trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

Archive code-review-fix change and sync specs to main

Browse source 
- Synced 14 capability delta specs to main specs
- Created 6 new main specs: api-authentication, error-boundary, input-validation, security-headers, shared-types
- Updated 8 existing specs with security, validation, and performance requirements
- Archived change to openspec/changes/archive/2026-02-20-code-review-fix/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marko Djordjevic 2026-02-20 08:54:59 +01:00
parent adb93a2d2e
commit 925e7284e3
32 changed files with 691 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

40
openspec/changes/code-review-fix/specs/postgres-data-layer/spec.md
View file

@ -1,40 +0,0 @@
## MODIFIED Requirements
### Requirement: Environment variable configuration (credentials)
The project SHALL use environment variables for runtime configuration. Credentials SHALL NOT be hardcoded in any committed file.
#### Scenario: .env file gitignored
- **WHEN** `.gitignore` is inspected
- **THEN** it includes `.env` (bare, not just `.env*.local`)
#### Scenario: .env removed from git history
- **WHEN** `git ls-files .env` is run
- **THEN** `.env` is NOT tracked by git
#### Scenario: .env.example has placeholder credentials
- **WHEN** `.env.example` is inspected
- **THEN** it contains `POSTGRES_PASSWORD=change_me_to_a_strong_password` (not a real password)
#### Scenario: No credentials in Python source
- **WHEN** `services/ml/app/db.py` is inspected
- **THEN** there are no SQL comments containing usernames or passwords, and the code fails fast if `DATABASE_URL` env var is not set
## ADDED Requirements
### Requirement: models directory gitignored
The `.gitignore` file SHALL include `models/` and `*.pkl` patterns to prevent model files from being committed.
#### Scenario: Model files excluded
- **WHEN** a model file is saved to `models/best.pkl`
- **THEN** `git status` does not show it as untracked
### Requirement: devDependencies correctly categorized
The `package.json` SHALL list `@types/*`, `typescript`, `eslint`, `eslint-config-next`, `autoprefixer`, and `postcss` under `devDependencies` (not `dependencies`).
#### Scenario: Type packages in devDependencies
- **WHEN** `package.json` is inspected
- **THEN** `@types/node`, `@types/react`, `@types/react-dom`, `@types/papaparse`, `@types/pg` are in `devDependencies`
#### Scenario: Build tools in devDependencies
- **WHEN** `package.json` is inspected
- **THEN** `typescript`, `eslint`, `eslint-config-next`, `autoprefixer`, `postcss` are in `devDependencies`