trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions
candle-annotator/openspec/changes/code-review-fix/specs/postgres-data-layer/spec.md
Marko Djordjevic c327ba3370 bind: MLflow port to 127.0.0.1:5000:5000 in docker-compose.yml 
Changes:
- Updated docker-compose.yml MLflow service port binding from 5000:5000 to 127.0.0.1:5000:5000
  to restrict access to localhost only for security
- Marked task 1.7 as complete in tasks.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 10:58:11 +01:00

40 lines
1.8 KiB
Markdown
Raw Blame History

## MODIFIED Requirements
### Requirement: Environment variable configuration (credentials)
The project SHALL use environment variables for runtime configuration. Credentials SHALL NOT be hardcoded in any committed file.
#### Scenario: .env file gitignored
- **WHEN** `.gitignore` is inspected
- **THEN** it includes `.env` (bare, not just `.env*.local`)
#### Scenario: .env removed from git history
- **WHEN** `git ls-files .env` is run
- **THEN** `.env` is NOT tracked by git
#### Scenario: .env.example has placeholder credentials
- **WHEN** `.env.example` is inspected
- **THEN** it contains `POSTGRES_PASSWORD=change_me_to_a_strong_password` (not a real password)
#### Scenario: No credentials in Python source
- **WHEN** `services/ml/app/db.py` is inspected
- **THEN** there are no SQL comments containing usernames or passwords, and the code fails fast if `DATABASE_URL` env var is not set
## ADDED Requirements
### Requirement: models directory gitignored
The `.gitignore` file SHALL include `models/` and `*.pkl` patterns to prevent model files from being committed.
#### Scenario: Model files excluded
- **WHEN** a model file is saved to `models/best.pkl`
- **THEN** `git status` does not show it as untracked
### Requirement: devDependencies correctly categorized
The `package.json` SHALL list `@types/*`, `typescript`, `eslint`, `eslint-config-next`, `autoprefixer`, and `postcss` under `devDependencies` (not `dependencies`).
#### Scenario: Type packages in devDependencies
- **WHEN** `package.json` is inspected
- **THEN** `@types/node`, `@types/react`, `@types/react-dom`, `@types/papaparse`, `@types/pg` are in `devDependencies`
#### Scenario: Build tools in devDependencies
- **WHEN** `package.json` is inspected
- **THEN** `typescript`, `eslint`, `eslint-config-next`, `autoprefixer`, `postcss` are in `devDependencies`
Reference in a new issue View git blame Copy permalink