925e7284e3
- Synced 14 capability delta specs to main specs - Created 6 new main specs: api-authentication, error-boundary, input-validation, security-headers, shared-types - Updated 8 existing specs with security, validation, and performance requirements - Archived change to openspec/changes/archive/2026-02-20-code-review-fix/ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1.8 KiB
1.8 KiB
MODIFIED Requirements
Requirement: Environment variable configuration (credentials)
The project SHALL use environment variables for runtime configuration. Credentials SHALL NOT be hardcoded in any committed file.
Scenario: .env file gitignored
- WHEN
.gitignoreis inspected - THEN it includes
.env(bare, not just.env*.local)
Scenario: .env removed from git history
- WHEN
git ls-files .envis run - THEN
.envis NOT tracked by git
Scenario: .env.example has placeholder credentials
- WHEN
.env.exampleis inspected - THEN it contains
POSTGRES_PASSWORD=change_me_to_a_strong_password(not a real password)
Scenario: No credentials in Python source
- WHEN
services/ml/app/db.pyis inspected - THEN there are no SQL comments containing usernames or passwords, and the code fails fast if
DATABASE_URLenv var is not set
ADDED Requirements
Requirement: models directory gitignored
The .gitignore file SHALL include models/ and *.pkl patterns to prevent model files from being committed.
Scenario: Model files excluded
- WHEN a model file is saved to
models/best.pkl - THEN
git statusdoes not show it as untracked
Requirement: devDependencies correctly categorized
The package.json SHALL list @types/*, typescript, eslint, eslint-config-next, autoprefixer, and postcss under devDependencies (not dependencies).
Scenario: Type packages in devDependencies
- WHEN
package.jsonis inspected - THEN
@types/node,@types/react,@types/react-dom,@types/papaparse,@types/pgare indevDependencies
Scenario: Build tools in devDependencies
- WHEN
package.jsonis inspected - THEN
typescript,eslint,eslint-config-next,autoprefixer,postcssare indevDependencies