests for GET /api/hello endpoint""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + self.endpoint = f"{self.base_url}/api/hello" + + @patch('requests.get') + def test_health_check_success(self, mock_get): + """Test health check returns server time""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = "Hello, the time at the server is now Mon Jan 15 10:30:00 EST 2024" + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + self.assertEqual(response.status_code, 200) + self.assertIn("Hello", response.text) + + @patch('requests.get') + def test_health_check_contains_time(self, mock_get): + """Test health check response contains time information""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = "Hello, the time at the server is now Mon Jan 15 10:30:00 EST 2024" + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + self.assertIn("time", response.text.lower()) + + +class TestGetHomepageProducts(unittest.TestCase): + """Tests for GET /products endpoint""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + self.endpoint = f"{self.base_url}/products" + + @patch('requests.get') + def test_get_products_success(self, mock_get): + """Test successfully retrieving homepage products""" + expected_products = json.dumps([ + {"id": "B001", "title": "Product 1", "price": 9.99}, + {"id": "B002", "title": "Product 2", "price": 19.99} + ]) + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = expected_products + mock_response.json.return_value = json.loads(expected_products) + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_get_products_returns_list(self, mock_get): + """Test that products endpoint returns a list""" + expected_products = [{"id": "B001", "title": "Product 1"}] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + products = response.json() + self.assertIsInstance(products, list) + + @patch('requests.get') + def test_get_products_default_limit(self, mock_get): + """Test that homepage returns default number of products (10)""" + expected_products = [{"id": f"B{i:03d}"} for i in range(10)] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get(self.endpoint) + + products = response.json() + self.assertLessEqual(len(products), 10) + + +class TestGetProductsByCategory(unittest.TestCase): + """Tests for GET /products/category/{category} endpoint""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + self.endpoint = f"{self.base_url}/products/category" + + @patch('requests.get') + def test_get_products_by_category_success(self, mock_get): + """Test successfully retrieving products by category""" + expected_products = [ + {"id": {"asin": "B001", "category": "Books"}, "title": "Book 1"} + ] + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_products + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Books", + params={"limit": 12, "offset": 0} + ) + + self.assertEqual(response.status_code, 200) + + @patch('requests.get') + def test_get_products_by_category_with_pagination(self, mock_get): + """Test category products with pagination parameters""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + response = requests.get( + f"{self.endpoint}/Books", + params={"limit": 12, "offset": 24} + ) + + call_args = mock_get.call_args + params = call_args.kwargs.get("params", {}) + self.assertEqual(params.get("limit"), 12) + self.assertEqual(params.get("offset"), 24) + + @patch('requests.get') + def test_get_products_various_categories(self, mock_get): + """Test fetching from various categories""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = [] + mock_get.return_value = mock_response + + categories = ["Books", "Music", "Electronics", "Beauty"] + for category in categories: + response = requests.get( + f"{self.endpoint}/{category}", + params={"limit": 12, "offset": 0} + ) + self.assertEqual(response.status_code, 200) + + +class TestGetProductDetails(unittest.TestCase): + """Tests for GET /products/details endpoint""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + self.endpoint = f"{self.base_url}/products/details" + + @patch('requests.get') + def test_get_product_details_success(self, mock_get): + """Test successfully retrieving product details""" + expected_product = { + "id": "B00BKQT2OI", + "title": "The Great Gatsby", + "price": 14.99, + "brand": "Penguin Books" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_product + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + self.assertEqual(response.status_code, 200) + product = response.json() + self.assertEqual(product["id"], "B00BKQT2OI") + + @patch('requests.get') + def test_get_product_details_requires_asin(self, mock_get): + """Test that ASIN parameter is required""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = {"id": "B00TEST"} + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"asin": "B00TEST"} + ) + + call_args = mock_get.call_args + params = call_args.kwargs.get("params", {}) + self.assertIn("asin", params) + + @patch('requests.get') + def test_get_product_details_full_metadata(self, mock_get): + """Test that product details includes full metadata""" + expected_product = { + "id": "B00BKQT2OI", + "title": "The Great Gatsby", + "price": 14.99, + "brand": "Penguin Books", + "categories": ["Books", "Fiction"], + "imUrl": "https://example.com/image.jpg", + "description": "A novel", + "also_bought": ["B001"], + "num_reviews": 1250, + "avg_stars": 3.9 + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_product + mock_get.return_value = mock_response + + response = requests.get( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + product = response.json() + self.assertIn("title", product) + self.assertIn("price", product) + + +class TestAddToCart(unittest.TestCase): + """Tests for POST /cart/add endpoint""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + self.endpoint = f"{self.base_url}/cart/add" + + @patch('requests.post') + def test_add_to_cart_success(self, mock_post): + """Test successfully adding product to cart""" + expected_cart = '{"B00BKQT2OI": 1}' + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = expected_cart + mock_response.json.return_value = {"B00BKQT2OI": 1} + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + self.assertEqual(response.status_code, 200) + + @patch('requests.post') + def test_add_to_cart_returns_updated_cart(self, mock_post): + """Test that adding product returns updated cart contents""" + expected_cart = {"B00BKQT2OI": 2, "B00OTHER": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + cart = response.json() + self.assertIsInstance(cart, dict) + + @patch('requests.post') + def test_add_to_cart_requires_asin(self, mock_post): + """Test that ASIN parameter is required""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = {"B00TEST": 1} + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00TEST"} + ) + + call_args = mock_post.call_args + params = call_args.kwargs.get("params", {}) + self.assertIn("asin", params) + + +class TestGetCart(unittest.TestCase): + """Tests for POST /cart/get endpoint""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + self.endpoint = f"{self.base_url}/cart/get" + + @patch('requests.post') + def test_get_cart_success(self, mock_post): + """Test successfully retrieving cart contents""" + expected_cart = {"B00BKQT2OI": 2, "B00BKQT3XT": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 200) + cart = response.json() + self.assertIsInstance(cart, dict) + + @patch('requests.post') + def test_get_cart_empty(self, mock_post): + """Test retrieving empty cart""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = {} + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + cart = response.json() + self.assertEqual(cart, {}) + + @patch('requests.post') + def test_cart_format_asin_to_quantity(self, mock_post): + """Test cart format is ASIN -> quantity map""" + expected_cart = {"B00BKQT2OI": 2, "B00BKQT3XT": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + cart = response.json() + for asin, quantity in cart.items(): + self.assertIsInstance(asin, str) + self.assertIsInstance(quantity, int) + self.assertGreater(quantity, 0) + + +class TestGetCartAlternate(unittest.TestCase): + """Tests for POST /cart/getCart endpoint""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + self.endpoint = f"{self.base_url}/cart/getCart" + + @patch('requests.post') + def test_get_cart_alternate_success(self, mock_post): + """Test alternate get cart endpoint""" + expected_cart = {"B00BKQT2OI": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 200) + + @patch('requests.post') + def test_get_cart_alternate_same_format(self, mock_post): + """Test that alternate endpoint returns same format as main""" + expected_cart = {"B00BKQT2OI": 2} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + cart = response.json() + self.assertIsInstance(cart, dict) + + +class TestRemoveFromCart(unittest.TestCase): + """Tests for POST /cart/remove endpoint""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + self.endpoint = f"{self.base_url}/cart/remove" + + @patch('requests.post') + def test_remove_from_cart_success(self, mock_post): + """Test successfully removing product from cart""" + expected_cart = {} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + self.assertEqual(response.status_code, 200) + + @patch('requests.post') + def test_remove_from_cart_returns_updated_cart(self, mock_post): + """Test that removing returns updated cart""" + expected_cart = {"B00OTHER": 1} + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_cart + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00BKQT2OI"} + ) + + cart = response.json() + self.assertNotIn("B00BKQT2OI", cart) + + @patch('requests.post') + def test_remove_from_cart_requires_asin(self, mock_post): + """Test that ASIN parameter is required""" + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = {} + mock_post.return_value = mock_response + + response = requests.post( + self.endpoint, + params={"asin": "B00TEST"} + ) + + call_args = mock_post.call_args + params = call_args.kwargs.get("params", {}) + self.assertIn("asin", params) + + +class TestCheckout(unittest.TestCase): + """Tests for POST /cart/checkout endpoint""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + self.endpoint = f"{self.base_url}/cart/checkout" + + @patch('requests.post') + def test_checkout_success(self, mock_post): + """Test successful checkout""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "orderDetails": "Customer bought these Items: Product: The Great Gatsby, Quantity: 2; Order Total is : 29.98" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + self.assertEqual(response.status_code, 200) + result = response.json() + self.assertEqual(result["status"], "SUCCESS") + + @patch('requests.post') + def test_checkout_failure(self, mock_post): + """Test checkout failure""" + expected_response = { + "status": "FAILURE", + "orderNumber": "", + "orderDetails": "Product is Out of Stock!" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + self.assertEqual(result["status"], "FAILURE") + + @patch('requests.post') + def test_checkout_returns_order_details(self, mock_post): + """Test that checkout returns order details""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "test-order-123", + "orderDetails": "Order completed successfully" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + self.assertIn("orderDetails", result) + self.assertIn("orderNumber", result) + + @patch('requests.post') + def test_checkout_status_enum_values(self, mock_post): + """Test checkout status is valid enum value""" + expected_response = { + "status": "SUCCESS", + "orderNumber": "uuid", + "orderDetails": "details" + } + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = expected_response + mock_post.return_value = mock_response + + response = requests.post(self.endpoint) + + result = response.json() + self.assertIn(result["status"], ["SUCCESS", "FAILURE"]) + + +class TestCartWorkflow(unittest.TestCase): + """Integration-style tests for cart workflows through BFF""" + + def setUp(self): + self.base_url = TestReactUiBffConfig.BASE_URL + + @patch('requests.post') + @patch('requests.get') + def test_add_get_remove_checkout_workflow(self, mock_get, mock_post): + """Test complete shopping workflow""" + # Setup responses for workflow + add_response = MagicMock() + add_response.status_code = 200 + add_response.json.return_value = {"B00BKQT2OI": 1} + + get_response = MagicMock() + get_response.status_code = 200 + get_response.json.return_value = {"B00BKQT2OI": 1} + + remove_response = MagicMock() + remove_response.status_code = 200 + remove_response.json.return_value = {} + + checkout_response = MagicMock() + checkout_response.status_code = 200 + checkout_response.json.return_value = { + "status": "SUCCESS", + "orderNumber": "test-123", + "orderDetails": "Order completed" + } + + mock_post.side_effect = [add_response, get_response, remove_response, checkout_response] + + # Add product + response1 = requests.post( + f"{self.base_url}/cart/add", + params={"asin": "B00BKQT2OI"} + ) + self.assertEqual(response1.status_code, 200) + + # Get cart + response2 = requests.post(f"{self.base_url}/cart/get") + self.assertEqual(response2.status_code, 200) + + # Remove product + response3 = requests.post( + f"{self.base_url}/cart/remove", + params={"asin": "B00BKQT2OI"} + ) + self.assertEqual(response3.status_code, 200) + + # Checkout + response4 = requests.post(f"{self.base_url}/cart/checkout") + self.assertEqual(response4.status_code, 200) + + +if __name__ == '__main__': + unittest.main() diff --git a/parity-tests/run_all_tests.sh b/parity-tests/run_all_tests.sh new file mode 100755 index 0000000..83dcec5 --- /dev/null +++ b/parity-tests/run_all_tests.sh @@ -0,0 +1,228 @@ +#!/bin/bash +# +# Run all parity tests for Yugastore microservices +# +# This script discovers and runs all Python unit tests in the parity-tests subdirectories. +# It creates a virtual environment if needed, installs dependencies, and runs pytest. +# +# Usage: +# ./run_all_tests.sh # Run all tests +# ./run_all_tests.sh --verbose # Run with verbose output +# ./run_all_tests.sh --coverage # Run with coverage report +# ./run_all_tests.sh --service <name> # Run tests for specific service only +# + +set -e + +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +VENV_DIR="${SCRIPT_DIR}/.venv" +VERBOSE="" +COVERAGE="" +SERVICE_FILTER="" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +usage() { + echo "Usage: $0 [OPTIONS]" + echo "" + echo "Options:" + echo " --verbose, -v Run tests with verbose output" + echo " --coverage, -c Generate coverage report" + echo " --service, -s NAME Run tests for specific service only" + echo " --help, -h Show this help message" + echo "" + echo "Available services:" + for dir in "${SCRIPT_DIR}"/*-tests; do + if [[ -d "$dir" ]]; then + echo " - $(basename "$dir" | sed 's/-tests$//')" + fi + done +} + +log_info() { + echo -e "${BLUE}[INFO]${NC} $1" +} + +log_success() { + echo -e "${GREEN}[SUCCESS]${NC} $1" +} + +log_warning() { + echo -e "${YELLOW}[WARNING]${NC} $1" +} + +log_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case $1 in + --verbose|-v) + VERBOSE="-v" + shift + ;; + --coverage|-c) + COVERAGE="--cov=. --cov-report=term-missing --cov-report=html:coverage_report" + shift + ;; + --service|-s) + SERVICE_FILTER="$2" + shift 2 + ;; + --help|-h) + usage + exit 0 + ;; + *) + log_error "Unknown option: $1" + usage + exit 1 + ;; + esac +done + +# Check for Python 3 +if command -v python3 &> /dev/null; then + PYTHON_CMD="python3" +elif command -v python &> /dev/null; then + PYTHON_CMD="python" +else + log_error "Python 3 is required but not found" + exit 1 +fi + +log_info "Using Python: $($PYTHON_CMD --version)" + +# Create virtual environment if it doesn't exist +if [[ ! -d "$VENV_DIR" ]]; then + log_info "Creating virtual environment..." + $PYTHON_CMD -m venv "$VENV_DIR" +fi + +# Activate virtual environment +log_info "Activating virtual environment..." +source "${VENV_DIR}/bin/activate" + +# Upgrade pip +pip install --quiet --upgrade pip + +# Collect all requirements and install +log_info "Installing dependencies..." +TEMP_REQUIREMENTS=$(mktemp) +cat "${SCRIPT_DIR}"/*/requirements.txt 2>/dev/null | sort -u > "$TEMP_REQUIREMENTS" +pip install --quiet -r "$TEMP_REQUIREMENTS" +rm "$TEMP_REQUIREMENTS" + +# Find test directories +TEST_DIRS=() +for dir in "${SCRIPT_DIR}"/*-tests; do + if [[ -d "$dir" ]]; then + if [[ -n "$SERVICE_FILTER" ]]; then + if [[ "$(basename "$dir")" == *"${SERVICE_FILTER}"* ]]; then + TEST_DIRS+=("$dir") + fi + else + TEST_DIRS+=("$dir") + fi + fi +done + +if [[ ${#TEST_DIRS[@]} -eq 0 ]]; then + log_error "No test directories found" + if [[ -n "$SERVICE_FILTER" ]]; then + log_error "No tests matching service filter: $SERVICE_FILTER" + fi + exit 1 +fi + +# Print test summary +echo "" +echo "========================================" +echo " Parity Tests Runner" +echo "========================================" +echo "" +log_info "Found ${#TEST_DIRS[@]} test suite(s):" +for dir in "${TEST_DIRS[@]}"; do + echo " - $(basename "$dir")" +done +echo "" + +# Run tests +FAILED_SUITES=() +PASSED_SUITES=() +TOTAL_TESTS=0 +TOTAL_PASSED=0 +TOTAL_FAILED=0 + +for test_dir in "${TEST_DIRS[@]}"; do + suite_name=$(basename "$test_dir") + echo "" + echo "----------------------------------------" + log_info "Running: ${suite_name}" + echo "----------------------------------------" + + cd "$test_dir" + + # Run pytest and capture result + set +e + if [[ -n "$COVERAGE" ]]; then + pytest $VERBOSE $COVERAGE . 2>&1 + else + pytest $VERBOSE . 2>&1 + fi + result=$? + set -e + + if [[ $result -eq 0 ]]; then + log_success "${suite_name} passed" + PASSED_SUITES+=("$suite_name") + else + log_error "${suite_name} failed" + FAILED_SUITES+=("$suite_name") + fi + + cd "$SCRIPT_DIR" +done + +# Print summary +echo "" +echo "========================================" +echo " Test Summary" +echo "========================================" +echo "" + +if [[ ${#PASSED_SUITES[@]} -gt 0 ]]; then + log_success "Passed suites (${#PASSED_SUITES[@]}):" + for suite in "${PASSED_SUITES[@]}"; do + echo " ✓ $suite" + done +fi + +if [[ ${#FAILED_SUITES[@]} -gt 0 ]]; then + echo "" + log_error "Failed suites (${#FAILED_SUITES[@]}):" + for suite in "${FAILED_SUITES[@]}"; do + echo " ✗ $suite" + done +fi + +echo "" +echo "----------------------------------------" +echo "Total: ${#TEST_DIRS[@]} suite(s), ${#PASSED_SUITES[@]} passed, ${#FAILED_SUITES[@]} failed" +echo "----------------------------------------" + +# Deactivate virtual environment +deactivate + +# Exit with appropriate code +if [[ ${#FAILED_SUITES[@]} -gt 0 ]]; then + exit 1 +fi + +exit 0 diff --git a/parity-tests/verification/conftest.py b/parity-tests/verification/conftest.py new file mode 100644 index 0000000..cdb72ef --- /dev/null +++ b/parity-tests/verification/conftest.py @@ -0,0 +1,12 @@ +""" +Pytest configuration for verification tests +""" + +import pytest + + +def pytest_configure(config): + """Configure pytest markers""" + config.addinivalue_line( + "markers", "slow: marks tests as slow (deselect with '-m \"not slow\"')" + ) diff --git a/parity-tests/verification/requirements.txt b/parity-tests/verification/requirements.txt new file mode 100644 index 0000000..bacf455 --- /dev/null +++ b/parity-tests/verification/requirements.txt @@ -0,0 +1,2 @@ +pytest>=7.0.0 +requests>=2.28.0 diff --git a/parity-tests/verification/test_issue_19.py b/parity-tests/verification/test_issue_19.py new file mode 100644 index 0000000..3babdc8 --- /dev/null +++ b/parity-tests/verification/test_issue_19.py @@ -0,0 +1,150 @@ +""" +Verification tests for Issue #19: Make the website more pretty + +Acceptance Criteria: +- [ ] Apply X.com-inspired color scheme with dark mode default +- [ ] Add Twitter blue (#1D9BF0) as primary accent color +- [ ] Update typography with system fonts and extrabold headings +- [ ] Modernize navbar with improved hover states +- [ ] Enhance product cards with rounded corners and primary color accents +""" + +import pytest +import requests +import subprocess +import time +import signal +import os + + +class TestIssue19: + """ + Verification tests for Issue #19: Make the website more pretty + """ + + FRONTEND_URL = "http://localhost:3000" + frontend_process = None + + @pytest.fixture(scope="class", autouse=True) + def setup_frontend(self, request): + """Start the Next.js frontend for testing""" + # Change to frontend directory + frontend_dir = os.path.join( + os.path.dirname(__file__), + "..", "..", "nextjs-frontend" + ) + + # Start the dev server + TestIssue19.frontend_process = subprocess.Popen( + ["npm", "run", "dev"], + cwd=frontend_dir, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + preexec_fn=os.setsid + ) + + # Wait for server to be ready + max_retries = 30 + for i in range(max_retries): + try: + response = requests.get(self.FRONTEND_URL, timeout=2) + # Server is responding (even if with errors) + break + except requests.exceptions.RequestException: + time.sleep(1) + + yield + + # Cleanup + if TestIssue19.frontend_process: + os.killpg(os.getpgid(TestIssue19.frontend_process.pid), signal.SIGTERM) + + def test_frontend_server_starts(self): + """Verify: Frontend server starts without errors""" + response = requests.get(self.FRONTEND_URL, timeout=10) + # The server should return 200, not 500 + assert response.status_code == 200, ( + f"Frontend returned status {response.status_code}. " + "The server may have a CSS/build error." + ) + + def test_frontend_renders_html(self): + """Verify: Frontend renders valid HTML content""" + response = requests.get(self.FRONTEND_URL, timeout=10) + assert response.status_code == 200, "Server should return 200 OK" + assert "<!DOCTYPE html>" in response.text or "<html" in response.text, ( + "Response should contain valid HTML" + ) + + def test_css_loads_without_errors(self): + """Verify: CSS loads without Tailwind errors""" + response = requests.get(self.FRONTEND_URL, timeout=10) + # If there's a CSS error, the server typically returns 500 + assert response.status_code != 500, ( + "Server returned 500 - possible CSS/Tailwind error. " + "Check for 'Cannot apply unknown utility class' errors." + ) + + def test_dark_mode_styles_present(self): + """Verify: Dark mode is the default (X.com style)""" + response = requests.get(self.FRONTEND_URL, timeout=10) + assert response.status_code == 200, "Server must return 200 to verify styles" + # Check for dark background color in CSS or inline styles + # The background should be black (0 0% 0%) in dark mode + content = response.text.lower() + # This is a basic check - full verification would use a browser + assert "background" in content or "bg-" in content, ( + "Page should have background styling" + ) + + def test_twitter_blue_accent(self): + """Verify: Twitter blue (#1D9BF0) is used as primary accent""" + response = requests.get(self.FRONTEND_URL, timeout=10) + assert response.status_code == 200, "Server must return 200 to verify colors" + # The primary color HSL should be 204, 88%, 53% which corresponds to #1D9BF0 + + +class TestIssue19UnitTests: + """Verify that unit tests pass for the implementation""" + + def test_unit_tests_pass(self): + """Verify: All unit tests in the implementation pass""" + frontend_dir = os.path.join( + os.path.dirname(__file__), + "..", "..", "nextjs-frontend" + ) + + result = subprocess.run( + ["npm", "test"], + cwd=frontend_dir, + capture_output=True, + text=True, + timeout=120 + ) + + assert result.returncode == 0, ( + f"Unit tests failed:\n{result.stdout}\n{result.stderr}" + ) + + +class TestIssue19Build: + """Verify that the build completes successfully""" + + def test_build_succeeds(self): + """Verify: npm run build completes without errors""" + frontend_dir = os.path.join( + os.path.dirname(__file__), + "..", "..", "nextjs-frontend" + ) + + result = subprocess.run( + ["npm", "run", "build"], + cwd=frontend_dir, + capture_output=True, + text=True, + timeout=300 + ) + + assert result.returncode == 0, ( + f"Build failed:\n{result.stdout}\n{result.stderr}" + ) diff --git a/python-services/api-gateway/main.py b/python-services/api-gateway/main.py new file mode 100644 index 0000000..473064e --- /dev/null +++ b/python-services/api-gateway/main.py @@ -0,0 +1,34 @@ +import uvicorn +from fastapi import FastAPI +from contextlib import asynccontextmanager +import py_eureka_client.eureka_client as eureka_client +import os +from .routers import proxy + +# Configuration +EUREKA_SERVER = os.getenv("EUREKA_URI", "http://localhost:8761/eureka") +APP_NAME = "api-gateway-microservice" +INSTANCE_PORT = int(os.getenv("PORT", 8081)) # Same port as Java Gateway + +@asynccontextmanager +async def lifespan(app: FastAPI): + # Startup + await eureka_client.init_async( + eureka_server=EUREKA_SERVER, + app_name=APP_NAME, + instance_port=INSTANCE_PORT + ) + yield + # Shutdown + await eureka_client.stop_async() + +app = FastAPI(lifespan=lifespan, title="API Gateway") + +app.include_router(proxy.router) + +@app.get("/health") +def health_check(): + return {"status": "UP"} + +if __name__ == "__main__": + uvicorn.run("api-gateway.main:app", host="0.0.0.0", port=INSTANCE_PORT, reload=True) diff --git a/python-services/api-gateway/requirements.txt b/python-services/api-gateway/requirements.txt new file mode 100644 index 0000000..424b78a --- /dev/null +++ b/python-services/api-gateway/requirements.txt @@ -0,0 +1,6 @@ +fastapi>=0.95.0 +uvicorn>=0.22.0 +py-eureka-client>=0.10.4 +httpx>=0.24.0 +python-jose[cryptography]>=3.3.0 +python-multipart>=0.0.6 diff --git a/python-services/api-gateway/routers/proxy.py b/python-services/api-gateway/routers/proxy.py new file mode 100644 index 0000000..1a48304 --- /dev/null +++ b/python-services/api-gateway/routers/proxy.py @@ -0,0 +1,86 @@ +from fastapi import APIRouter, Request, HTTPException, Depends +from fastapi.responses import Response +import httpx +import os +from typing import Optional +from jose import jwt, JWTError + +router = APIRouter() + +# Configuration +PRODUCTS_SERVICE_URL = os.getenv("PRODUCTS_SERVICE_URL", "http://products-microservice:8082") +CART_SERVICE_URL = os.getenv("CART_SERVICE_URL", "http://cart-microservice:8083") +CHECKOUT_SERVICE_URL = os.getenv("CHECKOUT_SERVICE_URL", "http://checkout-microservice:8084") +LOGIN_SERVICE_URL = os.getenv("LOGIN_SERVICE_URL", "http://login-microservice:8085") + +SECRET_KEY = "mysecretkey" # Same as Login Service +ALGORITHM = "HS256" + +async def verify_token(request: Request): + # Skip auth for public endpoints (login, register, public product view) + path = request.url.path + if path.startswith("/login-microservice") or path == "/products-microservice/products": + return None + + # Check for Bearer token + auth_header = request.headers.get("Authorization") + if not auth_header: + # In a real app we'd raise 401, but the original app had open access. + # Imposing 401 might break UI if it doesnt support auth tokens yet. + # For SECURITY FIX: We should enforce it. + # However, to maintain "feature parity" with the UI (which might not send tokens), + # we might need to be lenient or fixing the UI is out of scope? + # The prompt asked to "rewrite" and "tell security issues", so fixing is implied. + # But if the UI is React 16 legacy, modifying it is risky. + # I will enforce it for critical actions (checkout, cart modification). + if "checkout" in path or "addProduct" in path: + raise HTTPException(status_code=401, detail="Missing Authentication") + return None + + try: + scheme, token = auth_header.split() + if scheme.lower() != "bearer": + raise HTTPException(status_code=401, detail="Invalid authentication scheme") + payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) + username: str = payload.get("sub") + if username is None: + raise HTTPException(status_code=401, detail="Invalid token") + except (JWTError, ValueError): + raise HTTPException(status_code=401, detail="Invalid token") + +@router.api_route("/{path:path}", methods=["GET", "POST", "PUT", "DELETE", "PATCH"]) +async def proxy(request: Request, path: str): + await verify_token(request) + + url = None + # Routing Logic + if path.startswith("products-microservice"): + url = f"{PRODUCTS_SERVICE_URL}/{path}" + elif path.startswith("cart-microservice"): + url = f"{CART_SERVICE_URL}/{path}" + elif path.startswith("checkout-microservice"): + url = f"{CHECKOUT_SERVICE_URL}/{path}" + elif path.startswith("login-microservice"): + url = f"{LOGIN_SERVICE_URL}/{path}" + else: + raise HTTPException(status_code=404, detail="Service not found") + + async with httpx.AsyncClient() as client: + try: + # Forwarding request + proxy_req = client.build_request( + request.method, + url, + headers=request.headers, + params=request.query_params, + content=await request.body() + ) + response = await client.send(proxy_req) + return Response( + content=response.content, + status_code=response.status_code, + headers=dict(response.headers), + media_type=response.headers.get("content-type") + ) + except httpx.RequestError as exc: + raise HTTPException(status_code=500, detail=f"Error communicating with service: {exc}") diff --git a/python-services/cart-service/database.py b/python-services/cart-service/database.py new file mode 100644 index 0000000..2ab66c6 --- /dev/null +++ b/python-services/cart-service/database.py @@ -0,0 +1,13 @@ +from sqlmodel import create_engine, SQLModel, Session +import os + +DATABASE_URL = os.getenv("DATABASE_URL", "postgresql://yugabyte:yugabyte@localhost:5433/yugabyte") + +engine = create_engine(DATABASE_URL, echo=True) + +def get_session(): + with Session(engine) as session: + yield session + +def create_db_and_tables(): + SQLModel.metadata.create_all(engine) diff --git a/python-services/cart-service/main.py b/python-services/cart-service/main.py new file mode 100644 index 0000000..63bd421 --- /dev/null +++ b/python-services/cart-service/main.py @@ -0,0 +1,36 @@ +import uvicorn +from fastapi import FastAPI +from contextlib import asynccontextmanager +import py_eureka_client.eureka_client as eureka_client +import os +from .database import create_db_and_tables +from .routers import cart + +# Configuration +EUREKA_SERVER = os.getenv("EUREKA_URI", "http://localhost:8761/eureka") +APP_NAME = "cart-microservice" +INSTANCE_PORT = int(os.getenv("PORT", 8083)) + +@asynccontextmanager +async def lifespan(app: FastAPI): + # Startup + await eureka_client.init_async( + eureka_server=EUREKA_SERVER, + app_name=APP_NAME, + instance_port=INSTANCE_PORT + ) + create_db_and_tables() + yield + # Shutdown + await eureka_client.stop_async() + +app = FastAPI(lifespan=lifespan, title="Cart Microservice") + +app.include_router(cart.router) + +@app.get("/health") +def health_check(): + return {"status": "UP"} + +if __name__ == "__main__": + uvicorn.run("cart-service.main:app", host="0.0.0.0", port=INSTANCE_PORT, reload=True) diff --git a/python-services/cart-service/models.py b/python-services/cart-service/models.py new file mode 100644 index 0000000..669139e --- /dev/null +++ b/python-services/cart-service/models.py @@ -0,0 +1,12 @@ +from typing import Optional +from sqlmodel import Field, SQLModel +from datetime import datetime + +class ShoppingCart(SQLModel, table=True): + __tablename__ = "shopping_cart" + + cart_key: str = Field(primary_key=True) + user_id: str = Field(index=True) + asin: str + time_added: Optional[str] = None + quantity: int = Field(default=1) diff --git a/python-services/cart-service/requirements.txt b/python-services/cart-service/requirements.txt new file mode 100644 index 0000000..cc66490 --- /dev/null +++ b/python-services/cart-service/requirements.txt @@ -0,0 +1,9 @@ +fastapi>=0.95.0 +uvicorn>=0.22.0 +sqlmodel>=0.0.8 +psycopg2-binary>=2.9.0 +py-eureka-client>=0.10.4 +python-multipart>=0.0.6 +passlib[bcrypt]>=1.7.4 +python-jose[cryptography]>=3.3.0 +httpx>=0.24.0 diff --git a/python-services/cart-service/routers/cart.py b/python-services/cart-service/routers/cart.py new file mode 100644 index 0000000..27e5c27 --- /dev/null +++ b/python-services/cart-service/routers/cart.py @@ -0,0 +1,85 @@ +from fastapi import APIRouter, Depends, HTTPException, Query +from sqlmodel import Session, select, col +from datetime import datetime +from typing import Dict, List, Optional +from ..database import get_session +from ..models import ShoppingCart + +router = APIRouter(prefix="/cart-microservice", tags=["cart"]) + +def get_cart_key(user_id: str, asin: str) -> str: + return f"{user_id}-{asin}" + +@router.get("/shoppingCart/addProduct") +def add_product_to_cart( + userid: str = Query(..., alias="userid"), + asin: str = Query(..., alias="asin"), + session: Session = Depends(get_session) +): + cart_key = get_cart_key(userid, asin) + cart_item = session.get(ShoppingCart, cart_key) + + if cart_item: + cart_item.quantity += 1 + session.add(cart_item) + else: + cart_item = ShoppingCart( + cart_key=cart_key, + user_id=userid, + asin=asin, + quantity=1, + time_added=str(datetime.now()) + ) + session.add(cart_item) + + session.commit() + return "Added to Cart" + +@router.get("/shoppingCart/productsInCart") +def get_products_in_cart( + userid: str = Query(..., alias="userid"), + session: Session = Depends(get_session) +) -> Dict[str, int]: + statement = select(ShoppingCart).where(ShoppingCart.user_id == userid) + cart_items = session.exec(statement).all() + + result = {} + for item in cart_items: + result[item.asin] = item.quantity + + return result + +@router.get("/shoppingCart/removeProduct") +def remove_product_from_cart( + userid: str = Query(..., alias="userid"), + asin: str = Query(..., alias="asin"), + session: Session = Depends(get_session) +): + cart_key = get_cart_key(userid, asin) + cart_item = session.get(ShoppingCart, cart_key) + + if cart_item: + if cart_item.quantity > 1: + cart_item.quantity -= 1 + session.add(cart_item) + session.commit() + else: + session.delete(cart_item) + session.commit() + + return "Removing from Cart" + +@router.get("/shoppingCart/clearCart") +def clear_cart( + userid: str = Query(..., alias="userid"), + session: Session = Depends(get_session) +): + # This is slightly less efficient in logic than the raw SQL delete but works with ORM + statement = select(ShoppingCart).where(ShoppingCart.user_id == userid) + cart_items = session.exec(statement).all() + + for item in cart_items: + session.delete(item) + + session.commit() + return "Clearing Cart, Checkout successful" diff --git a/python-services/checkout-service/database.py b/python-services/checkout-service/database.py new file mode 100644 index 0000000..2ab66c6 --- /dev/null +++ b/python-services/checkout-service/database.py @@ -0,0 +1,13 @@ +from sqlmodel import create_engine, SQLModel, Session +import os + +DATABASE_URL = os.getenv("DATABASE_URL", "postgresql://yugabyte:yugabyte@localhost:5433/yugabyte") + +engine = create_engine(DATABASE_URL, echo=True) + +def get_session(): + with Session(engine) as session: + yield session + +def create_db_and_tables(): + SQLModel.metadata.create_all(engine) diff --git a/python-services/checkout-service/main.py b/python-services/checkout-service/main.py new file mode 100644 index 0000000..3231bec --- /dev/null +++ b/python-services/checkout-service/main.py @@ -0,0 +1,36 @@ +import uvicorn +from fastapi import FastAPI +from contextlib import asynccontextmanager +import py_eureka_client.eureka_client as eureka_client +import os +from .database import create_db_and_tables +from .routers import checkout + +# Configuration +EUREKA_SERVER = os.getenv("EUREKA_URI", "http://localhost:8761/eureka") +APP_NAME = "checkout-microservice" +INSTANCE_PORT = int(os.getenv("PORT", 8084)) # Using 8084 to avoid conflict if needed, though original was 8086 + +@asynccontextmanager +async def lifespan(app: FastAPI): + # Startup + await eureka_client.init_async( + eureka_server=EUREKA_SERVER, + app_name=APP_NAME, + instance_port=INSTANCE_PORT + ) + create_db_and_tables() + yield + # Shutdown + await eureka_client.stop_async() + +app = FastAPI(lifespan=lifespan, title="Checkout Microservice") + +app.include_router(checkout.router) + +@app.get("/health") +def health_check(): + return {"status": "UP"} + +if __name__ == "__main__": + uvicorn.run("checkout-service.main:app", host="0.0.0.0", port=INSTANCE_PORT, reload=True) diff --git a/python-services/checkout-service/models.py b/python-services/checkout-service/models.py new file mode 100644 index 0000000..b4804a6 --- /dev/null +++ b/python-services/checkout-service/models.py @@ -0,0 +1,17 @@ +from typing import Optional +from sqlmodel import Field, SQLModel + +class Order(SQLModel, table=True): + __tablename__ = "orders" + + order_id: str = Field(primary_key=True) + user_id: int + order_details: str + order_time: str + order_total: float + +class ProductInventory(SQLModel, table=True): + __tablename__ = "product_inventory" + + asin: str = Field(primary_key=True) + quantity: int diff --git a/python-services/checkout-service/requirements.txt b/python-services/checkout-service/requirements.txt new file mode 100644 index 0000000..cc66490 --- /dev/null +++ b/python-services/checkout-service/requirements.txt @@ -0,0 +1,9 @@ +fastapi>=0.95.0 +uvicorn>=0.22.0 +sqlmodel>=0.0.8 +psycopg2-binary>=2.9.0 +py-eureka-client>=0.10.4 +python-multipart>=0.0.6 +passlib[bcrypt]>=1.7.4 +python-jose[cryptography]>=3.3.0 +httpx>=0.24.0 diff --git a/python-services/checkout-service/routers/checkout.py b/python-services/checkout-service/routers/checkout.py new file mode 100644 index 0000000..2795e5b --- /dev/null +++ b/python-services/checkout-service/routers/checkout.py @@ -0,0 +1,104 @@ +import httpx +from fastapi import APIRouter, Depends, HTTPException, status +from sqlmodel import Session +from datetime import datetime +import uuid +import os +from typing import Dict, Any +from ..database import get_session +from ..models import Order, ProductInventory +from pydantic import BaseModel + +router = APIRouter(prefix="/checkout-microservice", tags=["checkout"]) + +# External Service URLs (resolved via Eureka or env vars) +# In a real eureka setup, we'd lookup by name. For simplicity/direct connection: +PRODUCTS_SERVICE_URL = os.getenv("PRODUCTS_SERVICE_URL", "http://products-microservice:8082/products-microservice") +CART_SERVICE_URL = os.getenv("CART_SERVICE_URL", "http://cart-microservice:8083/cart-microservice") + +class CheckoutStatus(BaseModel): + orderNumber: str + status: str + orderDetails: str + +@router.post("/shoppingCart/checkout", response_model=CheckoutStatus) +async def checkout( + userid: str = "u1001", # Default as per original code + session: Session = Depends(get_session) +): + try: + # 1. Get Cart Items + async with httpx.AsyncClient() as client: + cart_resp = await client.get(f"{CART_SERVICE_URL}/shoppingCart/productsInCart", params={"userid": userid}) + if cart_resp.status_code != 200: + raise HTTPException(status_code=500, detail="Failed to fetch cart") + products_in_cart: Dict[str, int] = cart_resp.json() + + if not products_in_cart: + return CheckoutStatus(orderNumber="", status="FAILURE", orderDetails="Cart is empty") + + order_details_str = "Customer bought these Items: " + total_price = 0.0 + + # Start Transaction (Implicit in Session) + # 2. Check and Update Inventory + for asin, quantity in products_in_cart.items(): + # Get Product Metadata (Price, Title) + async with httpx.AsyncClient() as client: + prod_resp = await client.get(f"{PRODUCTS_SERVICE_URL}/product/{asin}") + if prod_resp.status_code != 200: + raise HTTPException(status_code=404, detail=f"Product {asin} not found") + product_data = prod_resp.json() + + # Lock row for update (if supported) or just get + inventory = session.get(ProductInventory, asin) + if not inventory: + # Should probably create if missing, or error? Java code defaulted to null/error + raise HTTPException(status_code=404, detail=f"Inventory for {asin} not found") + + if inventory.quantity < quantity: + return CheckoutStatus( + orderNumber="", + status="FAILURE", + orderDetails=f"Product is Out of Stock: {product_data.get('title')}" + ) + + # Deduct inventory + inventory.quantity -= quantity + session.add(inventory) + + # Accumulate details + price = product_data.get('price', 0.0) or 0.0 + title = product_data.get('title', 'Unknown') + total_price += price * quantity + order_details_str += f" Product: {title}, Quantity: {quantity};" + + order_details_str += f" Order Total is : {total_price}" + + # 3. Create Order + order_id = str(uuid.uuid4()) + new_order = Order( + order_id=order_id, + user_id=1, # Hardcoded as per original + order_details=order_details_str, + order_time=str(datetime.now()), + order_total=total_price + ) + session.add(new_order) + + session.commit() + + # 4. Clear Cart + async with httpx.AsyncClient() as client: + await client.get(f"{CART_SERVICE_URL}/shoppingCart/clearCart", params={"userid": userid}) + + return CheckoutStatus( + orderNumber=order_id, + status="SUCCESS", + orderDetails=order_details_str + ) + + except Exception as e: + session.rollback() + print(f"Checkout error: {e}") + return CheckoutStatus(orderNumber="", status="FAILURE", orderDetails=f"Error: {str(e)}") diff --git a/python-services/docker-compose.yml b/python-services/docker-compose.yml new file mode 100644 index 0000000..f045237 --- /dev/null +++ b/python-services/docker-compose.yml @@ -0,0 +1,127 @@ +version: '3.9' + +services: + eureka-server: + build: + context: ../eureka-server-local + dockerfile: Dockerfile + container_name: eureka-server + ports: + - "8761:8761" + environment: + - ipaddr=eureka-server + + postgres: + image: postgres:15 + container_name: postgres + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + POSTGRES_DB: bookstore + ports: + - "5432:5432" + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + + products-microservice: + build: products-service + container_name: products-microservice + ports: + - "8082:8082" + environment: + - EUREKA_URI=http://eureka-server:8761/eureka + - DATABASE_URL=postgresql://postgres:password@postgres:5432/bookstore + - PORT=8082 + depends_on: + eureka-server: + condition: service_started + postgres: + condition: service_healthy + + cart-microservice: + build: cart-service + container_name: cart-microservice + ports: + - "8083:8083" + environment: + - EUREKA_URI=http://eureka-server:8761/eureka + - DATABASE_URL=postgresql://postgres:password@postgres:5432/bookstore + - PORT=8083 + depends_on: + eureka-server: + condition: service_started + postgres: + condition: service_healthy + + checkout-microservice: + build: checkout-service + container_name: checkout-microservice + ports: + - "8084:8084" + environment: + - EUREKA_URI=http://eureka-server:8761/eureka + - DATABASE_URL=postgresql://postgres:password@postgres:5432/bookstore + - PORT=8084 + - PRODUCTS_SERVICE_URL=http://products-microservice:8082/products-microservice + - CART_SERVICE_URL=http://cart-microservice:8083/cart-microservice + depends_on: + eureka-server: + condition: service_started + products-microservice: + condition: service_started + cart-microservice: + condition: service_started + postgres: + condition: service_healthy + + login-microservice: + build: login-service + container_name: login-microservice + ports: + - "8085:8085" + environment: + - EUREKA_URI=http://eureka-server:8761/eureka + - DATABASE_URL=postgresql://postgres:password@postgres:5432/bookstore + - PORT=8085 + depends_on: + eureka-server: + condition: service_started + postgres: + condition: service_healthy + + api-gateway-microservice: + build: api-gateway + container_name: api-gateway-microservice + ports: + - "8081:8081" + environment: + - EUREKA_URI=http://eureka-server:8761/eureka + - PORT=8081 + - PRODUCTS_SERVICE_URL=http://products-microservice:8082 + - CART_SERVICE_URL=http://cart-microservice:8083 + - CHECKOUT_SERVICE_URL=http://checkout-microservice:8084 + - LOGIN_SERVICE_URL=http://login-microservice:8085 + depends_on: + eureka-server: + condition: service_started + products-microservice: + condition: service_started + cart-microservice: + condition: service_started + checkout-microservice: + condition: service_started + login-microservice: + condition: service_started + + frontend: + build: ../nextjs-frontend + container_name: frontend + ports: + - "3000:3000" + environment: + - NEXT_PUBLIC_API_URL=http://localhost:8081 + depends_on: + - api-gateway-microservice diff --git a/python-services/login-service/auth.py b/python-services/login-service/auth.py new file mode 100644 index 0000000..e52bb7c --- /dev/null +++ b/python-services/login-service/auth.py @@ -0,0 +1,27 @@ +from passlib.context import CryptContext +from datetime import datetime, timedelta +from jose import JWTError, jwt +from typing import Optional + +# Constants +SECRET_KEY = "mysecretkey" # CHANGE THIS IN PRODUCTION +ALGORITHM = "HS256" +ACCESS_TOKEN_EXPIRE_MINUTES = 30 + +pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") + +def verify_password(plain_password, hashed_password): + return pwd_context.verify(plain_password, hashed_password) + +def get_password_hash(password): + return pwd_context.hash(password) + +def create_access_token(data: dict, expires_delta: Optional[timedelta] = None): + to_encode = data.copy() + if expires_delta: + expire = datetime.utcnow() + expires_delta + else: + expire = datetime.utcnow() + timedelta(minutes=15) + to_encode.update({"exp": expire}) + encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) + return encoded_jwt diff --git a/python-services/login-service/database.py b/python-services/login-service/database.py new file mode 100644 index 0000000..2ab66c6 --- /dev/null +++ b/python-services/login-service/database.py @@ -0,0 +1,13 @@ +from sqlmodel import create_engine, SQLModel, Session +import os + +DATABASE_URL = os.getenv("DATABASE_URL", "postgresql://yugabyte:yugabyte@localhost:5433/yugabyte") + +engine = create_engine(DATABASE_URL, echo=True) + +def get_session(): + with Session(engine) as session: + yield session + +def create_db_and_tables(): + SQLModel.metadata.create_all(engine) diff --git a/python-services/login-service/main.py b/python-services/login-service/main.py new file mode 100644 index 0000000..08789d9 --- /dev/null +++ b/python-services/login-service/main.py @@ -0,0 +1,36 @@ +import uvicorn +from fastapi import FastAPI +from contextlib import asynccontextmanager +import py_eureka_client.eureka_client as eureka_client +import os +from .database import create_db_and_tables +from .routers import auth + +# Configuration +EUREKA_SERVER = os.getenv("EUREKA_URI", "http://localhost:8761/eureka") +APP_NAME = "login-microservice" +INSTANCE_PORT = int(os.getenv("PORT", 8085)) # Using 8085 + +@asynccontextmanager +async def lifespan(app: FastAPI): + # Startup + await eureka_client.init_async( + eureka_server=EUREKA_SERVER, + app_name=APP_NAME, + instance_port=INSTANCE_PORT + ) + create_db_and_tables() + yield + # Shutdown + await eureka_client.stop_async() + +app = FastAPI(lifespan=lifespan, title="Login Microservice") + +app.include_router(auth.router) + +@app.get("/health") +def health_check(): + return {"status": "UP"} + +if __name__ == "__main__": + uvicorn.run("login-service.main:app", host="0.0.0.0", port=INSTANCE_PORT, reload=True) diff --git a/python-services/login-service/models.py b/python-services/login-service/models.py new file mode 100644 index 0000000..46803ba --- /dev/null +++ b/python-services/login-service/models.py @@ -0,0 +1,10 @@ +from typing import Optional +from sqlmodel import Field, SQLModel + +class User(SQLModel, table=True): + __tablename__ = "users" + + id: Optional[int] = Field(default=None, primary_key=True) + username: str = Field(index=True, unique=True) + password: str # Hashed + email: Optional[str] = None diff --git a/python-services/login-service/requirements.txt b/python-services/login-service/requirements.txt new file mode 100644 index 0000000..cc66490 --- /dev/null +++ b/python-services/login-service/requirements.txt @@ -0,0 +1,9 @@ +fastapi>=0.95.0 +uvicorn>=0.22.0 +sqlmodel>=0.0.8 +psycopg2-binary>=2.9.0 +py-eureka-client>=0.10.4 +python-multipart>=0.0.6 +passlib[bcrypt]>=1.7.4 +python-jose[cryptography]>=3.3.0 +httpx>=0.24.0 diff --git a/python-services/login-service/routers/auth.py b/python-services/login-service/routers/auth.py new file mode 100644 index 0000000..311107e --- /dev/null +++ b/python-services/login-service/routers/auth.py @@ -0,0 +1,66 @@ +from fastapi import APIRouter, Depends, HTTPException, status +from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +from sqlmodel import Session, select +from ..database import get_session +from ..models import User +from ..auth import verify_password, get_password_hash, create_access_token, ACCESS_TOKEN_EXPIRE_MINUTES +from datetime import timedelta +from pydantic import BaseModel + +router = APIRouter(prefix="/login-microservice", tags=["auth"]) + +class UserCreate(BaseModel): + username: str + password: str + email: str = None + +class Token(BaseModel): + access_token: str + token_type: str + +@router.post("/register", response_model=User) +def register(user_in: UserCreate, session: Session = Depends(get_session)): + user = session.exec(select(User).where(User.username == user_in.username)).first() + if user: + raise HTTPException(status_code=400, detail="Username already registered") + + hashed_password = get_password_hash(user_in.password) + new_user = User(username=user_in.username, password=hashed_password, email=user_in.email) + session.add(new_user) + session.commit() + session.refresh(new_user) + return new_user + +@router.post("/token", response_model=Token) +def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(), session: Session = Depends(get_session)): + # Note: OAuth2PasswordRequestForm expects 'username' and 'password' fields in form data + user = session.exec(select(User).where(User.username == form_data.username)).first() + if not user or not verify_password(form_data.password, user.password): + raise HTTPException( + status_code=status.HTTP_401_UNAUTHORIZED, + detail="Incorrect username or password", + headers={"WWW-Authenticate": "Bearer"}, + ) + + access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) + access_token = create_access_token( + data={"sub": user.username}, expires_delta=access_token_expires + ) + return {"access_token": access_token, "token_type": "bearer"} + +# Legacy/Simple endpoint if UI expects JSON body instead of Form Data +class LoginRequest(BaseModel): + username: str + password: str + +@router.post("/login", response_model=Token) +def login(login_req: LoginRequest, session: Session = Depends(get_session)): + user = session.exec(select(User).where(User.username == login_req.username)).first() + if not user or not verify_password(login_req.password, user.password): + raise HTTPException(status_code=401, detail="Invalid credentials") + + access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) + access_token = create_access_token( + data={"sub": user.username}, expires_delta=access_token_expires + ) + return {"access_token": access_token, "token_type": "bearer"} diff --git a/python-services/products-service/database.py b/python-services/products-service/database.py new file mode 100644 index 0000000..c956c4b --- /dev/null +++ b/python-services/products-service/database.py @@ -0,0 +1,15 @@ +from sqlmodel import create_engine, SQLModel, Session +import os + +# Assuming YugabyteDB (PostgreSQL compatible) +# This connection string should be updated with actual credentials/env vars +DATABASE_URL = os.getenv("DATABASE_URL", "postgresql://yugabyte:yugabyte@localhost:5433/yugabyte") + +engine = create_engine(DATABASE_URL, echo=True) + +def get_session(): + with Session(engine) as session: + yield session + +def create_db_and_tables(): + SQLModel.metadata.create_all(engine) diff --git a/python-services/products-service/main.py b/python-services/products-service/main.py new file mode 100644 index 0000000..fffadf4 --- /dev/null +++ b/python-services/products-service/main.py @@ -0,0 +1,36 @@ +import uvicorn +from fastapi import FastAPI +from contextlib import asynccontextmanager +import py_eureka_client.eureka_client as eureka_client +import os +from .database import create_db_and_tables +from .routers import products + +# Configuration +EUREKA_SERVER = os.getenv("EUREKA_URI", "http://localhost:8761/eureka") +APP_NAME = "products-microservice" +INSTANCE_PORT = int(os.getenv("PORT", 8082)) + +@asynccontextmanager +async def lifespan(app: FastAPI): + # Startup + await eureka_client.init_async( + eureka_server=EUREKA_SERVER, + app_name=APP_NAME, + instance_port=INSTANCE_PORT + ) + create_db_and_tables() + yield + # Shutdown + await eureka_client.stop_async() + +app = FastAPI(lifespan=lifespan, title="Products Microservice") + +app.include_router(products.router) + +@app.get("/health") +def health_check(): + return {"status": "UP"} + +if __name__ == "__main__": + uvicorn.run("products-service.main:app", host="0.0.0.0", port=INSTANCE_PORT, reload=True) diff --git a/python-services/products-service/models.py b/python-services/products-service/models.py new file mode 100644 index 0000000..918a331 --- /dev/null +++ b/python-services/products-service/models.py @@ -0,0 +1,46 @@ +from typing import List, Optional, Set +from sqlmodel import Field, SQLModel, JSON +from sqlalchemy import Column +from decimal import Decimal + +# Using JSON for collection types since Yugabyte/Postgres supports it naturally +# and SQLModel/SQLAlchemy can map it. + +class ProductMetadata(SQLModel, table=True): + __tablename__ = "products" + + id: str = Field(primary_key=True, alias="asin") + brand: Optional[str] = None + categories: Optional[List[str]] = Field(default=[], sa_column=Column(JSON)) + imUrl: Optional[str] = Field(sa_column_kwargs={"name": "imurl"}) + price: Optional[float] = None + title: Optional[str] = None + description: Optional[str] = None + also_bought: Optional[List[str]] = Field(default=[], sa_column=Column(JSON)) + also_viewed: Optional[List[str]] = Field(default=[], sa_column=Column(JSON)) + bought_together: Optional[List[str]] = Field(default=[], sa_column=Column(JSON)) + buy_after_viewing: Optional[List[str]] = Field(default=[], sa_column=Column(JSON)) + num_reviews: Optional[int] = None + num_stars: Optional[float] = None + avg_stars: Optional[float] = None + + class Config: + arbitrary_types_allowed = True + +class ProductRanking(SQLModel, table=True): + __tablename__ = "product_rankings" + + # Composite primary key in Cassandra/Yugabyte usually. + # Since SQLModel doesn't support composite PKs neatly in the class definition params, + # we'll model it assuming we can query by fields. + # Note: The original Java code used a composite key class 'ProductRankingKey'. + + asin: str = Field(primary_key=True) + category: str = Field(primary_key=True) + sales_rank: int + title: Optional[str] = None + price: Optional[float] = None + imUrl: Optional[str] = Field(sa_column_kwargs={"name": "imurl"}) + num_reviews: Optional[int] = None + num_stars: Optional[float] = None + avg_stars: Optional[float] = None diff --git a/python-services/products-service/requirements.txt b/python-services/products-service/requirements.txt new file mode 100644 index 0000000..cc66490 --- /dev/null +++ b/python-services/products-service/requirements.txt @@ -0,0 +1,9 @@ +fastapi>=0.95.0 +uvicorn>=0.22.0 +sqlmodel>=0.0.8 +psycopg2-binary>=2.9.0 +py-eureka-client>=0.10.4 +python-multipart>=0.0.6 +passlib[bcrypt]>=1.7.4 +python-jose[cryptography]>=3.3.0 +httpx>=0.24.0 diff --git a/python-services/products-service/routers/products.py b/python-services/products-service/routers/products.py new file mode 100644 index 0000000..46ba811 --- /dev/null +++ b/python-services/products-service/routers/products.py @@ -0,0 +1,35 @@ +from fastapi import APIRouter, Depends, HTTPException, Query +from sqlmodel import Session, select +from typing import List +from ..database import get_session +from ..models import ProductMetadata, ProductRanking + +router = APIRouter(prefix="/products-microservice", tags=["products"]) + +@router.get("/product/{asin}", response_model=ProductMetadata) +def get_product_details(asin: str, session: Session = Depends(get_session)): + product = session.get(ProductMetadata, asin) + if not product: + raise HTTPException(status_code=404, detail="Product not found") + return product + +@router.get("/products", response_model=List[ProductMetadata]) +def get_products( + limit: int = Query(10, ge=1), + offset: int = Query(0, ge=0), + session: Session = Depends(get_session) +): + statement = select(ProductMetadata).offset(offset).limit(limit) + products = session.exec(statement).all() + return products + +@router.get("/products/category/{category}", response_model=List[ProductRanking]) +def get_products_by_category( + category: str, + limit: int = Query(10, ge=1), + offset: int = Query(0, ge=0), + session: Session = Depends(get_session) +): + statement = select(ProductRanking).where(ProductRanking.category == category).offset(offset).limit(limit) + rankings = session.exec(statement).all() + return rankings diff --git a/react-ui/.classpath b/react-ui/.classpath index b4499f9..1c481f9 100644 --- a/react-ui/.classpath +++ b/react-ui/.classpath @@ -9,6 +9,7 @@ <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"> <attributes> <attribute name="maven.pomderived" value="true"/> + <attribute name="optional" value="true"/> </attributes> </classpathentry> <classpathentry kind="src" output="target/test-classes" path="src/test/java"> @@ -36,6 +37,13 @@ <attribute name="m2e-apt" value="true"/> </attributes> </classpathentry> + <classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + <attribute name="test" value="true"/> + <attribute name="optional" value="true"/> + </attributes> + </classpathentry> <classpathentry kind="src" output="target/test-classes" path="target/generated-test-sources/test-annotations"> <attributes> <attribute name="optional" value="true"/> diff --git a/react-ui/.project b/react-ui/.project index c471e32..e122975 100644 --- a/react-ui/.project +++ b/react-ui/.project @@ -39,12 +39,12 @@ </natures> <filteredResources> <filter> - <id>1643870793361</id> + <id>1765211767446</id> <name></name> <type>30</type> <matcher> <id>org.eclipse.core.resources.regexFilterMatcher</id> - <arguments>node_modules|.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__</arguments> + <arguments>node_modules|\.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__</arguments> </matcher> </filter> </filteredResources> diff --git a/react-ui/.settings/org.eclipse.jdt.apt.core.prefs b/react-ui/.settings/org.eclipse.jdt.apt.core.prefs new file mode 100644 index 0000000..d4313d4 --- /dev/null +++ b/react-ui/.settings/org.eclipse.jdt.apt.core.prefs @@ -0,0 +1,2 @@ +eclipse.preferences.version=1 +org.eclipse.jdt.apt.aptEnabled=false diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh new file mode 100755 index 0000000..5deeea4 --- /dev/null +++ b/scripts/bootstrap.sh @@ -0,0 +1,1035 @@ +#!/bin/bash + +# Bootstrap script for Yugastore Java application +# This script follows the "Build and run" and "Running the app on host" instructions from README.md +# +# Usage: +# ./bootstrap.sh # Interactive mode, assumes Docker YugabyteDB +# ./bootstrap.sh --non-interactive # Non-interactive mode, assumes Docker YugabyteDB already running +# ./bootstrap.sh --yugabyte=docker # Use Docker for YugabyteDB (install if needed) +# ./bootstrap.sh --yugabyte=native # Use native install for YugabyteDB (install if needed) +# ./bootstrap.sh --help # Show help + +# Configuration +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +BASE_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" # Project root is one level up from scripts/ +LOG_FILE="$BASE_DIR/bootstrap.log" +MISSING_PREREQS=() +INTERACTIVE=true +YUGABYTE_MODE="docker" # Default: docker + +# ============================================================================ +# PARSE COMMAND LINE ARGUMENTS +# ============================================================================ +show_help() { + echo "Yugastore Bootstrap Script" + echo "" + echo "Usage: $0 [OPTIONS]" + echo "" + echo "Options:" + echo " --non-interactive Run without prompts (assumes YugabyteDB is ready)" + echo " --yugabyte=docker Use Docker to run YugabyteDB (default)" + echo " --yugabyte=native Use native package manager to install YugabyteDB" + echo " --help Show this help message" + echo "" + echo "Examples:" + echo " $0 # Interactive mode with Docker YugabyteDB" + echo " $0 --non-interactive # Non-interactive, assumes Docker YugabyteDB running" + echo " $0 --yugabyte=native # Install YugabyteDB via native package manager" + echo "" + echo "Supported Operating Systems:" + echo " - macOS (Homebrew)" + echo " - Linux (apt, yum, dnf)" + echo " - Windows (WSL required for this script)" + echo "" +} + +for arg in "$@"; do + case $arg in + --non-interactive) + INTERACTIVE=false + shift + ;; + --yugabyte=docker) + YUGABYTE_MODE="docker" + shift + ;; + --yugabyte=native) + YUGABYTE_MODE="native" + shift + ;; + --help|-h) + show_help + exit 0 + ;; + *) + echo "Unknown option: $arg" + show_help + exit 1 + ;; + esac +done + +# ============================================================================ +# DETECT OPERATING SYSTEM +# ============================================================================ +detect_os() { + case "$(uname -s)" in + Darwin*) + OS="macos" + ;; + Linux*) + # Detect Linux distribution + if [ -f /etc/os-release ]; then + . /etc/os-release + case "$ID" in + ubuntu|debian|linuxmint|pop) + OS="linux-debian" + ;; + fedora|rhel|centos|rocky|almalinux) + OS="linux-redhat" + ;; + arch|manjaro) + OS="linux-arch" + ;; + *) + OS="linux-unknown" + ;; + esac + else + OS="linux-unknown" + fi + ;; + CYGWIN*|MINGW*|MSYS*) + OS="windows" + ;; + *) + OS="unknown" + ;; + esac + echo "$OS" +} + +OS_TYPE=$(detect_os) + +# Initialize log file +echo "=== Yugastore Bootstrap Log ===" > "$LOG_FILE" +echo "Started at: $(date)" >> "$LOG_FILE" +echo "Working directory: $BASE_DIR" >> "$LOG_FILE" +echo "Operating System: $OS_TYPE" >> "$LOG_FILE" +echo "Interactive Mode: $INTERACTIVE" >> "$LOG_FILE" +echo "YugabyteDB Mode: $YUGABYTE_MODE" >> "$LOG_FILE" +echo "" >> "$LOG_FILE" + +# Function to map common exit codes to descriptions +get_exit_code_description() { + local code=$1 + case $code in + 0) echo "Success" ;; + 1) echo "General error" ;; + 2) echo "Misuse of shell command" ;; + 126) echo "Command invoked cannot execute (permission problem or not executable)" ;; + 127) echo "Command not found" ;; + 128) echo "Invalid argument to exit" ;; + 130) echo "Script terminated by Ctrl+C" ;; + 137) echo "Process killed (SIGKILL)" ;; + 139) echo "Segmentation fault (SIGSEGV)" ;; + 143) echo "Process terminated (SIGTERM)" ;; + 255) echo "Exit status out of range" ;; + *) echo "Unknown error code" ;; + esac +} + +# Function to log a message +log_message() { + local level="$1" + local message="$2" + echo "[$(date '+%Y-%m-%d %H:%M:%S')] [$level] $message" >> "$LOG_FILE" + if [ "$level" = "ERROR" ] || [ "$level" = "WARNING" ]; then + echo "[$level] $message" + fi +} + +# Function to check if a command exists +check_command() { + local cmd="$1" + local install_hint="$2" + + if command -v "$cmd" &> /dev/null; then + log_message "INFO" "Prerequisite check: $cmd found at $(which $cmd)" + return 0 + else + log_message "ERROR" "Prerequisite check: $cmd NOT FOUND. Install with: $install_hint" + MISSING_PREREQS+=("$cmd (install with: $install_hint)") + return 1 + fi +} + +# ============================================================================ +# OS-SPECIFIC PACKAGE INSTALLATION FUNCTIONS +# ============================================================================ + +# Install package based on OS +install_package() { + local package_name="$1" + local macos_package="${2:-$1}" + local debian_package="${3:-$1}" + local redhat_package="${4:-$1}" + + log_message "INFO" "Attempting to install $package_name for $OS_TYPE..." + echo "Installing $package_name..." + + case "$OS_TYPE" in + macos) + if command -v brew &> /dev/null; then + brew install "$macos_package" 2>&1 | tee -a "$LOG_FILE" + return ${PIPESTATUS[0]} + else + log_message "ERROR" "Homebrew not found. Please install Homebrew first." + return 1 + fi + ;; + linux-debian) + if command -v apt-get &> /dev/null; then + sudo apt-get update && sudo apt-get install -y "$debian_package" 2>&1 | tee -a "$LOG_FILE" + return ${PIPESTATUS[0]} + else + log_message "ERROR" "apt-get not found." + return 1 + fi + ;; + linux-redhat) + if command -v dnf &> /dev/null; then + sudo dnf install -y "$redhat_package" 2>&1 | tee -a "$LOG_FILE" + return ${PIPESTATUS[0]} + elif command -v yum &> /dev/null; then + sudo yum install -y "$redhat_package" 2>&1 | tee -a "$LOG_FILE" + return ${PIPESTATUS[0]} + else + log_message "ERROR" "Neither dnf nor yum found." + return 1 + fi + ;; + linux-arch) + if command -v pacman &> /dev/null; then + sudo pacman -S --noconfirm "$debian_package" 2>&1 | tee -a "$LOG_FILE" + return ${PIPESTATUS[0]} + else + log_message "ERROR" "pacman not found." + return 1 + fi + ;; + windows) + if command -v choco &> /dev/null; then + choco install -y "$package_name" 2>&1 | tee -a "$LOG_FILE" + return ${PIPESTATUS[0]} + elif command -v winget &> /dev/null; then + winget install --accept-package-agreements --accept-source-agreements "$package_name" 2>&1 | tee -a "$LOG_FILE" + return ${PIPESTATUS[0]} + else + log_message "ERROR" "Neither Chocolatey nor winget found. Please install packages manually." + return 1 + fi + ;; + *) + log_message "ERROR" "Unsupported OS: $OS_TYPE" + return 1 + ;; + esac +} + +# Install Java 17 (required version for this application) +install_java() { + log_message "INFO" "Installing Java 17..." + echo "Installing OpenJDK 17..." + + case "$OS_TYPE" in + macos) + # Install OpenJDK 17 via Homebrew + brew install openjdk@17 2>&1 | tee -a "$LOG_FILE" + + # Create symlink so system java wrappers find this JDK + if [ -d "/opt/homebrew/opt/openjdk@17" ]; then + sudo ln -sfn /opt/homebrew/opt/openjdk@17/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-17.jdk 2>/dev/null || true + export PATH="/opt/homebrew/opt/openjdk@17/bin:$PATH" + export JAVA_HOME="/opt/homebrew/opt/openjdk@17" + log_message "INFO" "Java 17 installed via Homebrew and symlinked" + elif [ -d "/usr/local/opt/openjdk@17" ]; then + # Intel Mac path + sudo ln -sfn /usr/local/opt/openjdk@17/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-17.jdk 2>/dev/null || true + export PATH="/usr/local/opt/openjdk@17/bin:$PATH" + export JAVA_HOME="/usr/local/opt/openjdk@17" + log_message "INFO" "Java 17 installed via Homebrew (Intel) and symlinked" + fi + ;; + linux-debian) + sudo apt-get update 2>&1 | tee -a "$LOG_FILE" + sudo apt-get install -y openjdk-17-jdk 2>&1 | tee -a "$LOG_FILE" + # Set JAVA_HOME + export JAVA_HOME="/usr/lib/jvm/java-17-openjdk-amd64" + [ -d "$JAVA_HOME" ] || export JAVA_HOME="/usr/lib/jvm/java-17-openjdk" + log_message "INFO" "Java 17 installed via apt-get" + ;; + linux-redhat) + if command -v dnf &> /dev/null; then + sudo dnf install -y java-17-openjdk-devel 2>&1 | tee -a "$LOG_FILE" + else + sudo yum install -y java-17-openjdk-devel 2>&1 | tee -a "$LOG_FILE" + fi + export JAVA_HOME="/usr/lib/jvm/java-17-openjdk" + log_message "INFO" "Java 17 installed via dnf/yum" + ;; + linux-arch) + sudo pacman -S --noconfirm jdk17-openjdk 2>&1 | tee -a "$LOG_FILE" + export JAVA_HOME="/usr/lib/jvm/java-17-openjdk" + log_message "INFO" "Java 17 installed via pacman" + ;; + windows) + # Try Chocolatey first, then winget + if command -v choco &> /dev/null; then + choco install -y openjdk17 2>&1 | tee -a "$LOG_FILE" + log_message "INFO" "Java 17 installed via Chocolatey" + elif command -v winget &> /dev/null; then + winget install --accept-package-agreements --accept-source-agreements Microsoft.OpenJDK.17 2>&1 | tee -a "$LOG_FILE" + log_message "INFO" "Java 17 installed via winget" + else + log_message "ERROR" "Neither Chocolatey nor winget available. Please install Java 17 manually." + echo "ERROR: Please install Java 17 manually from https://adoptium.net/" + return 1 + fi + ;; + *) + log_message "ERROR" "Unsupported OS for Java installation: $OS_TYPE" + echo "ERROR: Please install Java 17 manually from https://adoptium.net/" + return 1 + ;; + esac + + return 0 +} + +# Check if Java version is 17 or higher +check_java_version() { + if ! command -v java &> /dev/null; then + return 1 + fi + + # Get Java version number + java_version=$(java -version 2>&1 | head -n 1 | sed -E 's/.*"([0-9]+)\.?.*/\1/') + + if [ -z "$java_version" ]; then + # Try alternate parsing for different java -version formats + java_version=$(java -version 2>&1 | head -n 1 | grep -oE '[0-9]+' | head -1) + fi + + if [ -n "$java_version" ] && [ "$java_version" -ge 17 ] 2>/dev/null; then + log_message "INFO" "Java version $java_version detected (>= 17 required)" + return 0 + else + log_message "WARNING" "Java version $java_version detected, but Java 17+ is required" + return 1 + fi +} + +# Install Maven +install_maven() { + log_message "INFO" "Installing Maven..." + case "$OS_TYPE" in + macos) + brew install maven 2>&1 | tee -a "$LOG_FILE" + ;; + linux-debian) + sudo apt-get update && sudo apt-get install -y maven 2>&1 | tee -a "$LOG_FILE" + ;; + linux-redhat) + sudo dnf install -y maven 2>&1 | tee -a "$LOG_FILE" || \ + sudo yum install -y maven 2>&1 | tee -a "$LOG_FILE" + ;; + linux-arch) + sudo pacman -S --noconfirm maven 2>&1 | tee -a "$LOG_FILE" + ;; + windows) + choco install -y maven 2>&1 | tee -a "$LOG_FILE" || \ + winget install --accept-package-agreements Apache.Maven 2>&1 | tee -a "$LOG_FILE" + ;; + esac +} + +# Install Python 3 +install_python() { + log_message "INFO" "Installing Python 3..." + case "$OS_TYPE" in + macos) + brew install python@3 2>&1 | tee -a "$LOG_FILE" + ;; + linux-debian) + sudo apt-get update && sudo apt-get install -y python3 python3-pip 2>&1 | tee -a "$LOG_FILE" + ;; + linux-redhat) + sudo dnf install -y python3 python3-pip 2>&1 | tee -a "$LOG_FILE" || \ + sudo yum install -y python3 python3-pip 2>&1 | tee -a "$LOG_FILE" + ;; + linux-arch) + sudo pacman -S --noconfirm python python-pip 2>&1 | tee -a "$LOG_FILE" + ;; + windows) + choco install -y python3 2>&1 | tee -a "$LOG_FILE" || \ + winget install --accept-package-agreements Python.Python.3.11 2>&1 | tee -a "$LOG_FILE" + ;; + esac +} + +# Install psql client +install_psql() { + log_message "INFO" "Installing PostgreSQL client..." + case "$OS_TYPE" in + macos) + brew install libpq 2>&1 | tee -a "$LOG_FILE" + export PATH="/opt/homebrew/opt/libpq/bin:$PATH" + ;; + linux-debian) + sudo apt-get update && sudo apt-get install -y postgresql-client 2>&1 | tee -a "$LOG_FILE" + ;; + linux-redhat) + sudo dnf install -y postgresql 2>&1 | tee -a "$LOG_FILE" || \ + sudo yum install -y postgresql 2>&1 | tee -a "$LOG_FILE" + ;; + linux-arch) + sudo pacman -S --noconfirm postgresql-libs 2>&1 | tee -a "$LOG_FILE" + ;; + windows) + choco install -y postgresql 2>&1 | tee -a "$LOG_FILE" + ;; + esac +} + +# Install Docker +install_docker() { + log_message "INFO" "Installing Docker..." + case "$OS_TYPE" in + macos) + echo "Please install Docker Desktop for macOS from https://www.docker.com/products/docker-desktop" + echo "After installation, start Docker Desktop and re-run this script." + log_message "ERROR" "Docker Desktop must be installed manually on macOS" + return 1 + ;; + linux-debian) + sudo apt-get update + sudo apt-get install -y docker.io 2>&1 | tee -a "$LOG_FILE" + sudo systemctl start docker + sudo systemctl enable docker + sudo usermod -aG docker $USER + ;; + linux-redhat) + sudo dnf install -y docker 2>&1 | tee -a "$LOG_FILE" || \ + sudo yum install -y docker 2>&1 | tee -a "$LOG_FILE" + sudo systemctl start docker + sudo systemctl enable docker + sudo usermod -aG docker $USER + ;; + linux-arch) + sudo pacman -S --noconfirm docker 2>&1 | tee -a "$LOG_FILE" + sudo systemctl start docker + sudo systemctl enable docker + sudo usermod -aG docker $USER + ;; + windows) + echo "Please install Docker Desktop for Windows from https://www.docker.com/products/docker-desktop" + echo "After installation, start Docker Desktop and re-run this script." + log_message "ERROR" "Docker Desktop must be installed manually on Windows" + return 1 + ;; + esac +} + +# ============================================================================ +# YUGABYTEDB INSTALLATION FUNCTIONS +# ============================================================================ + +# Install YugabyteDB via Docker +install_yugabyte_docker() { + log_message "INFO" "Setting up YugabyteDB via Docker..." + echo "Setting up YugabyteDB via Docker..." + + # Check if Docker is available + if ! command -v docker &> /dev/null; then + log_message "WARNING" "Docker not found. Attempting to install..." + install_docker + if ! command -v docker &> /dev/null; then + log_message "ERROR" "Docker installation failed or requires manual intervention." + echo "ERROR: Docker is required for --yugabyte=docker mode." + echo "Please install Docker and re-run this script." + return 1 + fi + fi + + # Check if Docker daemon is running + if ! docker info &> /dev/null; then + log_message "ERROR" "Docker daemon is not running." + echo "ERROR: Docker daemon is not running. Please start Docker and re-run this script." + return 1 + fi + + # Check if yugabyte container already exists + if docker ps -a --format '{{.Names}}' | grep -q '^yugabyte$'; then + # Check if it's running + if docker ps --format '{{.Names}}' | grep -q '^yugabyte$'; then + log_message "INFO" "YugabyteDB container is already running." + echo "YugabyteDB container is already running." + return 0 + else + # Start existing container + log_message "INFO" "Starting existing YugabyteDB container..." + echo "Starting existing YugabyteDB container..." + docker start yugabyte 2>&1 | tee -a "$LOG_FILE" + sleep 10 + return 0 + fi + fi + + # Run new YugabyteDB container + log_message "INFO" "Starting new YugabyteDB Docker container..." + echo "Starting new YugabyteDB Docker container..." + docker run -d --name yugabyte \ + -p7000:7000 -p9000:9000 -p5433:5433 -p9042:9042 \ + yugabytedb/yugabyte:latest \ + bin/yugabyted start --daemon=false 2>&1 | tee -a "$LOG_FILE" + + if [ $? -ne 0 ]; then + log_message "ERROR" "Failed to start YugabyteDB Docker container." + return 1 + fi + + # Wait for YugabyteDB to be ready + echo "Waiting for YugabyteDB to initialize (30 seconds)..." + sleep 30 + + log_message "INFO" "YugabyteDB Docker container started successfully." + return 0 +} + +# Install YugabyteDB natively based on OS +install_yugabyte_native() { + log_message "INFO" "Installing YugabyteDB natively for $OS_TYPE..." + echo "Installing YugabyteDB natively..." + + case "$OS_TYPE" in + macos) + echo "Installing YugabyteDB via Homebrew..." + brew tap yugabyte/yugabytedb 2>&1 | tee -a "$LOG_FILE" + brew install yugabytedb 2>&1 | tee -a "$LOG_FILE" + if [ $? -ne 0 ]; then + log_message "ERROR" "Failed to install YugabyteDB via Homebrew." + return 1 + fi + echo "Starting YugabyteDB..." + yugabyted start 2>&1 | tee -a "$LOG_FILE" + ;; + + linux-debian|linux-redhat|linux-arch|linux-unknown) + echo "Installing YugabyteDB on Linux..." + # Download and install YugabyteDB + YUGABYTE_VERSION="2.20.1.0" + YUGABYTE_TAR="yugabyte-${YUGABYTE_VERSION}-linux-x86_64.tar.gz" + YUGABYTE_URL="https://downloads.yugabyte.com/releases/${YUGABYTE_VERSION}/${YUGABYTE_TAR}" + + echo "Downloading YugabyteDB ${YUGABYTE_VERSION}..." + log_message "INFO" "Downloading from $YUGABYTE_URL" + + if command -v wget &> /dev/null; then + wget -q "$YUGABYTE_URL" -O "/tmp/${YUGABYTE_TAR}" 2>&1 | tee -a "$LOG_FILE" + elif command -v curl &> /dev/null; then + curl -sL "$YUGABYTE_URL" -o "/tmp/${YUGABYTE_TAR}" 2>&1 | tee -a "$LOG_FILE" + else + log_message "ERROR" "Neither wget nor curl found. Cannot download YugabyteDB." + return 1 + fi + + echo "Extracting YugabyteDB..." + tar -xzf "/tmp/${YUGABYTE_TAR}" -C /opt 2>&1 | tee -a "$LOG_FILE" || \ + sudo tar -xzf "/tmp/${YUGABYTE_TAR}" -C /opt 2>&1 | tee -a "$LOG_FILE" + + YUGABYTE_HOME="/opt/yugabyte-${YUGABYTE_VERSION}" + export PATH="$YUGABYTE_HOME/bin:$PATH" + + echo "Starting YugabyteDB..." + "$YUGABYTE_HOME/bin/yugabyted" start 2>&1 | tee -a "$LOG_FILE" + ;; + + windows) + # ============================================================================ + # MANUAL INTERVENTION REQUIRED: Windows Native YugabyteDB + # ============================================================================ + # NOTE: YugabyteDB does not have a native Windows installer. + # Windows users must use Docker or WSL2 to run YugabyteDB. + # ============================================================================ + log_message "ERROR" "Native YugabyteDB installation is not supported on Windows." + echo "" + echo "==========================================" + echo "MANUAL STEP REQUIRED: Windows YugabyteDB" + echo "==========================================" + echo "" + echo "YugabyteDB does not have a native Windows installer." + echo "Please use one of these alternatives:" + echo "" + echo " 1. Docker Desktop for Windows:" + echo " docker run -d --name yugabyte -p7000:7000 -p9000:9000 -p5433:5433 -p9042:9042 yugabytedb/yugabyte:latest bin/yugabyted start --daemon=false" + echo "" + echo " 2. WSL2 (Windows Subsystem for Linux):" + echo " Run this script inside WSL2 with --yugabyte=native" + echo "" + log_message "INFO" "Windows users should use Docker or WSL2 for YugabyteDB." + return 1 + ;; + + *) + log_message "ERROR" "Unsupported OS for native YugabyteDB installation: $OS_TYPE" + return 1 + ;; + esac + + # Wait for YugabyteDB to be ready + echo "Waiting for YugabyteDB to initialize (30 seconds)..." + sleep 30 + + return 0 +} + +# Function to run a command with logging +run_command() { + local description="$1" + local command="$2" + local working_dir="${3:-$BASE_DIR}" + + echo "[$(date '+%Y-%m-%d %H:%M:%S')] RUNNING: $description" >> "$LOG_FILE" + echo " Command: $command" >> "$LOG_FILE" + echo " Directory: $working_dir" >> "$LOG_FILE" + + # Run command and capture output and exit code + cd "$working_dir" + output=$(eval "$command" 2>&1) + exit_code=$? + + if [ $exit_code -eq 0 ]; then + echo " Status: SUCCESS" >> "$LOG_FILE" + echo " Output: $output" >> "$LOG_FILE" + else + local error_desc=$(get_exit_code_description $exit_code) + echo " Status: FAILURE" >> "$LOG_FILE" + echo " Exit Code: $exit_code ($error_desc)" >> "$LOG_FILE" + echo " Error Output: $output" >> "$LOG_FILE" + fi + echo "" >> "$LOG_FILE" + + cd "$BASE_DIR" + return $exit_code +} + +# Function to run a background service with logging +run_service_background() { + local description="$1" + local command="$2" + local working_dir="${3:-$BASE_DIR}" + local log_prefix="$4" + + echo "[$(date '+%Y-%m-%d %H:%M:%S')] STARTING SERVICE: $description" >> "$LOG_FILE" + echo " Command: $command" >> "$LOG_FILE" + echo " Directory: $working_dir" >> "$LOG_FILE" + + cd "$working_dir" + nohup $command > "${BASE_DIR}/${log_prefix}.out" 2>&1 & + local pid=$! + + # Give the service a moment to start or fail immediately + sleep 3 + + if ps -p $pid > /dev/null 2>&1; then + echo " Status: SUCCESS (PID: $pid)" >> "$LOG_FILE" + echo " Service output logged to: ${log_prefix}.out" >> "$LOG_FILE" + echo " Started $description (PID: $pid)" + else + wait $pid 2>/dev/null + exit_code=$? + local error_desc=$(get_exit_code_description $exit_code) + echo " Status: FAILURE" >> "$LOG_FILE" + echo " Exit Code: $exit_code ($error_desc)" >> "$LOG_FILE" + echo " Error Output: $(tail -20 ${BASE_DIR}/${log_prefix}.out 2>/dev/null)" >> "$LOG_FILE" + echo " FAILED to start $description" + fi + echo "" >> "$LOG_FILE" + + cd "$BASE_DIR" +} + +# ============================================================================ +# MAIN SCRIPT +# ============================================================================ + +echo "==========================================" +echo "Yugastore Bootstrap Script" +echo "==========================================" +echo "Log file: $LOG_FILE" +echo "Operating System: $OS_TYPE" +echo "Interactive Mode: $INTERACTIVE" +echo "YugabyteDB Mode: $YUGABYTE_MODE" +echo "" + +# ============================================================================ +# PREREQUISITE CHECKS +# ============================================================================ +echo "Checking prerequisites..." +log_message "INFO" "=== PREREQUISITE CHECKS ===" + +# Check for package manager based on OS +case "$OS_TYPE" in + macos) + if ! command -v brew &> /dev/null; then + log_message "ERROR" "Homebrew is not installed. Please install it first:" + log_message "ERROR" " /bin/bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"" + echo "" + echo "ERROR: Homebrew is not installed." + echo "Please install Homebrew first by running:" + echo ' /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' + echo "" + echo "Then re-run this script." + exit 1 + fi + log_message "INFO" "Prerequisite check: brew found at $(which brew)" + ;; + linux-debian) + log_message "INFO" "Using apt-get package manager" + ;; + linux-redhat) + log_message "INFO" "Using dnf/yum package manager" + ;; + windows) + if ! command -v choco &> /dev/null && ! command -v winget &> /dev/null; then + log_message "WARNING" "Neither Chocolatey nor winget found. Package installation may fail." + fi + ;; +esac + +# Check for Java 17+ +if ! command -v java &> /dev/null; then + log_message "WARNING" "Java not found. Attempting to install OpenJDK 17..." + install_java +elif ! check_java_version; then + log_message "WARNING" "Java version is below 17. Attempting to install OpenJDK 17..." + install_java +fi + +# Verify Java is installed and version is correct +if command -v java &> /dev/null; then + java_version_full=$(java -version 2>&1 | head -n 1) + log_message "INFO" "Java version: $java_version_full" + echo " Java: $java_version_full" + + if ! check_java_version; then + log_message "ERROR" "Java 17 or higher is required. Current version does not meet requirements." + echo "ERROR: Java 17+ is required. Please install from https://adoptium.net/" + exit 1 + fi +else + log_message "ERROR" "Java installation failed. Please install Java 17 manually." + echo "ERROR: Java 17 is required. Please install from https://adoptium.net/" + exit 1 +fi + +# Check for Maven +if ! command -v mvn &> /dev/null; then + log_message "WARNING" "Maven not found. Attempting to install..." + install_maven +fi + +if ! command -v mvn &> /dev/null; then + log_message "ERROR" "Maven installation failed." + exit 1 +fi + +# Check for Python 3 (needed for data loading) +if ! command -v python3 &> /dev/null; then + log_message "WARNING" "Python 3 not found. Attempting to install..." + install_python +fi + +# Check for ycqlsh or cqlsh (Cassandra Query Language Shell) +# Prefer ycqlsh (YugabyteDB's bundled version) over cqlsh to avoid version warnings +# Install Python dependencies required by ycqlsh +log_message "INFO" "Installing Python dependencies for CQL shell..." +pip3 install six cassandra-driver geomet &>/dev/null || true + +# Set CQLSH_NO_BUNDLED to avoid using outdated bundled libraries (six 1.12.0) +# that are incompatible with Python 3.12+ +export CQLSH_NO_BUNDLED=1 + +if command -v ycqlsh &> /dev/null; then + CQLSH_CMD="ycqlsh" + log_message "INFO" "Using YugabyteDB's ycqlsh for CQL operations" +elif command -v cqlsh &> /dev/null; then + CQLSH_CMD="cqlsh" + log_message "WARNING" "Using generic cqlsh - may show version warnings with YugabyteDB" +else + log_message "WARNING" "Neither ycqlsh nor cqlsh found. Will attempt to use ycqlsh after YugabyteDB install." + CQLSH_CMD="ycqlsh" # Default to ycqlsh, will be available after YugabyteDB native install +fi + +# Check for psql (PostgreSQL client) +if ! command -v psql &> /dev/null; then + log_message "WARNING" "psql not found. Attempting to install PostgreSQL client..." + install_psql +fi + +# Add libpq to PATH on macOS if needed +if [ "$OS_TYPE" = "macos" ] && [ -d "/opt/homebrew/opt/libpq/bin" ]; then + export PATH="/opt/homebrew/opt/libpq/bin:$PATH" +fi + +# ============================================================================ +# YUGABYTEDB SETUP +# ============================================================================ +log_message "INFO" "=== YUGABYTEDB SETUP ===" +echo "" +echo "==========================================" +echo "Setting up YugabyteDB ($YUGABYTE_MODE mode)..." +echo "==========================================" + +if [ "$YUGABYTE_MODE" = "docker" ]; then + install_yugabyte_docker + yugabyte_result=$? +elif [ "$YUGABYTE_MODE" = "native" ]; then + install_yugabyte_native + yugabyte_result=$? +fi + +if [ $yugabyte_result -ne 0 ]; then + if [ "$INTERACTIVE" = true ]; then + echo "" + echo "YugabyteDB setup failed or requires manual intervention." + read -p "Do you want to continue anyway (assuming YugabyteDB is already running)? (y/n): " continue_anyway + if [ "$continue_anyway" != "y" ] && [ "$continue_anyway" != "Y" ]; then + log_message "ERROR" "User chose not to continue after YugabyteDB setup failure." + exit 1 + fi + else + log_message "ERROR" "YugabyteDB setup failed in non-interactive mode." + echo "ERROR: YugabyteDB setup failed. Please ensure YugabyteDB is running and re-run this script." + exit 1 + fi +fi + +# Verify YugabyteDB connectivity +echo "Verifying YugabyteDB connectivity..." + +# Re-check for ycqlsh after YugabyteDB installation (native install provides it) +if command -v ycqlsh &> /dev/null; then + CQLSH_CMD="ycqlsh" +elif command -v cqlsh &> /dev/null; then + CQLSH_CMD="cqlsh" +fi + +if command -v $CQLSH_CMD &> /dev/null; then + if $CQLSH_CMD -e "SELECT now() FROM system.local;" &>/dev/null; then + log_message "INFO" "YugabyteDB YCQL connection verified using $CQLSH_CMD" + echo " YCQL (Cassandra) connection: OK (using $CQLSH_CMD)" + else + log_message "WARNING" "Could not connect to YugabyteDB YCQL on localhost:9042" + echo " WARNING: Could not connect to YCQL on localhost:9042" + fi +else + log_message "WARNING" "No CQL shell found (ycqlsh or cqlsh)" + echo " WARNING: No CQL shell available" +fi + +if command -v psql &> /dev/null; then + if psql -h localhost -p 5433 -U yugabyte -d yugabyte -c "SELECT 1;" &>/dev/null; then + log_message "INFO" "YugabyteDB YSQL connection verified" + echo " YSQL (PostgreSQL) connection: OK" + else + log_message "WARNING" "Could not connect to YugabyteDB YSQL on localhost:5433" + echo " WARNING: Could not connect to YSQL on localhost:5433" + fi +fi + +# ============================================================================ +# BUILD THE APPLICATION +# ============================================================================ +echo "" +echo "==========================================" +echo "Building the application..." +echo "==========================================" +log_message "INFO" "=== BUILD PHASE ===" + +# Skip Docker build if not using Docker mode (exec plugin runs docker build) +if [ "$YUGABYTE_MODE" = "docker" ]; then + MVN_BUILD_CMD="mvn -DskipTests package" +else + # Skip the exec plugin which runs docker build + MVN_BUILD_CMD="mvn -DskipTests -Dexec.skip=true package" + log_message "INFO" "Skipping Docker image builds (native mode)" +fi + +run_command "Build application with Maven" "$MVN_BUILD_CMD" +if [ $? -ne 0 ]; then + log_message "ERROR" "Build failed. Check $LOG_FILE for details." + echo "ERROR: Build failed. Check $LOG_FILE for details." + exit 1 +fi +echo "Build completed successfully." + +# ============================================================================ +# STEP 1: INSTALL AND INITIALIZE YUGABYTEDB +# ============================================================================ +echo "" +echo "==========================================" +echo "Step 1: Initializing YugabyteDB schemas..." +echo "==========================================" +log_message "INFO" "=== STEP 1: DATABASE INITIALIZATION ===" + +# Create CQL schema using ycqlsh (preferred) or cqlsh +echo "Creating CQL schema..." +run_command "Create CQL schema ($CQLSH_CMD -f schema.cql)" "$CQLSH_CMD -f schema.cql" "$BASE_DIR/resources" +if [ $? -ne 0 ]; then + log_message "WARNING" "CQL schema creation failed. Check $LOG_FILE for details." + echo "WARNING: CQL schema creation failed." +fi + +# Load sample data +echo "Loading sample data..." +run_command "Load sample data (./dataload.sh)" "./dataload.sh" "$BASE_DIR/resources" +if [ $? -ne 0 ]; then + log_message "WARNING" "Data load failed. Check $LOG_FILE for details." + echo "WARNING: Data load failed." +fi + +# Create YSQL tables +echo "Creating YSQL tables..." +run_command "Create YSQL schema (psql -f schema.sql)" "psql -h localhost -p 5433 -U yugabyte -d yugabyte -f schema.sql" "$BASE_DIR/resources" +if [ $? -ne 0 ]; then + log_message "WARNING" "YSQL schema creation failed. Check $LOG_FILE for details." + echo "WARNING: YSQL schema creation failed." +fi + +# ============================================================================ +# STEP 2: START EUREKA SERVICE DISCOVERY +# ============================================================================ +echo "" +echo "==========================================" +echo "Step 2: Starting Eureka service discovery..." +echo "==========================================" +log_message "INFO" "=== STEP 2: EUREKA SERVICE DISCOVERY ===" + +run_service_background "Eureka Service Discovery" "mvn spring-boot:run" "$BASE_DIR/eureka-server-local" "eureka-server" +echo "Waiting for Eureka to initialize (30 seconds)..." +sleep 30 + +# Verify Eureka is running +if curl -s http://localhost:8761 > /dev/null 2>&1; then + log_message "INFO" "Eureka Service Discovery is responding on http://localhost:8761" + echo "Eureka is running at http://localhost:8761" +else + log_message "WARNING" "Eureka may not be fully started yet. Check eureka-server.out for details." + echo "WARNING: Eureka may not be fully started. Check eureka-server.out" +fi + +# ============================================================================ +# STEP 2 (continued): START API GATEWAY MICROSERVICE +# ============================================================================ +echo "" +echo "==========================================" +echo "Starting API Gateway microservice..." +echo "==========================================" +log_message "INFO" "=== API GATEWAY MICROSERVICE ===" + +run_service_background "API Gateway Microservice" "mvn spring-boot:run" "$BASE_DIR/api-gateway-microservice" "api-gateway" +sleep 10 + +# ============================================================================ +# STEP 3: START PRODUCTS MICROSERVICE +# ============================================================================ +echo "" +echo "==========================================" +echo "Step 3: Starting Products microservice..." +echo "==========================================" +log_message "INFO" "=== STEP 3: PRODUCTS MICROSERVICE ===" + +run_service_background "Products Microservice" "mvn spring-boot:run" "$BASE_DIR/products-microservice" "products" +sleep 10 + +# ============================================================================ +# STEP 4: START CHECKOUT MICROSERVICE +# ============================================================================ +echo "" +echo "==========================================" +echo "Step 4: Starting Checkout microservice..." +echo "==========================================" +log_message "INFO" "=== STEP 4: CHECKOUT MICROSERVICE ===" + +run_service_background "Checkout Microservice" "mvn spring-boot:run" "$BASE_DIR/checkout-microservice" "checkout" +sleep 10 + +# ============================================================================ +# STEP 5: START CART MICROSERVICE +# ============================================================================ +echo "" +echo "==========================================" +echo "Step 5: Starting Cart microservice..." +echo "==========================================" +log_message "INFO" "=== STEP 5: CART MICROSERVICE ===" + +run_service_background "Cart Microservice" "mvn spring-boot:run" "$BASE_DIR/cart-microservice" "cart" +sleep 10 + +# ============================================================================ +# STEP 6: START THE UI +# ============================================================================ +echo "" +echo "==========================================" +echo "Step 6: Starting React UI..." +echo "==========================================" +log_message "INFO" "=== STEP 6: REACT UI ===" + +run_service_background "React UI" "mvn spring-boot:run" "$BASE_DIR/react-ui" "react-ui" +sleep 10 + +# ============================================================================ +# COMPLETION +# ============================================================================ +echo "" +echo "==========================================" | tee -a "$LOG_FILE" +echo "=== Bootstrap Complete ===" | tee -a "$LOG_FILE" +echo "==========================================" | tee -a "$LOG_FILE" +echo "Completed at: $(date)" >> "$LOG_FILE" +echo "" +echo "Services should be available at:" +echo " - Eureka Dashboard: http://localhost:8761/" +echo " - API Gateway: http://localhost:8081/" +echo " - Products: http://localhost:8082/" +echo " - Cart: http://localhost:8083/" +echo " - Login: http://localhost:8085/" +echo " - Checkout: http://localhost:8086/" +echo "" +echo "==========================================" +echo " FRONTEND URL (click to open):" +echo "" +# Use OSC 8 hyperlink escape sequence for clickable URL in supported terminals +printf " \033]8;;http://localhost:8080/\033\\http://localhost:8080/\033]8;;\033\\\n" +echo "" +echo "==========================================" +echo "" +echo "Log files:" +echo " - Main log: $LOG_FILE" +echo " - Eureka: eureka-server.out" +echo " - API Gateway: api-gateway.out" +echo " - Products: products.out" +echo " - Checkout: checkout.out" +echo " - Cart: cart.out" +echo " - React UI: react-ui.out" +echo "" +echo "To stop all services, run:" +echo " pkill -f 'spring-boot:run'" +echo "" +if [ "$YUGABYTE_MODE" = "docker" ]; then + echo "To stop YugabyteDB Docker container:" + echo " docker stop yugabyte" + echo "" +fi diff --git a/scripts/tests/README.md b/scripts/tests/README.md new file mode 100644 index 0000000..a734a44 --- /dev/null +++ b/scripts/tests/README.md @@ -0,0 +1,152 @@ +# Bootstrap Script Tests + +This directory contains unit tests for the `bootstrap.sh` script using the BATS (Bash Automated Testing System) framework. + +## Prerequisites + +### Install BATS + +**macOS (Homebrew):** +```bash +brew install bats-core +``` + +**Ubuntu/Debian:** +```bash +sudo apt-get install bats +``` + +**Fedora/RHEL:** +```bash +sudo dnf install bats +``` + +**From source:** +```bash +git clone https://github.com/bats-core/bats-core.git +cd bats-core +./install.sh /usr/local +``` + +## Running the Tests + +From the repository root directory: + +```bash +bats scripts/tests/bootstrap_test.bats +``` + +Or from the scripts directory: + +```bash +cd scripts +bats tests/bootstrap_test.bats +``` + +### Verbose Output + +For more detailed output showing each test: + +```bash +bats --tap scripts/tests/bootstrap_test.bats +``` + +### Run Specific Tests + +To run tests matching a pattern: + +```bash +bats --filter "help" scripts/tests/bootstrap_test.bats +``` + +## Test Coverage + +The test suite covers the following areas: + +| Category | Description | Test Count | +|----------|-------------|------------| +| Help and Usage | `--help` and `-h` flag functionality | 8 | +| Argument Parsing | Command-line option handling and error cases | 2 | +| Script Structure | Presence of required functions | 8 | +| Default Values | Correct initialization of variables | 3 | +| Prerequisite Checks | Detection and installation of required tools (Java 17, mvn, python3, ycqlsh/cqlsh, psql) | 19 | +| Exit Code Mapping | Proper error code descriptions | 4 | +| YugabyteDB Mode | Docker and native installation functions | 4 | +| Microservice Startup | All 6 microservices are started | 6 | +| Build | Maven build configuration | 2 | +| Schema and Data | Database initialization steps | 3 | +| Logging | Log file and log levels | 4 | +| Output Information | Service URLs and stop instructions | 2 | +| Package Managers | Support for apt, yum, dnf, brew | 3 | +| Error Handling | Exit codes and missing prerequisites | 3 | +| Port Configuration | Correct ports for all services | 8 | +| Frontend URL Display | Clickable URL with OSC 8 escape sequence | 4 | + +**Total: 83 tests** + +## Test File Structure + +``` +scripts/ +├── bootstrap.sh # Main bootstrap script +└── tests/ + ├── README.md # This file + └── bootstrap_test.bats # BATS test suite +``` + +## Writing Additional Tests + +BATS tests follow this structure: + +```bash +@test "description of test" { + run command_to_test + [ "$status" -eq 0 ] # Check exit status + [[ "$output" == *"expected"* ]] # Check output contains string +} +``` + +### Setup and Teardown + +The test file includes `setup()` and `teardown()` functions that run before and after each test: + +- `setup()`: Creates temp directories and sets up paths +- `teardown()`: Cleans up temp files + +## Continuous Integration + +To run tests in CI/CD pipelines, use: + +```bash +bats --formatter tap scripts/tests/bootstrap_test.bats +``` + +This outputs TAP (Test Anything Protocol) format suitable for CI systems. + +## Troubleshooting + +### Tests not finding bootstrap.sh + +Ensure you're running tests from the repository root: + +```bash +cd /path/to/bookstore-r-us +bats scripts/tests/bootstrap_test.bats +``` + +### Permission denied + +Make sure the test file is executable: + +```bash +chmod +x scripts/tests/bootstrap_test.bats +``` + +### BATS not found + +Verify BATS is installed and in your PATH: + +```bash +which bats +bats --version +``` diff --git a/scripts/tests/bootstrap_test.bats b/scripts/tests/bootstrap_test.bats new file mode 100755 index 0000000..6a53e5b --- /dev/null +++ b/scripts/tests/bootstrap_test.bats @@ -0,0 +1,526 @@ +#!/usr/bin/env bats +# Unit tests for bootstrap.sh +# Run with: bats scripts/tests/bootstrap_test.bats + +# Setup - runs before each test +setup() { + # Get the directory where tests are located + TESTS_DIR="$( cd "$( dirname "$BATS_TEST_FILENAME" )" && pwd )" + SCRIPTS_DIR="$(dirname "$TESTS_DIR")" + BOOTSTRAP_SCRIPT="$SCRIPTS_DIR/bootstrap.sh" + + # Create a temp directory for test artifacts + TEST_TEMP_DIR="$(mktemp -d)" + + # Export for use in tests + export TESTS_DIR SCRIPTS_DIR BOOTSTRAP_SCRIPT TEST_TEMP_DIR +} + +# Teardown - runs after each test +teardown() { + # Clean up temp directory + if [ -d "$TEST_TEMP_DIR" ]; then + rm -rf "$TEST_TEMP_DIR" + fi +} + +# ============================================================================= +# HELP AND USAGE TESTS +# ============================================================================= + +@test "bootstrap.sh exists and is executable" { + [ -f "$BOOTSTRAP_SCRIPT" ] + [ -x "$BOOTSTRAP_SCRIPT" ] +} + +@test "--help flag displays usage information" { + run "$BOOTSTRAP_SCRIPT" --help + [ "$status" -eq 0 ] + [[ "$output" == *"Yugastore Bootstrap Script"* ]] + [[ "$output" == *"Usage:"* ]] + [[ "$output" == *"Options:"* ]] +} + +@test "-h flag displays usage information" { + run "$BOOTSTRAP_SCRIPT" -h + [ "$status" -eq 0 ] + [[ "$output" == *"Yugastore Bootstrap Script"* ]] + [[ "$output" == *"Usage:"* ]] +} + +@test "--help shows --non-interactive option" { + run "$BOOTSTRAP_SCRIPT" --help + [ "$status" -eq 0 ] + [[ "$output" == *"--non-interactive"* ]] +} + +@test "--help shows --yugabyte=docker option" { + run "$BOOTSTRAP_SCRIPT" --help + [ "$status" -eq 0 ] + [[ "$output" == *"--yugabyte=docker"* ]] +} + +@test "--help shows --yugabyte=native option" { + run "$BOOTSTRAP_SCRIPT" --help + [ "$status" -eq 0 ] + [[ "$output" == *"--yugabyte=native"* ]] +} + +@test "--help shows examples section" { + run "$BOOTSTRAP_SCRIPT" --help + [ "$status" -eq 0 ] + [[ "$output" == *"Examples:"* ]] +} + +@test "--help shows supported operating systems" { + run "$BOOTSTRAP_SCRIPT" --help + [ "$status" -eq 0 ] + [[ "$output" == *"Supported Operating Systems:"* ]] + [[ "$output" == *"macOS"* ]] + [[ "$output" == *"Linux"* ]] +} + +# ============================================================================= +# ARGUMENT PARSING TESTS +# ============================================================================= + +@test "unknown option shows error and usage" { + run "$BOOTSTRAP_SCRIPT" --unknown-option + [ "$status" -eq 1 ] + [[ "$output" == *"Unknown option: --unknown-option"* ]] + [[ "$output" == *"Usage:"* ]] +} + +@test "invalid yugabyte option shows error" { + run "$BOOTSTRAP_SCRIPT" --yugabyte=invalid + [ "$status" -eq 1 ] + [[ "$output" == *"Unknown option"* ]] +} + +# ============================================================================= +# SCRIPT STRUCTURE TESTS +# ============================================================================= + +@test "script contains show_help function" { + run grep -q "show_help()" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script contains detect_os function" { + run grep -q "detect_os()" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script contains log_message function" { + run grep -q "log_message()" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script contains run_command function" { + run grep -q "run_command()" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script contains get_exit_code_description function" { + run grep -q "get_exit_code_description()" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script handles Darwin (macOS) in detect_os" { + run grep -q "Darwin" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script handles Linux in detect_os" { + run grep -q "Linux" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script handles Windows/CYGWIN in detect_os" { + run grep -q "CYGWIN\|MINGW\|MSYS" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# DEFAULT VALUES TESTS +# ============================================================================= + +@test "script sets default INTERACTIVE to true" { + run grep -q 'INTERACTIVE=true' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script sets default YUGABYTE_MODE to docker" { + run grep -q 'YUGABYTE_MODE="docker"' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script defines LOG_FILE variable" { + run grep -q 'LOG_FILE=' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# PREREQUISITE CHECK TESTS +# ============================================================================= + +@test "script checks for java prerequisite" { + run grep -q "java" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script has install_java function" { + run grep -q "install_java()" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script has check_java_version function" { + run grep -q "check_java_version()" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script requires Java 17 or higher" { + run grep -q "17" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] + run grep -qi "java.*17\|openjdk.*17\|openjdk@17" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script installs Java via Homebrew on macOS" { + run grep -q "brew install openjdk@17" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script installs Java via apt-get on Debian/Ubuntu" { + run grep -q "apt-get.*openjdk-17-jdk" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script installs Java via dnf/yum on RedHat/Fedora" { + run grep -q "dnf install.*java-17-openjdk\|yum install.*java-17-openjdk" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script installs Java via pacman on Arch Linux" { + run grep -q "pacman.*jdk17-openjdk" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script installs Java via Chocolatey or winget on Windows" { + run grep -q "choco install.*openjdk17\|winget install.*OpenJDK" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script sets JAVA_HOME after installation" { + run grep -q "JAVA_HOME" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script creates symlink for Java on macOS" { + run grep -q "JavaVirtualMachines" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script provides manual install instructions for Java" { + run grep -q "adoptium.net" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script checks for mvn prerequisite" { + run grep -q "mvn" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script checks for python3 prerequisite" { + run grep -q "python3" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script checks for ycqlsh or cqlsh prerequisite" { + run grep -q "ycqlsh\|cqlsh" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script prefers ycqlsh over cqlsh" { + # Verify ycqlsh is checked first (preferred) + run grep -q 'command -v ycqlsh' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses CQLSH_CMD variable for CQL operations" { + run grep -q 'CQLSH_CMD' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script sets CQLSH_NO_BUNDLED to avoid library conflicts" { + # This avoids incompatibility between bundled six 1.12.0 and Python 3.12+ + run grep -q 'CQLSH_NO_BUNDLED=1' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script checks for psql prerequisite" { + run grep -q "psql" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# EXIT CODE MAPPING TESTS +# ============================================================================= + +@test "script maps exit code 0 to Success" { + run grep -A1 'case.*code.*in' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] + run grep -q '"Success"' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script maps exit code 1 to General error" { + run grep -q "General error" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script maps exit code 127 to Command not found" { + run grep -q "Command not found" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script maps exit code 126 to permission problem" { + run grep -q "permission problem\|cannot execute" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# YUGABYTE MODE TESTS +# ============================================================================= + +@test "script has install_yugabyte_docker function" { + run grep -q "install_yugabyte_docker()" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script has install_yugabyte_native function" { + run grep -q "install_yugabyte_native()" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses Docker for yugabyte when mode is docker" { + run grep -q 'docker run.*yugabyte' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses homebrew for macOS native install" { + run grep -q "brew.*yugabytedb\|brew tap yugabyte" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# MICROSERVICE STARTUP TESTS +# ============================================================================= + +@test "script starts eureka service" { + run grep -qi "eureka" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script starts api-gateway microservice" { + run grep -qi "api-gateway" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script starts products microservice" { + run grep -qi "products" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script starts checkout microservice" { + run grep -qi "checkout" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script starts cart microservice" { + run grep -qi "cart" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script starts react-ui" { + run grep -qi "react-ui" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# BUILD TESTS +# ============================================================================= + +@test "script runs maven build with -DskipTests" { + run grep -q 'mvn.*-DskipTests.*package' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script skips docker build in native mode with -Dexec.skip" { + run grep -q '\-Dexec.skip=true' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# SCHEMA AND DATA TESTS +# ============================================================================= + +@test "script creates CQL schema" { + run grep -qi "schema.cql\|cqlsh.*-f" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script loads sample data" { + run grep -qi "dataload\|sample.*data" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script creates SQL tables" { + run grep -qi "schema.sql\|psql.*-f" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# LOGGING TESTS +# ============================================================================= + +@test "script logs to bootstrap.log" { + run grep -q 'bootstrap.log' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script has INFO log level" { + run grep -q '"INFO"' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script has ERROR log level" { + run grep -q '"ERROR"' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script has WARNING log level" { + run grep -q '"WARNING"' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# OUTPUT INFORMATION TESTS +# ============================================================================= + +@test "script displays service URLs on completion" { + run grep -q "localhost:8761\|localhost:8080\|localhost:8081" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script shows how to stop services" { + run grep -qi "pkill\|stop.*services" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# PACKAGE MANAGER TESTS +# ============================================================================= + +@test "script supports apt-get for Debian-based Linux" { + run grep -q "apt-get\|apt " "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script supports yum/dnf for RedHat-based Linux" { + run grep -q "yum\|dnf" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script supports brew for macOS" { + run grep -q "brew install\|brew " "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# ERROR HANDLING TESTS +# ============================================================================= + +@test "script checks command exit codes" { + run grep -q '\$?' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script exits on build failure" { + run grep -q 'exit 1' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script handles missing prerequisites" { + run grep -qi "missing\|not found\|installing" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# PORT CONFIGURATION TESTS +# ============================================================================= + +@test "script uses port 8761 for Eureka" { + run grep -q "8761" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses port 8080 for React UI" { + run grep -q "8080" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses port 8081 for API Gateway" { + run grep -q "8081" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses port 8082 for Products" { + run grep -q "8082" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses port 8083 for Cart" { + run grep -q "8083" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses port 8086 for Checkout" { + run grep -q "8086" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses port 9042 for YCQL/Cassandra" { + run grep -q "9042" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses port 5433 for YSQL/PostgreSQL" { + run grep -q "5433" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +# ============================================================================= +# FRONTEND URL DISPLAY TESTS +# ============================================================================= + +@test "script displays prominent FRONTEND URL section" { + run grep -q "FRONTEND URL" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses printf for clickable URL" { + run grep -q 'printf.*http://localhost:8080' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script uses OSC 8 escape sequence for hyperlink" { + # OSC 8 is the escape sequence for clickable hyperlinks in terminals + run grep -q '\\033\]8;;' "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} + +@test "script displays click to open hint" { + run grep -qi "click to open" "$BOOTSTRAP_SCRIPT" + [ "$status" -eq 0 ] +} diff --git a/spec_verifier.py b/spec_verifier.py new file mode 100755 index 0000000..83c9933 --- /dev/null +++ b/spec_verifier.py @@ -0,0 +1,824 @@ +#!/usr/bin/env python3 +""" +Adversarial Specification Verification Tool + +This tool verifies that a specification document properly addresses all inputs: +- Human input documents +- Reverse-engineered requirements documents +- Constitution of guiding principles + +It performs adversarial analysis to find gaps, contradictions, violations, and weaknesses. +""" + +import argparse +import json +import re +import sys +from collections import defaultdict +from dataclasses import dataclass, field +from enum import Enum +from pathlib import Path +from typing import List, Dict, Set, Tuple, Optional +import hashlib + + +class Severity(Enum): + CRITICAL = "CRITICAL" + HIGH = "HIGH" + MEDIUM = "MEDIUM" + LOW = "LOW" + INFO = "INFO" + + +@dataclass +class Violation: + """Represents a verification violation""" + severity: Severity + category: str + title: str + description: str + evidence: List[str] = field(default_factory=list) + line_numbers: List[int] = field(default_factory=list) + + def __str__(self): + result = f"\n[{self.severity.value}] {self.category}: {self.title}\n" + result += f" {self.description}\n" + if self.evidence: + result += f" Evidence:\n" + for e in self.evidence[:3]: # Limit to first 3 pieces of evidence + result += f" - {e}\n" + if self.line_numbers: + result += f" Lines: {', '.join(map(str, sorted(self.line_numbers)[:5]))}\n" + return result + + +@dataclass +class Requirement: + """Represents a requirement extracted from documents""" + id: str + text: str + source: str + line_number: int + priority: str = "NORMAL" + tags: Set[str] = field(default_factory=set) + + def __hash__(self): + return hash(self.id) + + +@dataclass +class Principle: + """Represents a guiding principle""" + id: str + text: str + category: str + mandatory: bool = True + line_number: int = 0 + + +@dataclass +class SpecificationItem: + """Represents an item in the specification""" + id: str + text: str + line_number: int + addresses_requirements: Set[str] = field(default_factory=set) + tags: Set[str] = field(default_factory=set) + + +class DocumentParser: + """Parses various document formats""" + + @staticmethod + def parse_file(filepath: Path) -> List[str]: + """Parse a file and return lines""" + try: + with open(filepath, 'r', encoding='utf-8') as f: + return f.readlines() + except Exception as e: + print(f"Error reading {filepath}: {e}", file=sys.stderr) + return [] + + @staticmethod + def extract_requirements(lines: List[str], source: str) -> List[Requirement]: + """Extract requirements from document lines""" + requirements = [] + + # Patterns that indicate requirements + req_patterns = [ + r'(?:REQ|REQUIREMENT|SHALL|MUST|SHOULD|NEEDS?)\s*[-:]?\s*(.+)', + r'(?:The system|The application|It)\s+(?:shall|must|should|needs? to)\s+(.+)', + r'^\s*[-*]\s+(.+(?:shall|must|should|required|necessary).+)', + r'^\s*\d+\.\s+(.+)', # Numbered items + ] + + for line_num, line in enumerate(lines, 1): + line = line.strip() + if not line or len(line) < 10: + continue + + for pattern in req_patterns: + match = re.search(pattern, line, re.IGNORECASE) + if match: + text = match.group(1) if match.lastindex else line + text = text.strip().rstrip('.;,') + + # Generate ID from content hash + req_id = f"REQ_{hashlib.md5(text.encode()).hexdigest()[:8]}" + + # Determine priority + priority = "HIGH" if any(word in line.lower() for word in ['must', 'shall', 'critical']) else "NORMAL" + + # Extract tags + tags = DocumentParser._extract_tags(line) + + req = Requirement( + id=req_id, + text=text, + source=source, + line_number=line_num, + priority=priority, + tags=tags + ) + requirements.append(req) + break + + return requirements + + @staticmethod + def extract_principles(lines: List[str]) -> List[Principle]: + """Extract guiding principles from constitution document""" + principles = [] + + principle_patterns = [ + r'(?:PRINCIPLE|RULE|GUIDELINE|CONSTRAINT)\s*[-:]?\s*(.+)', + r'^\s*[-*]\s+(.+)', + r'^\s*\d+\.\s+(.+)', + ] + + current_category = "GENERAL" + + for line_num, line in enumerate(lines, 1): + line = line.strip() + if not line: + continue + + # Check for category headers + if line.isupper() and len(line.split()) <= 5: + current_category = line + continue + + for pattern in principle_patterns: + match = re.search(pattern, line, re.IGNORECASE) + if match: + text = match.group(1) if match.lastindex else line + text = text.strip().rstrip('.;,') + + if len(text) < 10: # Skip very short lines + continue + + principle_id = f"PRIN_{hashlib.md5(text.encode()).hexdigest()[:8]}" + mandatory = any(word in line.lower() for word in ['must', 'shall', 'required', 'mandatory']) + + principle = Principle( + id=principle_id, + text=text, + category=current_category, + mandatory=mandatory, + line_number=line_num + ) + principles.append(principle) + break + + return principles + + @staticmethod + def extract_specifications(lines: List[str]) -> List[SpecificationItem]: + """Extract specification items from specification document""" + specs = [] + + spec_patterns = [ + r'(?:SPEC|SPECIFICATION)\s*[-:]?\s*(.+)', + r'^\s*[-*]\s+(.+)', + r'^\s*\d+\.\s+(.+)', + r'^#{1,6}\s+(.+)', # Markdown headers + ] + + for line_num, line in enumerate(lines, 1): + line = line.strip() + if not line or len(line) < 10: + continue + + for pattern in spec_patterns: + match = re.search(pattern, line, re.IGNORECASE) + if match: + text = match.group(1) if match.lastindex else line + text = text.strip().rstrip('.;,') + + spec_id = f"SPEC_{hashlib.md5(text.encode()).hexdigest()[:8]}" + + # Try to extract referenced requirement IDs + ref_reqs = set(re.findall(r'REQ[_-]?\w+', line, re.IGNORECASE)) + + tags = DocumentParser._extract_tags(line) + + spec = SpecificationItem( + id=spec_id, + text=text, + line_number=line_num, + addresses_requirements=ref_reqs, + tags=tags + ) + specs.append(spec) + break + + return specs + + @staticmethod + def _extract_tags(text: str) -> Set[str]: + """Extract semantic tags from text""" + tags = set() + + tag_keywords = { + 'security': ['security', 'authentication', 'authorization', 'encrypt', 'secure'], + 'performance': ['performance', 'speed', 'latency', 'throughput', 'optimize'], + 'ui': ['ui', 'user interface', 'display', 'screen', 'view'], + 'api': ['api', 'endpoint', 'rest', 'service'], + 'database': ['database', 'data', 'storage', 'persist', 'store'], + 'validation': ['validate', 'validation', 'verify', 'check'], + 'error_handling': ['error', 'exception', 'failure', 'handle'], + 'logging': ['log', 'logging', 'audit', 'track'], + } + + text_lower = text.lower() + for tag, keywords in tag_keywords.items(): + if any(keyword in text_lower for keyword in keywords): + tags.add(tag) + + return tags + + +class SpecificationVerifier: + """Performs adversarial verification of specifications""" + + def __init__(self): + self.violations: List[Violation] = [] + self.requirements: List[Requirement] = [] + self.principles: List[Principle] = [] + self.specifications: List[SpecificationItem] = [] + + def load_documents(self, human_inputs: List[Path], requirements_docs: List[Path], + constitution: Path, specification: Path): + """Load all input documents""" + parser = DocumentParser() + + # Load human input requirements + for doc in human_inputs: + lines = parser.parse_file(doc) + reqs = parser.extract_requirements(lines, f"HUMAN_INPUT:{doc.name}") + self.requirements.extend(reqs) + + # Load reverse-engineered requirements + for doc in requirements_docs: + lines = parser.parse_file(doc) + reqs = parser.extract_requirements(lines, f"REV_ENG:{doc.name}") + self.requirements.extend(reqs) + + # Load constitution/principles + lines = parser.parse_file(constitution) + self.principles = parser.extract_principles(lines) + + # Load specification + lines = parser.parse_file(specification) + self.specifications = parser.extract_specifications(lines) + + print(f"Loaded: {len(self.requirements)} requirements, {len(self.principles)} principles, " + f"{len(self.specifications)} specification items") + + def verify(self): + """Run all verification checks""" + print("\n" + "="*80) + print("RUNNING ADVERSARIAL VERIFICATION") + print("="*80) + + self.check_requirement_coverage() + self.check_orphaned_specifications() + self.check_principle_violations() + self.check_ambiguity() + self.check_contradictions() + self.check_completeness() + self.check_scope_creep() + self.check_vagueness() + self.check_testability() + self.check_consistency() + + def check_requirement_coverage(self): + """Verify all requirements are addressed in specification""" + print("\n[CHECK] Requirement Coverage Analysis...") + + # Build a semantic map of specification content + spec_text = " ".join([s.text.lower() for s in self.specifications]) + + uncovered = [] + partially_covered = [] + + for req in self.requirements: + # Check for direct coverage + req_keywords = set(re.findall(r'\w+', req.text.lower())) + req_keywords = {w for w in req_keywords if len(w) > 3} # Filter short words + + if not req_keywords: + continue + + # Count how many requirement keywords appear in spec + matches = sum(1 for keyword in req_keywords if keyword in spec_text) + coverage = matches / len(req_keywords) if req_keywords else 0 + + if coverage == 0: + uncovered.append(req) + elif coverage < 0.5: + partially_covered.append(req) + + # Report uncovered requirements + if uncovered: + self.violations.append(Violation( + severity=Severity.CRITICAL, + category="COVERAGE", + title=f"{len(uncovered)} requirements have NO coverage in specification", + description=f"The following requirements are completely missing from the specification:", + evidence=[f"{r.id} [{r.source}]: {r.text[:100]}..." for r in uncovered[:5]] + )) + + if partially_covered: + self.violations.append(Violation( + severity=Severity.HIGH, + category="COVERAGE", + title=f"{len(partially_covered)} requirements have PARTIAL coverage", + description="These requirements are only partially addressed:", + evidence=[f"{r.id} [{r.source}]: {r.text[:100]}..." for r in partially_covered[:5]] + )) + + print(f" ✓ Uncovered requirements: {len(uncovered)}") + print(f" ✓ Partially covered requirements: {len(partially_covered)}") + + def check_orphaned_specifications(self): + """Find specification items that don't map to any requirement""" + print("\n[CHECK] Orphaned Specifications (Scope Creep)...") + + req_text = " ".join([r.text.lower() for r in self.requirements]) + + orphaned = [] + for spec in self.specifications: + spec_keywords = set(re.findall(r'\w+', spec.text.lower())) + spec_keywords = {w for w in spec_keywords if len(w) > 3} + + if not spec_keywords: + continue + + matches = sum(1 for keyword in spec_keywords if keyword in req_text) + coverage = matches / len(spec_keywords) if spec_keywords else 0 + + if coverage < 0.3: # Very low match to requirements + orphaned.append(spec) + + if orphaned: + self.violations.append(Violation( + severity=Severity.HIGH, + category="SCOPE_CREEP", + title=f"{len(orphaned)} specification items appear to be out of scope", + description="These specifications don't clearly relate to any input requirements:", + evidence=[f"{s.id} (line {s.line_number}): {s.text[:100]}..." for s in orphaned[:5]], + line_numbers=[s.line_number for s in orphaned] + )) + + print(f" ✓ Orphaned specifications: {len(orphaned)}") + + def check_principle_violations(self): + """Check for violations of guiding principles""" + print("\n[CHECK] Principle Violations...") + + violations_found = [] + + for principle in self.principles: + if not principle.mandatory: + continue + + # Extract prohibitions and requirements from principle + principle_lower = principle.text.lower() + + # Check for negative constraints (must not, shall not, etc.) + if any(phrase in principle_lower for phrase in ['must not', 'shall not', 'cannot', 'prohibited']): + # Extract what is prohibited + prohibited_terms = self._extract_key_terms(principle.text) + + # Check if specification violates this + for spec in self.specifications: + spec_lower = spec.text.lower() + for term in prohibited_terms: + if term.lower() in spec_lower: + violations_found.append((principle, spec, term)) + + # Check for positive constraints (must, shall, required to) + elif any(phrase in principle_lower for phrase in ['must', 'shall', 'required']): + required_terms = self._extract_key_terms(principle.text) + + # Check if any specification addresses this principle + spec_text = " ".join([s.text.lower() for s in self.specifications]) + found = any(term.lower() in spec_text for term in required_terms) + + if not found: + violations_found.append((principle, None, "Not addressed")) + + if violations_found: + evidence = [] + for principle, spec, issue in violations_found[:5]: + if spec: + evidence.append(f"Principle '{principle.text[:60]}...' violated by spec at line {spec.line_number}") + else: + evidence.append(f"Principle '{principle.text[:60]}...' not addressed in specification") + + self.violations.append(Violation( + severity=Severity.CRITICAL, + category="PRINCIPLE_VIOLATION", + title=f"{len(violations_found)} principle violations detected", + description="Mandatory principles have been violated or ignored:", + evidence=evidence + )) + + print(f" ✓ Principle violations: {len(violations_found)}") + + def check_ambiguity(self): + """Check for ambiguous or unclear specifications""" + print("\n[CHECK] Ambiguity Detection...") + + ambiguous_specs = [] + + # Words/phrases that indicate ambiguity + ambiguous_indicators = [ + 'appropriate', 'reasonable', 'adequate', 'sufficient', + 'as needed', 'if possible', 'etc', 'and so on', + 'various', 'several', 'some', 'many', 'few', + 'fast', 'slow', 'good', 'bad', 'efficient', + 'might', 'may', 'could', 'possibly', 'probably', + 'tbd', 'todo', 'to be determined', 'to be decided' + ] + + for spec in self.specifications: + spec_lower = spec.text.lower() + found_indicators = [ind for ind in ambiguous_indicators if ind in spec_lower] + + if found_indicators: + ambiguous_specs.append((spec, found_indicators)) + + if ambiguous_specs: + self.violations.append(Violation( + severity=Severity.MEDIUM, + category="AMBIGUITY", + title=f"{len(ambiguous_specs)} ambiguous specifications detected", + description="These specifications contain vague or ambiguous language:", + evidence=[f"Line {s.line_number}: '{s.text[:80]}...' (contains: {', '.join(ind)})" + for s, ind in ambiguous_specs[:5]], + line_numbers=[s.line_number for s, _ in ambiguous_specs] + )) + + print(f" ✓ Ambiguous specifications: {len(ambiguous_specs)}") + + def check_contradictions(self): + """Look for contradictory specifications""" + print("\n[CHECK] Contradiction Detection...") + + contradictions = [] + + # Look for opposing statements + for i, spec1 in enumerate(self.specifications): + for spec2 in self.specifications[i+1:]: + # Check for negation patterns + if self._are_contradictory(spec1.text, spec2.text): + contradictions.append((spec1, spec2)) + + if contradictions: + self.violations.append(Violation( + severity=Severity.CRITICAL, + category="CONTRADICTION", + title=f"{len(contradictions)} potential contradictions found", + description="These specification pairs may contradict each other:", + evidence=[f"Line {s1.line_number} vs Line {s2.line_number}: '{s1.text[:60]}...' contradicts '{s2.text[:60]}...'" + for s1, s2 in contradictions[:3]], + line_numbers=[s.line_number for pair in contradictions for s in pair] + )) + + print(f" ✓ Contradictions: {len(contradictions)}") + + def check_completeness(self): + """Check for completeness across different aspects""" + print("\n[CHECK] Completeness Analysis...") + + # Check coverage of important aspects + aspects = { + 'security': ['security', 'authentication', 'authorization', 'encrypt'], + 'error_handling': ['error', 'exception', 'failure', 'handle'], + 'performance': ['performance', 'speed', 'latency', 'scale'], + 'validation': ['validate', 'validation', 'verify', 'check'], + 'logging': ['log', 'audit', 'track', 'monitor'], + } + + spec_text = " ".join([s.text.lower() for s in self.specifications]) + missing_aspects = [] + + for aspect, keywords in aspects.items(): + if not any(keyword in spec_text for keyword in keywords): + # Check if requirements mention this aspect + req_text = " ".join([r.text.lower() for r in self.requirements]) + if any(keyword in req_text for keyword in keywords): + missing_aspects.append(aspect) + + if missing_aspects: + self.violations.append(Violation( + severity=Severity.HIGH, + category="COMPLETENESS", + title=f"Missing {len(missing_aspects)} important aspects", + description=f"Requirements mention these aspects, but specification doesn't address them:", + evidence=missing_aspects + )) + + print(f" ✓ Missing aspects: {len(missing_aspects)}") + + def check_scope_creep(self): + """Detect potential scope creep""" + print("\n[CHECK] Scope Creep Detection...") + + # Already handled in check_orphaned_specifications + # This is a placeholder for additional scope creep checks + pass + + def check_vagueness(self): + """Check for vague or non-specific specifications""" + print("\n[CHECK] Vagueness Detection...") + + vague_specs = [] + + # Look for specifications without concrete details + for spec in self.specifications: + # Check for lack of numbers, specific terms, etc. + has_numbers = bool(re.search(r'\d+', spec.text)) + has_specifics = any(word in spec.text.lower() for word in + ['exactly', 'specifically', 'must', 'shall', 'will']) + + word_count = len(spec.text.split()) + + if not has_numbers and not has_specifics and word_count > 10: + vague_specs.append(spec) + + if vague_specs: + self.violations.append(Violation( + severity=Severity.MEDIUM, + category="VAGUENESS", + title=f"{len(vague_specs)} vague specifications", + description="These specifications lack concrete details or measurable criteria:", + evidence=[f"Line {s.line_number}: {s.text[:100]}..." for s in vague_specs[:5]], + line_numbers=[s.line_number for s in vague_specs] + )) + + print(f" ✓ Vague specifications: {len(vague_specs)}") + + def check_testability(self): + """Check if specifications are testable""" + print("\n[CHECK] Testability Analysis...") + + untestable = [] + + # Testable specs usually have concrete criteria + testable_indicators = [ + r'\d+', # Numbers + r'(?:shall|must|will)\s+(?:be|have|support|provide)', # Concrete requirements + r'(?:return|output|display|store|send)', # Observable actions + ] + + for spec in self.specifications: + is_testable = any(re.search(pattern, spec.text, re.IGNORECASE) + for pattern in testable_indicators) + + # Check for untestable language + untestable_words = ['appropriate', 'adequate', 'reasonable', 'user-friendly', + 'intuitive', 'easy', 'simple', 'good', 'nice'] + has_untestable = any(word in spec.text.lower() for word in untestable_words) + + if not is_testable or has_untestable: + untestable.append(spec) + + if untestable: + self.violations.append(Violation( + severity=Severity.MEDIUM, + category="TESTABILITY", + title=f"{len(untestable)} specifications may not be testable", + description="These specifications lack concrete, measurable acceptance criteria:", + evidence=[f"Line {s.line_number}: {s.text[:100]}..." for s in untestable[:5]], + line_numbers=[s.line_number for s in untestable] + )) + + print(f" ✓ Untestable specifications: {len(untestable)}") + + def check_consistency(self): + """Check for consistency in terminology and formatting""" + print("\n[CHECK] Consistency Analysis...") + + inconsistencies = [] + + # Check for inconsistent terminology (e.g., "user" vs "customer" vs "client") + terms_to_check = [ + ['user', 'customer', 'client'], + ['login', 'sign in', 'authenticate'], + ['database', 'data store', 'repository'], + ['api', 'service', 'endpoint'], + ] + + spec_text_lower = " ".join([s.text.lower() for s in self.specifications]) + + for term_group in terms_to_check: + found_terms = [term for term in term_group if term in spec_text_lower] + if len(found_terms) > 1: + inconsistencies.append(f"Inconsistent terminology: {' vs '.join(found_terms)}") + + if inconsistencies: + self.violations.append(Violation( + severity=Severity.LOW, + category="CONSISTENCY", + title=f"{len(inconsistencies)} consistency issues", + description="Found inconsistent terminology or formatting:", + evidence=inconsistencies + )) + + print(f" ✓ Consistency issues: {len(inconsistencies)}") + + def _extract_key_terms(self, text: str) -> List[str]: + """Extract key terms from text""" + # Remove common words and extract meaningful terms + words = re.findall(r'\w+', text.lower()) + stop_words = {'the', 'a', 'an', 'is', 'are', 'was', 'were', 'be', 'been', + 'have', 'has', 'had', 'do', 'does', 'did', 'will', 'would', + 'shall', 'should', 'must', 'may', 'can', 'could', 'not'} + return [w for w in words if len(w) > 3 and w not in stop_words] + + def _are_contradictory(self, text1: str, text2: str) -> bool: + """Check if two texts are contradictory""" + text1_lower = text1.lower() + text2_lower = text2.lower() + + # Extract key terms + terms1 = set(self._extract_key_terms(text1)) + terms2 = set(self._extract_key_terms(text2)) + + # Check for significant overlap in terms + overlap = terms1 & terms2 + if len(overlap) < 2: + return False + + # Check for negation patterns + negations = ['not', 'no', 'never', 'without', 'cannot', 'must not', 'shall not'] + has_negation1 = any(neg in text1_lower for neg in negations) + has_negation2 = any(neg in text2_lower for neg in negations) + + # If one has negation and the other doesn't, with similar terms, likely contradictory + if has_negation1 != has_negation2 and len(overlap) >= 3: + return True + + return False + + def generate_report(self) -> str: + """Generate a comprehensive verification report""" + report = [] + report.append("\n" + "="*80) + report.append("ADVERSARIAL SPECIFICATION VERIFICATION REPORT") + report.append("="*80) + + # Summary statistics + report.append(f"\n📊 SUMMARY STATISTICS") + report.append(f" Requirements analyzed: {len(self.requirements)}") + report.append(f" Principles checked: {len(self.principles)}") + report.append(f" Specification items: {len(self.specifications)}") + report.append(f" Total violations found: {len(self.violations)}") + + # Violations by severity + severity_counts = defaultdict(int) + for v in self.violations: + severity_counts[v.severity] += 1 + + report.append(f"\n🚨 VIOLATIONS BY SEVERITY") + for severity in Severity: + count = severity_counts[severity] + if count > 0: + report.append(f" {severity.value}: {count}") + + # Detailed violations + report.append(f"\n📋 DETAILED VIOLATIONS") + + # Sort by severity + severity_order = {Severity.CRITICAL: 0, Severity.HIGH: 1, + Severity.MEDIUM: 2, Severity.LOW: 3, Severity.INFO: 4} + sorted_violations = sorted(self.violations, key=lambda v: severity_order[v.severity]) + + for violation in sorted_violations: + report.append(str(violation)) + + # Overall verdict + report.append("\n" + "="*80) + report.append("VERDICT") + report.append("="*80) + + critical_count = severity_counts[Severity.CRITICAL] + high_count = severity_counts[Severity.HIGH] + + if critical_count > 0: + verdict = f"❌ FAILED - {critical_count} CRITICAL issues must be resolved" + elif high_count > 5: + verdict = f"⚠️ CONDITIONAL FAIL - {high_count} HIGH severity issues need attention" + elif high_count > 0: + verdict = f"⚠️ PASS WITH CONCERNS - {high_count} HIGH severity issues present" + else: + verdict = "✅ PASSED - Minor issues only" + + report.append(verdict) + report.append("="*80) + + return "\n".join(report) + + +def main(): + parser = argparse.ArgumentParser( + description='Adversarial Specification Verification Tool', + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=""" +Examples: + %(prog)s --human-input input1.txt input2.txt \\ + --requirements reqs.txt \\ + --constitution principles.txt \\ + --specification spec.txt + + %(prog)s -i inputs/ -r reqs/ -c constitution.txt -s spec.md --output report.txt + """ + ) + + parser.add_argument('-i', '--human-input', nargs='+', required=True, + help='Human input documents (one or more files)') + parser.add_argument('-r', '--requirements', nargs='+', required=True, + help='Reverse-engineered requirements documents') + parser.add_argument('-c', '--constitution', required=True, + help='Constitution/guiding principles document') + parser.add_argument('-s', '--specification', required=True, + help='Specification document to verify') + parser.add_argument('-o', '--output', help='Output report file (default: stdout)') + parser.add_argument('--json', action='store_true', + help='Output violations in JSON format') + + args = parser.parse_args() + + # Convert paths + human_inputs = [Path(p) for p in args.human_input] + requirements = [Path(p) for p in args.requirements] + constitution = Path(args.constitution) + specification = Path(args.specification) + + # Verify files exist + for filepath in human_inputs + requirements + [constitution, specification]: + if not filepath.exists(): + print(f"Error: File not found: {filepath}", file=sys.stderr) + sys.exit(1) + + # Run verification + verifier = SpecificationVerifier() + verifier.load_documents(human_inputs, requirements, constitution, specification) + verifier.verify() + + # Generate report + if args.json: + output = json.dumps([ + { + 'severity': v.severity.value, + 'category': v.category, + 'title': v.title, + 'description': v.description, + 'evidence': v.evidence, + 'line_numbers': v.line_numbers + } + for v in verifier.violations + ], indent=2) + else: + output = verifier.generate_report() + + # Write output + if args.output: + with open(args.output, 'w') as f: + f.write(output) + print(f"\nReport written to: {args.output}") + else: + print(output) + + # Exit with error code if critical violations found + critical_count = sum(1 for v in verifier.violations if v.severity == Severity.CRITICAL) + sys.exit(1 if critical_count > 0 else 0) + + +if __name__ == '__main__': + main() + + diff --git a/spec_verifier_enhanced.py b/spec_verifier_enhanced.py new file mode 100755 index 0000000..884cc37 --- /dev/null +++ b/spec_verifier_enhanced.py @@ -0,0 +1,1141 @@ +#!/usr/bin/env python3 +""" +Adversarial Specification Verification Tool - Enhanced with Source Document Analysis + +This tool verifies that a specification document properly addresses all inputs: +- Human input documents (which may be summaries of original sources) +- Reverse-engineered requirements documents +- Constitution of guiding principles + +When violations are detected, it can fetch and analyze original source documents via API +for deeper investigation (transcripts, emails, design documents, etc.) +""" + +import argparse +import json +import re +import sys +from collections import defaultdict +from dataclasses import dataclass, field +from enum import Enum +from pathlib import Path +from typing import List, Dict, Set, Tuple, Optional, Any +import hashlib +import urllib.request +import urllib.error +import urllib.parse +from datetime import datetime + + +class Severity(Enum): + CRITICAL = "CRITICAL" + HIGH = "HIGH" + MEDIUM = "MEDIUM" + LOW = "LOW" + INFO = "INFO" + + +@dataclass +class SourceDocument: + """Represents an original source document""" + doc_id: str + doc_type: str # 'transcript', 'email', 'design_doc', 'meeting_notes', etc. + url: str + title: str + date: Optional[str] = None + participants: List[str] = field(default_factory=list) + content: Optional[str] = None + fetched: bool = False + + +@dataclass +class Violation: + """Represents a verification violation""" + severity: Severity + category: str + title: str + description: str + evidence: List[str] = field(default_factory=list) + line_numbers: List[int] = field(default_factory=list) + related_requirements: List[str] = field(default_factory=list) + source_documents: List[SourceDocument] = field(default_factory=list) + deep_analysis: Optional[str] = None + + def __str__(self): + result = f"\n[{self.severity.value}] {self.category}: {self.title}\n" + result += f" {self.description}\n" + if self.evidence: + result += f" Evidence:\n" + for e in self.evidence[:3]: + result += f" - {e}\n" + if self.line_numbers: + result += f" Lines: {', '.join(map(str, sorted(self.line_numbers)[:5]))}\n" + if self.source_documents: + result += f" 📄 Source Documents Analyzed: {len(self.source_documents)}\n" + for doc in self.source_documents[:3]: + result += f" - {doc.doc_type}: {doc.title}\n" + if self.deep_analysis: + result += f" 🔍 Deep Analysis:\n" + for line in self.deep_analysis.split('\n')[:5]: + if line.strip(): + result += f" {line}\n" + return result + + +@dataclass +class Requirement: + """Represents a requirement extracted from documents""" + id: str + text: str + source: str + line_number: int + priority: str = "NORMAL" + tags: Set[str] = field(default_factory=set) + source_doc_refs: List[str] = field(default_factory=list) # IDs of original source documents + + def __hash__(self): + return hash(self.id) + + +@dataclass +class Principle: + """Represents a guiding principle""" + id: str + text: str + category: str + mandatory: bool = True + line_number: int = 0 + + +@dataclass +class SpecificationItem: + """Represents an item in the specification""" + id: str + text: str + line_number: int + addresses_requirements: Set[str] = field(default_factory=set) + tags: Set[str] = field(default_factory=set) + + +class SourceDocumentAPI: + """Handles API calls to fetch original source documents""" + + def __init__(self, api_config: Optional[Dict[str, Any]] = None): + self.api_config = api_config or {} + self.cache: Dict[str, SourceDocument] = {} + self.base_url = self.api_config.get('base_url', '') + self.api_key = self.api_config.get('api_key', '') + self.timeout = self.api_config.get('timeout', 30) + self.max_retries = self.api_config.get('max_retries', 3) + self.enabled = self.api_config.get('enabled', False) + + def fetch_document(self, doc_id: str, doc_type: str = 'unknown') -> Optional[SourceDocument]: + """Fetch a source document by ID""" + if not self.enabled: + return None + + # Check cache first + if doc_id in self.cache: + return self.cache[doc_id] + + try: + # Construct API URL + url = f"{self.base_url}/documents/{doc_id}" + + # Prepare request + headers = { + 'Authorization': f'Bearer {self.api_key}', + 'Content-Type': 'application/json', + 'User-Agent': 'SpecVerifier/2.0' + } + + request = urllib.request.Request(url, headers=headers) + + # Make request with timeout + with urllib.request.urlopen(request, timeout=self.timeout) as response: + data = json.loads(response.read().decode('utf-8')) + + doc = SourceDocument( + doc_id=doc_id, + doc_type=data.get('type', doc_type), + url=url, + title=data.get('title', f'Document {doc_id}'), + date=data.get('date'), + participants=data.get('participants', []), + content=data.get('content', ''), + fetched=True + ) + + # Cache the document + self.cache[doc_id] = doc + return doc + + except urllib.error.HTTPError as e: + print(f" ⚠️ API Error: HTTP {e.code} fetching {doc_id}", file=sys.stderr) + return None + except urllib.error.URLError as e: + print(f" ⚠️ Network Error: {e.reason} fetching {doc_id}", file=sys.stderr) + return None + except Exception as e: + print(f" ⚠️ Error fetching {doc_id}: {e}", file=sys.stderr) + return None + + def fetch_multiple(self, doc_ids: List[str]) -> List[SourceDocument]: + """Fetch multiple documents""" + documents = [] + for doc_id in doc_ids: + doc = self.fetch_document(doc_id) + if doc: + documents.append(doc) + return documents + + +class DocumentParser: + """Parses various document formats and extracts source document references""" + + @staticmethod + def parse_file(filepath: Path) -> List[str]: + """Parse a file and return lines""" + try: + with open(filepath, 'r', encoding='utf-8') as f: + return f.readlines() + except Exception as e: + print(f"Error reading {filepath}: {e}", file=sys.stderr) + return [] + + @staticmethod + def extract_source_refs(text: str) -> List[str]: + """Extract source document references from text""" + # Look for patterns like: + # [SRC:transcript-2024-01-15] + # [SOURCE:email-stakeholder-001] + # [DOC:design-doc-v2] + refs = re.findall(r'\[(?:SRC|SOURCE|DOC):([^\]]+)\]', text, re.IGNORECASE) + return refs + + @staticmethod + def extract_requirements(lines: List[str], source: str) -> List[Requirement]: + """Extract requirements from document lines""" + requirements = [] + + req_patterns = [ + r'(?:REQ|REQUIREMENT|SHALL|MUST|SHOULD|NEEDS?)\s*[-:]?\s*(.+)', + r'(?:The system|The application|It)\s+(?:shall|must|should|needs? to)\s+(.+)', + r'^\s*[-*]\s+(.+(?:shall|must|should|required|necessary).+)', + r'^\s*\d+\.\s+(.+)', + ] + + for line_num, line in enumerate(lines, 1): + line_stripped = line.strip() + if not line_stripped or len(line_stripped) < 10: + continue + + # Extract source document references + source_refs = DocumentParser.extract_source_refs(line_stripped) + + for pattern in req_patterns: + match = re.search(pattern, line_stripped, re.IGNORECASE) + if match: + text = match.group(1) if match.lastindex else line_stripped + text = text.strip().rstrip('.;,') + + # Remove source refs from text + clean_text = re.sub(r'\[(?:SRC|SOURCE|DOC):[^\]]+\]', '', text).strip() + + req_id = f"REQ_{hashlib.md5(clean_text.encode()).hexdigest()[:8]}" + priority = "HIGH" if any(word in line.lower() for word in ['must', 'shall', 'critical']) else "NORMAL" + tags = DocumentParser._extract_tags(line_stripped) + + req = Requirement( + id=req_id, + text=clean_text, + source=source, + line_number=line_num, + priority=priority, + tags=tags, + source_doc_refs=source_refs + ) + requirements.append(req) + break + + return requirements + + @staticmethod + def extract_principles(lines: List[str]) -> List[Principle]: + """Extract guiding principles from constitution document""" + principles = [] + + principle_patterns = [ + r'(?:PRINCIPLE|RULE|GUIDELINE|CONSTRAINT)\s*[-:]?\s*(.+)', + r'^\s*[-*]\s+(.+)', + r'^\s*\d+\.\s+(.+)', + ] + + current_category = "GENERAL" + + for line_num, line in enumerate(lines, 1): + line = line.strip() + if not line: + continue + + if line.isupper() and len(line.split()) <= 5: + current_category = line + continue + + for pattern in principle_patterns: + match = re.search(pattern, line, re.IGNORECASE) + if match: + text = match.group(1) if match.lastindex else line + text = text.strip().rstrip('.;,') + + if len(text) < 10: + continue + + principle_id = f"PRIN_{hashlib.md5(text.encode()).hexdigest()[:8]}" + mandatory = any(word in line.lower() for word in ['must', 'shall', 'required', 'mandatory']) + + principle = Principle( + id=principle_id, + text=text, + category=current_category, + mandatory=mandatory, + line_number=line_num + ) + principles.append(principle) + break + + return principles + + @staticmethod + def extract_specifications(lines: List[str]) -> List[SpecificationItem]: + """Extract specification items from specification document""" + specs = [] + + spec_patterns = [ + r'(?:SPEC|SPECIFICATION)\s*[-:]?\s*(.+)', + r'^\s*[-*]\s+(.+)', + r'^\s*\d+\.\s+(.+)', + r'^#{1,6}\s+(.+)', + ] + + for line_num, line in enumerate(lines, 1): + line = line.strip() + if not line or len(line) < 10: + continue + + for pattern in spec_patterns: + match = re.search(pattern, line, re.IGNORECASE) + if match: + text = match.group(1) if match.lastindex else line + text = text.strip().rstrip('.;,') + + spec_id = f"SPEC_{hashlib.md5(text.encode()).hexdigest()[:8]}" + ref_reqs = set(re.findall(r'REQ[_-]?\w+', line, re.IGNORECASE)) + tags = DocumentParser._extract_tags(line) + + spec = SpecificationItem( + id=spec_id, + text=text, + line_number=line_num, + addresses_requirements=ref_reqs, + tags=tags + ) + specs.append(spec) + break + + return specs + + @staticmethod + def _extract_tags(text: str) -> Set[str]: + """Extract semantic tags from text""" + tags = set() + + tag_keywords = { + 'security': ['security', 'authentication', 'authorization', 'encrypt', 'secure'], + 'performance': ['performance', 'speed', 'latency', 'throughput', 'optimize'], + 'ui': ['ui', 'user interface', 'display', 'screen', 'view'], + 'api': ['api', 'endpoint', 'rest', 'service'], + 'database': ['database', 'data', 'storage', 'persist', 'store'], + 'validation': ['validate', 'validation', 'verify', 'check'], + 'error_handling': ['error', 'exception', 'failure', 'handle'], + 'logging': ['log', 'logging', 'audit', 'track'], + } + + text_lower = text.lower() + for tag, keywords in tag_keywords.items(): + if any(keyword in text_lower for keyword in keywords): + tags.add(tag) + + return tags + + +class DeepAnalyzer: + """Performs deep analysis on source documents when violations are found""" + + def __init__(self, api_client: SourceDocumentAPI): + self.api_client = api_client + + def analyze_missing_requirement(self, requirement: Requirement) -> Tuple[List[SourceDocument], str]: + """Analyze source documents to understand why requirement is missing""" + if not requirement.source_doc_refs: + return [], "No source documents referenced for deeper analysis" + + # Fetch source documents + source_docs = self.api_client.fetch_multiple(requirement.source_doc_refs) + + if not source_docs: + return [], "Could not fetch source documents" + + analysis = [] + analysis.append(f"Analyzed {len(source_docs)} source document(s):") + + for doc in source_docs: + if not doc.content: + continue + + # Search for requirement keywords in source + req_keywords = set(re.findall(r'\w+', requirement.text.lower())) + req_keywords = {w for w in req_keywords if len(w) > 3} + + # Find relevant sections + doc_lower = doc.content.lower() + matches = [] + for keyword in list(req_keywords)[:5]: # Top 5 keywords + if keyword in doc_lower: + # Find context around keyword + idx = doc_lower.find(keyword) + start = max(0, idx - 50) + end = min(len(doc.content), idx + 100) + context = doc.content[start:end].replace('\n', ' ') + matches.append(f"'{keyword}': ...{context}...") + + if matches: + analysis.append(f" In {doc.title} ({doc.doc_type}):") + analysis.extend([f" - {m}" for m in matches[:2]]) + else: + analysis.append(f" In {doc.title}: No direct mentions found") + + return source_docs, '\n'.join(analysis) + + def analyze_principle_violation(self, principle: Principle, spec_item: SpecificationItem, + related_reqs: List[Requirement]) -> Tuple[List[SourceDocument], str]: + """Analyze why a principle was violated""" + source_doc_ids = [] + for req in related_reqs: + source_doc_ids.extend(req.source_doc_refs) + + if not source_doc_ids: + return [], "No source documents available for analysis" + + source_docs = self.api_client.fetch_multiple(list(set(source_doc_ids))) + + if not source_docs: + return [], "Could not fetch source documents" + + analysis = [] + analysis.append(f"Checking if source documents justify this violation:") + + # Look for explicit mentions or contradictions + principle_keywords = set(re.findall(r'\w+', principle.text.lower())) + principle_keywords = {w for w in principle_keywords if len(w) > 4} + + for doc in source_docs: + if not doc.content: + continue + + doc_lower = doc.content.lower() + relevant_found = False + + for keyword in list(principle_keywords)[:3]: + if keyword in doc_lower: + relevant_found = True + break + + if relevant_found: + analysis.append(f" {doc.title} mentions related concepts") + else: + analysis.append(f" {doc.title} does not discuss this principle") + + return source_docs, '\n'.join(analysis) + + def analyze_ambiguity(self, spec_item: SpecificationItem, requirements: List[Requirement]) -> Tuple[List[SourceDocument], str]: + """Analyze source documents to clarify ambiguous specifications""" + # Find requirements that might relate to this spec + spec_keywords = set(re.findall(r'\w+', spec_item.text.lower())) + spec_keywords = {w for w in spec_keywords if len(w) > 3} + + related_reqs = [] + for req in requirements: + req_keywords = set(re.findall(r'\w+', req.text.lower())) + overlap = spec_keywords & req_keywords + if len(overlap) >= 2: + related_reqs.append(req) + + source_doc_ids = [] + for req in related_reqs: + source_doc_ids.extend(req.source_doc_refs) + + if not source_doc_ids: + return [], "No source documents to clarify this ambiguity" + + source_docs = self.api_client.fetch_multiple(list(set(source_doc_ids))) + + analysis = [] + analysis.append(f"Searched source documents for clarification:") + + for doc in source_docs: + if doc.content: + analysis.append(f" {doc.title} ({doc.doc_type}) - {len(doc.content)} chars analyzed") + + return source_docs, '\n'.join(analysis) + + +class SpecificationVerifier: + """Performs adversarial verification of specifications with deep source analysis""" + + def __init__(self, api_config: Optional[Dict[str, Any]] = None, enable_deep_analysis: bool = False): + self.violations: List[Violation] = [] + self.requirements: List[Requirement] = [] + self.principles: List[Principle] = [] + self.specifications: List[SpecificationItem] = [] + self.api_client = SourceDocumentAPI(api_config) + self.deep_analyzer = DeepAnalyzer(self.api_client) + self.enable_deep_analysis = enable_deep_analysis and self.api_client.enabled + + def load_documents(self, human_inputs: List[Path], requirements_docs: List[Path], + constitution: Path, specification: Path): + """Load all input documents""" + parser = DocumentParser() + + for doc in human_inputs: + lines = parser.parse_file(doc) + reqs = parser.extract_requirements(lines, f"HUMAN_INPUT:{doc.name}") + self.requirements.extend(reqs) + + for doc in requirements_docs: + lines = parser.parse_file(doc) + reqs = parser.extract_requirements(lines, f"REV_ENG:{doc.name}") + self.requirements.extend(reqs) + + lines = parser.parse_file(constitution) + self.principles = parser.extract_principles(lines) + + lines = parser.parse_file(specification) + self.specifications = parser.extract_specifications(lines) + + print(f"Loaded: {len(self.requirements)} requirements, {len(self.principles)} principles, " + f"{len(self.specifications)} specification items") + + # Count requirements with source references + reqs_with_sources = sum(1 for r in self.requirements if r.source_doc_refs) + if reqs_with_sources > 0: + print(f"Found {reqs_with_sources} requirements with source document references") + if self.enable_deep_analysis: + print(f"✓ Deep analysis enabled - will fetch source documents for violations") + + def verify(self): + """Run all verification checks""" + print("\n" + "="*80) + print("RUNNING ADVERSARIAL VERIFICATION") + if self.enable_deep_analysis: + print("(with deep source document analysis)") + print("="*80) + + self.check_requirement_coverage() + self.check_orphaned_specifications() + self.check_principle_violations() + self.check_ambiguity() + self.check_contradictions() + self.check_completeness() + self.check_scope_creep() + self.check_vagueness() + self.check_testability() + self.check_consistency() + + def check_requirement_coverage(self): + """Verify all requirements are addressed in specification""" + print("\n[CHECK] Requirement Coverage Analysis...") + + spec_text = " ".join([s.text.lower() for s in self.specifications]) + + uncovered = [] + partially_covered = [] + + for req in self.requirements: + req_keywords = set(re.findall(r'\w+', req.text.lower())) + req_keywords = {w for w in req_keywords if len(w) > 3} + + if not req_keywords: + continue + + matches = sum(1 for keyword in req_keywords if keyword in spec_text) + coverage = matches / len(req_keywords) if req_keywords else 0 + + if coverage == 0: + uncovered.append(req) + elif coverage < 0.5: + partially_covered.append(req) + + if uncovered: + evidence = [f"{r.id} [{r.source}]: {r.text[:100]}..." for r in uncovered[:5]] + + violation = Violation( + severity=Severity.CRITICAL, + category="COVERAGE", + title=f"{len(uncovered)} requirements have NO coverage in specification", + description=f"The following requirements are completely missing from the specification:", + evidence=evidence, + related_requirements=[r.id for r in uncovered] + ) + + # Deep analysis for critical missing requirements + if self.enable_deep_analysis and uncovered: + print(" 🔍 Performing deep analysis on uncovered requirements...") + for req in uncovered[:3]: # Analyze top 3 + if req.source_doc_refs: + docs, analysis = self.deep_analyzer.analyze_missing_requirement(req) + violation.source_documents.extend(docs) + if analysis and not violation.deep_analysis: + violation.deep_analysis = analysis + elif analysis: + violation.deep_analysis += "\n" + analysis + + self.violations.append(violation) + + if partially_covered: + self.violations.append(Violation( + severity=Severity.HIGH, + category="COVERAGE", + title=f"{len(partially_covered)} requirements have PARTIAL coverage", + description="These requirements are only partially addressed:", + evidence=[f"{r.id} [{r.source}]: {r.text[:100]}..." for r in partially_covered[:5]] + )) + + print(f" ✓ Uncovered requirements: {len(uncovered)}") + print(f" ✓ Partially covered requirements: {len(partially_covered)}") + + def check_orphaned_specifications(self): + """Find specification items that don't map to any requirement""" + print("\n[CHECK] Orphaned Specifications (Scope Creep)...") + + req_text = " ".join([r.text.lower() for r in self.requirements]) + + orphaned = [] + for spec in self.specifications: + spec_keywords = set(re.findall(r'\w+', spec.text.lower())) + spec_keywords = {w for w in spec_keywords if len(w) > 3} + + if not spec_keywords: + continue + + matches = sum(1 for keyword in spec_keywords if keyword in req_text) + coverage = matches / len(spec_keywords) if spec_keywords else 0 + + if coverage < 0.3: + orphaned.append(spec) + + if orphaned: + self.violations.append(Violation( + severity=Severity.HIGH, + category="SCOPE_CREEP", + title=f"{len(orphaned)} specification items appear to be out of scope", + description="These specifications don't clearly relate to any input requirements:", + evidence=[f"{s.id} (line {s.line_number}): {s.text[:100]}..." for s in orphaned[:5]], + line_numbers=[s.line_number for s in orphaned] + )) + + print(f" ✓ Orphaned specifications: {len(orphaned)}") + + def check_principle_violations(self): + """Check for violations of guiding principles""" + print("\n[CHECK] Principle Violations...") + + violations_found = [] + + for principle in self.principles: + if not principle.mandatory: + continue + + principle_lower = principle.text.lower() + + if any(phrase in principle_lower for phrase in ['must not', 'shall not', 'cannot', 'prohibited']): + prohibited_terms = self._extract_key_terms(principle.text) + + for spec in self.specifications: + spec_lower = spec.text.lower() + for term in prohibited_terms: + if term.lower() in spec_lower: + violations_found.append((principle, spec, term)) + + elif any(phrase in principle_lower for phrase in ['must', 'shall', 'required']): + required_terms = self._extract_key_terms(principle.text) + + spec_text = " ".join([s.text.lower() for s in self.specifications]) + found = any(term.lower() in spec_text for term in required_terms) + + if not found: + violations_found.append((principle, None, "Not addressed")) + + if violations_found: + evidence = [] + for principle, spec, issue in violations_found[:5]: + if spec: + evidence.append(f"Principle '{principle.text[:60]}...' violated by spec at line {spec.line_number}") + else: + evidence.append(f"Principle '{principle.text[:60]}...' not addressed in specification") + + violation = Violation( + severity=Severity.CRITICAL, + category="PRINCIPLE_VIOLATION", + title=f"{len(violations_found)} principle violations detected", + description="Mandatory principles have been violated or ignored:", + evidence=evidence + ) + + # Deep analysis for principle violations + if self.enable_deep_analysis and violations_found: + print(" 🔍 Performing deep analysis on principle violations...") + principle, spec, _ = violations_found[0] + if spec: + # Find related requirements + related_reqs = [r for r in self.requirements if any( + tag in spec.tags for tag in r.tags + )][:3] + + if any(r.source_doc_refs for r in related_reqs): + docs, analysis = self.deep_analyzer.analyze_principle_violation( + principle, spec, related_reqs + ) + violation.source_documents = docs + violation.deep_analysis = analysis + + self.violations.append(violation) + + print(f" ✓ Principle violations: {len(violations_found)}") + + def check_ambiguity(self): + """Check for ambiguous or unclear specifications""" + print("\n[CHECK] Ambiguity Detection...") + + ambiguous_specs = [] + + ambiguous_indicators = [ + 'appropriate', 'reasonable', 'adequate', 'sufficient', + 'as needed', 'if possible', 'etc', 'and so on', + 'various', 'several', 'some', 'many', 'few', + 'fast', 'slow', 'good', 'bad', 'efficient', + 'might', 'may', 'could', 'possibly', 'probably', + 'tbd', 'todo', 'to be determined', 'to be decided' + ] + + for spec in self.specifications: + spec_lower = spec.text.lower() + found_indicators = [ind for ind in ambiguous_indicators if ind in spec_lower] + + if found_indicators: + ambiguous_specs.append((spec, found_indicators)) + + if ambiguous_specs: + violation = Violation( + severity=Severity.MEDIUM, + category="AMBIGUITY", + title=f"{len(ambiguous_specs)} ambiguous specifications detected", + description="These specifications contain vague or ambiguous language:", + evidence=[f"Line {s.line_number}: '{s.text[:80]}...' (contains: {', '.join(ind)})" + for s, ind in ambiguous_specs[:5]], + line_numbers=[s.line_number for s, _ in ambiguous_specs] + ) + + # Deep analysis for ambiguous specs + if self.enable_deep_analysis and ambiguous_specs: + print(" 🔍 Analyzing source documents to clarify ambiguity...") + spec, _ = ambiguous_specs[0] + docs, analysis = self.deep_analyzer.analyze_ambiguity(spec, self.requirements) + if docs: + violation.source_documents = docs + violation.deep_analysis = analysis + + self.violations.append(violation) + + print(f" ✓ Ambiguous specifications: {len(ambiguous_specs)}") + + def check_contradictions(self): + """Look for contradictory specifications""" + print("\n[CHECK] Contradiction Detection...") + + contradictions = [] + + for i, spec1 in enumerate(self.specifications): + for spec2 in self.specifications[i+1:]: + if self._are_contradictory(spec1.text, spec2.text): + contradictions.append((spec1, spec2)) + + if contradictions: + self.violations.append(Violation( + severity=Severity.CRITICAL, + category="CONTRADICTION", + title=f"{len(contradictions)} potential contradictions found", + description="These specification pairs may contradict each other:", + evidence=[f"Line {s1.line_number} vs Line {s2.line_number}: '{s1.text[:60]}...' contradicts '{s2.text[:60]}...'" + for s1, s2 in contradictions[:3]], + line_numbers=[s.line_number for pair in contradictions for s in pair] + )) + + print(f" ✓ Contradictions: {len(contradictions)}") + + def check_completeness(self): + """Check for completeness across different aspects""" + print("\n[CHECK] Completeness Analysis...") + + aspects = { + 'security': ['security', 'authentication', 'authorization', 'encrypt'], + 'error_handling': ['error', 'exception', 'failure', 'handle'], + 'performance': ['performance', 'speed', 'latency', 'scale'], + 'validation': ['validate', 'validation', 'verify', 'check'], + 'logging': ['log', 'audit', 'track', 'monitor'], + } + + spec_text = " ".join([s.text.lower() for s in self.specifications]) + missing_aspects = [] + + for aspect, keywords in aspects.items(): + if not any(keyword in spec_text for keyword in keywords): + req_text = " ".join([r.text.lower() for r in self.requirements]) + if any(keyword in req_text for keyword in keywords): + missing_aspects.append(aspect) + + if missing_aspects: + self.violations.append(Violation( + severity=Severity.HIGH, + category="COMPLETENESS", + title=f"Missing {len(missing_aspects)} important aspects", + description=f"Requirements mention these aspects, but specification doesn't address them:", + evidence=missing_aspects + )) + + print(f" ✓ Missing aspects: {len(missing_aspects)}") + + def check_scope_creep(self): + """Detect potential scope creep""" + print("\n[CHECK] Scope Creep Detection...") + pass + + def check_vagueness(self): + """Check for vague or non-specific specifications""" + print("\n[CHECK] Vagueness Detection...") + + vague_specs = [] + + for spec in self.specifications: + has_numbers = bool(re.search(r'\d+', spec.text)) + has_specifics = any(word in spec.text.lower() for word in + ['exactly', 'specifically', 'must', 'shall', 'will']) + + word_count = len(spec.text.split()) + + if not has_numbers and not has_specifics and word_count > 10: + vague_specs.append(spec) + + if vague_specs: + self.violations.append(Violation( + severity=Severity.MEDIUM, + category="VAGUENESS", + title=f"{len(vague_specs)} vague specifications", + description="These specifications lack concrete details or measurable criteria:", + evidence=[f"Line {s.line_number}: {s.text[:100]}..." for s in vague_specs[:5]], + line_numbers=[s.line_number for s in vague_specs] + )) + + print(f" ✓ Vague specifications: {len(vague_specs)}") + + def check_testability(self): + """Check if specifications are testable""" + print("\n[CHECK] Testability Analysis...") + + untestable = [] + + testable_indicators = [ + r'\d+', + r'(?:shall|must|will)\s+(?:be|have|support|provide)', + r'(?:return|output|display|store|send)', + ] + + for spec in self.specifications: + is_testable = any(re.search(pattern, spec.text, re.IGNORECASE) + for pattern in testable_indicators) + + untestable_words = ['appropriate', 'adequate', 'reasonable', 'user-friendly', + 'intuitive', 'easy', 'simple', 'good', 'nice'] + has_untestable = any(word in spec.text.lower() for word in untestable_words) + + if not is_testable or has_untestable: + untestable.append(spec) + + if untestable: + self.violations.append(Violation( + severity=Severity.MEDIUM, + category="TESTABILITY", + title=f"{len(untestable)} specifications may not be testable", + description="These specifications lack concrete, measurable acceptance criteria:", + evidence=[f"Line {s.line_number}: {s.text[:100]}..." for s in untestable[:5]], + line_numbers=[s.line_number for s in untestable] + )) + + print(f" ✓ Untestable specifications: {len(untestable)}") + + def check_consistency(self): + """Check for consistency in terminology and formatting""" + print("\n[CHECK] Consistency Analysis...") + + inconsistencies = [] + + terms_to_check = [ + ['user', 'customer', 'client'], + ['login', 'sign in', 'authenticate'], + ['database', 'data store', 'repository'], + ['api', 'service', 'endpoint'], + ] + + spec_text_lower = " ".join([s.text.lower() for s in self.specifications]) + + for term_group in terms_to_check: + found_terms = [term for term in term_group if term in spec_text_lower] + if len(found_terms) > 1: + inconsistencies.append(f"Inconsistent terminology: {' vs '.join(found_terms)}") + + if inconsistencies: + self.violations.append(Violation( + severity=Severity.LOW, + category="CONSISTENCY", + title=f"{len(inconsistencies)} consistency issues", + description="Found inconsistent terminology or formatting:", + evidence=inconsistencies + )) + + print(f" ✓ Consistency issues: {len(inconsistencies)}") + + def _extract_key_terms(self, text: str) -> List[str]: + """Extract key terms from text""" + words = re.findall(r'\w+', text.lower()) + stop_words = {'the', 'a', 'an', 'is', 'are', 'was', 'were', 'be', 'been', + 'have', 'has', 'had', 'do', 'does', 'did', 'will', 'would', + 'shall', 'should', 'must', 'may', 'can', 'could', 'not'} + return [w for w in words if len(w) > 3 and w not in stop_words] + + def _are_contradictory(self, text1: str, text2: str) -> bool: + """Check if two texts are contradictory""" + text1_lower = text1.lower() + text2_lower = text2.lower() + + terms1 = set(self._extract_key_terms(text1)) + terms2 = set(self._extract_key_terms(text2)) + + overlap = terms1 & terms2 + if len(overlap) < 2: + return False + + negations = ['not', 'no', 'never', 'without', 'cannot', 'must not', 'shall not'] + has_negation1 = any(neg in text1_lower for neg in negations) + has_negation2 = any(neg in text2_lower for neg in negations) + + if has_negation1 != has_negation2 and len(overlap) >= 3: + return True + + return False + + def generate_report(self) -> str: + """Generate a comprehensive verification report""" + report = [] + report.append("\n" + "="*80) + report.append("ADVERSARIAL SPECIFICATION VERIFICATION REPORT") + if self.enable_deep_analysis: + report.append("(Enhanced with Source Document Analysis)") + report.append("="*80) + + report.append(f"\n📊 SUMMARY STATISTICS") + report.append(f" Requirements analyzed: {len(self.requirements)}") + report.append(f" Principles checked: {len(self.principles)}") + report.append(f" Specification items: {len(self.specifications)}") + report.append(f" Total violations found: {len(self.violations)}") + + if self.enable_deep_analysis: + total_docs = sum(len(v.source_documents) for v in self.violations) + if total_docs > 0: + report.append(f" Source documents analyzed: {total_docs}") + + severity_counts = defaultdict(int) + for v in self.violations: + severity_counts[v.severity] += 1 + + report.append(f"\n🚨 VIOLATIONS BY SEVERITY") + for severity in Severity: + count = severity_counts[severity] + if count > 0: + report.append(f" {severity.value}: {count}") + + report.append(f"\n📋 DETAILED VIOLATIONS") + + severity_order = {Severity.CRITICAL: 0, Severity.HIGH: 1, + Severity.MEDIUM: 2, Severity.LOW: 3, Severity.INFO: 4} + sorted_violations = sorted(self.violations, key=lambda v: severity_order[v.severity]) + + for violation in sorted_violations: + report.append(str(violation)) + + report.append("\n" + "="*80) + report.append("VERDICT") + report.append("="*80) + + critical_count = severity_counts[Severity.CRITICAL] + high_count = severity_counts[Severity.HIGH] + + if critical_count > 0: + verdict = f"❌ FAILED - {critical_count} CRITICAL issues must be resolved" + elif high_count > 5: + verdict = f"⚠️ CONDITIONAL FAIL - {high_count} HIGH severity issues need attention" + elif high_count > 0: + verdict = f"⚠️ PASS WITH CONCERNS - {high_count} HIGH severity issues present" + else: + verdict = "✅ PASSED - Minor issues only" + + report.append(verdict) + report.append("="*80) + + return "\n".join(report) + + +def main(): + parser = argparse.ArgumentParser( + description='Adversarial Specification Verification Tool with Source Document Analysis', + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=""" +Examples: + # Basic verification + %(prog)s --human-input input1.txt input2.txt \\ + --requirements reqs.txt \\ + --constitution principles.txt \\ + --specification spec.txt + + # With deep analysis (requires API config) + %(prog)s -i inputs/ -r reqs/ -c constitution.txt -s spec.md \\ + --deep-analysis \\ + --api-config api_config.json + + # Custom API configuration + %(prog)s [...] --deep-analysis \\ + --api-url https://api.example.com \\ + --api-key YOUR_API_KEY + """ + ) + + parser.add_argument('-i', '--human-input', nargs='+', required=True, + help='Human input documents (one or more files)') + parser.add_argument('-r', '--requirements', nargs='+', required=True, + help='Reverse-engineered requirements documents') + parser.add_argument('-c', '--constitution', required=True, + help='Constitution/guiding principles document') + parser.add_argument('-s', '--specification', required=True, + help='Specification document to verify') + parser.add_argument('-o', '--output', help='Output report file (default: stdout)') + parser.add_argument('--json', action='store_true', + help='Output violations in JSON format') + + # Deep analysis options + parser.add_argument('--deep-analysis', action='store_true', + help='Enable deep analysis of source documents when violations found') + parser.add_argument('--api-config', type=str, + help='Path to API configuration JSON file') + parser.add_argument('--api-url', type=str, + help='Base URL for source document API') + parser.add_argument('--api-key', type=str, + help='API key for authentication') + parser.add_argument('--api-timeout', type=int, default=30, + help='API request timeout in seconds (default: 30)') + + args = parser.parse_args() + + # Convert paths + human_inputs = [Path(p) for p in args.human_input] + requirements = [Path(p) for p in args.requirements] + constitution = Path(args.constitution) + specification = Path(args.specification) + + # Verify files exist + for filepath in human_inputs + requirements + [constitution, specification]: + if not filepath.exists(): + print(f"Error: File not found: {filepath}", file=sys.stderr) + sys.exit(1) + + # Configure API + api_config = {} + if args.api_config: + with open(args.api_config, 'r') as f: + api_config = json.load(f) + else: + if args.api_url: + api_config['base_url'] = args.api_url + if args.api_key: + api_config['api_key'] = args.api_key + api_config['timeout'] = args.api_timeout + + # Enable API if deep analysis requested and config provided + if args.deep_analysis: + if not api_config.get('base_url'): + print("Warning: Deep analysis requested but no API URL provided. Running without deep analysis.", + file=sys.stderr) + api_config['enabled'] = False + else: + api_config['enabled'] = True + else: + api_config['enabled'] = False + + # Run verification + verifier = SpecificationVerifier( + api_config=api_config, + enable_deep_analysis=args.deep_analysis + ) + verifier.load_documents(human_inputs, requirements, constitution, specification) + verifier.verify() + + # Generate report + if args.json: + output = json.dumps([ + { + 'severity': v.severity.value, + 'category': v.category, + 'title': v.title, + 'description': v.description, + 'evidence': v.evidence, + 'line_numbers': v.line_numbers, + 'source_documents': [ + { + 'id': d.doc_id, + 'type': d.doc_type, + 'title': d.title, + 'url': d.url + } for d in v.source_documents + ] if v.source_documents else [], + 'deep_analysis': v.deep_analysis + } + for v in verifier.violations + ], indent=2) + else: + output = verifier.generate_report() + + # Write output + if args.output: + with open(args.output, 'w') as f: + f.write(output) + print(f"\nReport written to: {args.output}") + else: + print(output) + + # Exit with error code if critical violations found + critical_count = sum(1 for v in verifier.violations if v.severity == Severity.CRITICAL) + sys.exit(1 if critical_count > 0 else 0) + + +if __name__ == '__main__': + main() + + diff --git a/test_verifier.sh b/test_verifier.sh new file mode 100755 index 0000000..8bb4890 --- /dev/null +++ b/test_verifier.sh @@ -0,0 +1,93 @@ +#!/bin/bash +# Test script to verify the spec verifier is working correctly + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +echo "Testing Specification Verifier..." +echo "" + +# Test 1: Check if Python 3 is available +echo "[1/5] Checking Python 3..." +if command -v python3 &> /dev/null; then + PYTHON_VERSION=$(python3 --version) + echo " ✓ Found: $PYTHON_VERSION" +else + echo " ✗ Python 3 not found. Please install Python 3." + exit 1 +fi + +# Test 2: Check if spec_verifier.py exists and is executable +echo "[2/5] Checking spec_verifier.py..." +if [ -x "$SCRIPT_DIR/spec_verifier.py" ]; then + echo " ✓ spec_verifier.py exists and is executable" +else + echo " ✗ spec_verifier.py not found or not executable" + exit 1 +fi + +# Test 3: Check if example files exist +echo "[3/5] Checking example files..." +REQUIRED_FILES=( + "examples/human_input.txt" + "examples/reverse_eng_requirements.txt" + "examples/constitution.txt" + "examples/specification_with_issues.md" +) + +ALL_EXIST=true +for file in "${REQUIRED_FILES[@]}"; do + if [ -f "$SCRIPT_DIR/$file" ]; then + echo " ✓ $file exists" + else + echo " ✗ $file not found" + ALL_EXIST=false + fi +done + +if [ "$ALL_EXIST" = false ]; then + exit 1 +fi + +# Test 4: Test --help flag +echo "[4/5] Testing --help flag..." +if python3 "$SCRIPT_DIR/spec_verifier.py" --help &> /dev/null; then + echo " ✓ Help flag works" +else + echo " ✗ Help flag failed" + exit 1 +fi + +# Test 5: Run actual verification (expect it to fail with violations) +echo "[5/5] Running verification test..." +if python3 "$SCRIPT_DIR/spec_verifier.py" \ + --human-input "$SCRIPT_DIR/examples/human_input.txt" \ + --requirements "$SCRIPT_DIR/examples/reverse_eng_requirements.txt" \ + --constitution "$SCRIPT_DIR/examples/constitution.txt" \ + --specification "$SCRIPT_DIR/examples/specification_with_issues.md" \ + > /dev/null 2>&1; then + echo " ✗ Expected verification to fail (find violations), but it passed" + exit 1 +else + EXIT_CODE=$? + if [ $EXIT_CODE -eq 1 ]; then + echo " ✓ Verification correctly found violations (exit code 1)" + else + echo " ✗ Unexpected exit code: $EXIT_CODE" + exit 1 + fi +fi + +echo "" +echo "============================================" +echo "✅ All tests passed!" +echo "============================================" +echo "" +echo "Next steps:" +echo " 1. Run the demo: cd examples && ./run_demo.sh" +echo " 2. Read the docs: less SPEC_VERIFIER_README.md" +echo " 3. Try with your own documents" +echo "" + + diff --git a/transcripts/12.08.2025_transcript_01.docx b/transcripts/12.08.2025_transcript_01.docx new file mode 100644 index 0000000..694e357 Binary files /dev/null and b/transcripts/12.08.2025_transcript_01.docx differ