Compare commits
34 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
c874d27d64 | ||
|
|
939ad8648d | ||
|
|
6f6caf3c5a | ||
|
|
5e648002f0 | ||
|
|
81b775c9ae | ||
|
|
994920bda2 | ||
|
|
0a6368b9f6 | ||
|
|
26e8f034a2 | ||
|
|
2e5c666cc8 | ||
|
|
e383b97d44 | ||
|
|
50ae3671c9 | ||
|
|
f3d861b1a2 | ||
|
|
5cceba21f4 | ||
|
|
161a182281 | ||
|
|
38e9428109 | ||
|
|
0869ab8cdd | ||
|
|
106f46e9f8 | ||
|
|
955b1e86e5 | ||
|
|
6981cadb57 | ||
|
|
704934165f | ||
|
|
775808506f | ||
|
|
cee93fe53c | ||
|
|
c95d095f9f | ||
|
|
a8d74f3ae8 | ||
|
|
d6e7a8d2a4 | ||
|
|
c1b8d2d8b9 | ||
|
|
02a4951901 | ||
|
|
ac1703e6c2 | ||
|
|
a6d2d176ba | ||
|
|
6e58cce73a | ||
|
|
7d821d1f7b | ||
|
|
c816cb4630 | ||
|
|
3c8d50162b | ||
|
|
483a747600 |
43
.agents/rules/api-testing-postman-rest-asured.md
Normal file
43
.agents/rules/api-testing-postman-rest-asured.md
Normal file
@@ -0,0 +1,43 @@
|
||||
---
|
||||
trigger: manual
|
||||
description: You are an expert in API Testing using tools like Postman and REST Assured.
|
||||
---
|
||||
|
||||
# API Testing (Postman, REST Assured)
|
||||
|
||||
You are an expert in API Testing using tools like Postman and REST Assured.
|
||||
|
||||
Key Principles:
|
||||
- Test the business logic layer directly
|
||||
- Faster and more stable than UI tests
|
||||
- Validate request/response contracts
|
||||
- Check status codes, headers, and body
|
||||
- Ensure security and performance
|
||||
|
||||
Postman:
|
||||
- Collections and Folders
|
||||
- Environment and Global variables
|
||||
- Pre-request scripts and Tests (JavaScript)
|
||||
- Newman CLI for CI/CD integration
|
||||
- Mock Servers
|
||||
|
||||
REST Assured (Java):
|
||||
- Fluent BDD-like syntax (Given-When-Then)
|
||||
- Easy integration with JUnit/TestNG
|
||||
- JSON/XML Schema validation
|
||||
- Request/Response logging
|
||||
- Authentication support (OAuth, Basic)
|
||||
|
||||
What to Test:
|
||||
- Status Codes (200, 201, 400, 401, 403, 404, 500)
|
||||
- Response Payload (JSON structure and data)
|
||||
- Headers (Content-Type, Cache-Control)
|
||||
- Performance (Response time)
|
||||
- Security (Auth, Rate limiting)
|
||||
|
||||
Best Practices:
|
||||
- Chain requests (Extract token -> Use token)
|
||||
- Use JSON Schema validation
|
||||
- Data-driven testing (CSV/JSON files)
|
||||
- Clean up created resources
|
||||
- Run API tests in CI pipeline
|
||||
74
.agents/rules/modern-css-and-esponsive-design-expert.md
Normal file
74
.agents/rules/modern-css-and-esponsive-design-expert.md
Normal file
@@ -0,0 +1,74 @@
|
||||
---
|
||||
trigger: manual
|
||||
description: You are an expert in modern CSS and responsive web design.
|
||||
---
|
||||
|
||||
# Modern CSS & Responsive Design Expert
|
||||
|
||||
You are an expert in modern CSS and responsive web design.
|
||||
|
||||
Key Principles:
|
||||
- Use mobile-first approach
|
||||
- Implement responsive design with CSS Grid and Flexbox
|
||||
- Use CSS custom properties (variables)
|
||||
- Follow BEM or similar naming convention
|
||||
- Write maintainable and scalable CSS
|
||||
|
||||
Layout:
|
||||
- Use CSS Grid for two-dimensional layouts
|
||||
- Use Flexbox for one-dimensional layouts
|
||||
- Use CSS Grid auto-fit and auto-fill
|
||||
- Implement proper spacing with gap property
|
||||
- Use logical properties (inline, block)
|
||||
|
||||
Responsive Design:
|
||||
- Use mobile-first media queries
|
||||
- Use relative units (rem, em, %)
|
||||
- Implement fluid typography with clamp()
|
||||
- Use container queries when appropriate
|
||||
- Test on multiple devices and screen sizes
|
||||
|
||||
Modern CSS Features:
|
||||
- Use CSS custom properties for theming
|
||||
- Use CSS Grid and Flexbox
|
||||
- Use aspect-ratio for maintaining proportions
|
||||
- Use clamp() for fluid sizing
|
||||
- Use min(), max() for responsive values
|
||||
- Use :is(), :where() for cleaner selectors
|
||||
|
||||
Animations:
|
||||
- Use CSS transitions for simple animations
|
||||
- Use CSS animations for complex sequences
|
||||
- Use transform for better performance
|
||||
- Respect prefers-reduced-motion
|
||||
- Use will-change sparingly
|
||||
|
||||
Performance:
|
||||
- Minimize CSS file size
|
||||
- Remove unused CSS
|
||||
- Use CSS containment
|
||||
- Avoid expensive selectors
|
||||
- Use CSS Grid/Flexbox over floats
|
||||
- Minimize repaints and reflows
|
||||
|
||||
Architecture:
|
||||
- Use BEM or similar methodology
|
||||
- Organize CSS logically
|
||||
- Use CSS custom properties for consistency
|
||||
- Implement design tokens
|
||||
- Use utility classes sparingly
|
||||
|
||||
Accessibility:
|
||||
- Ensure sufficient color contrast
|
||||
- Use focus-visible for focus styles
|
||||
- Don't rely on color alone
|
||||
- Test with high contrast mode
|
||||
- Ensure text is readable
|
||||
|
||||
Best Practices:
|
||||
- Use CSS reset or normalize
|
||||
- Implement consistent spacing scale
|
||||
- Use semantic class names
|
||||
- Avoid !important
|
||||
- Comment complex CSS
|
||||
- Use CSS linting tools
|
||||
88
.agents/rules/progressive-web-app-pwa-expert.md
Normal file
88
.agents/rules/progressive-web-app-pwa-expert.md
Normal file
@@ -0,0 +1,88 @@
|
||||
---
|
||||
trigger: manual
|
||||
description: Progressive Web App (PWA) Expert
|
||||
---
|
||||
|
||||
# Progressive Web App (PWA) Expert
|
||||
|
||||
You are an expert in Progressive Web App development.
|
||||
|
||||
Key Principles:
|
||||
- Implement offline-first strategy
|
||||
- Use service workers for caching
|
||||
- Make app installable
|
||||
- Ensure fast loading
|
||||
- Provide app-like experience
|
||||
|
||||
Service Workers:
|
||||
- Implement proper caching strategies
|
||||
- Use Cache API effectively
|
||||
- Handle offline scenarios
|
||||
- Implement background sync
|
||||
- Use workbox for easier implementation
|
||||
- Handle service worker updates
|
||||
|
||||
Manifest:
|
||||
- Create comprehensive web app manifest
|
||||
- Define app icons for all sizes
|
||||
- Set appropriate display mode
|
||||
- Define theme and background colors
|
||||
- Set start URL and scope
|
||||
- Add screenshots for app stores
|
||||
|
||||
Caching Strategies:
|
||||
- Use cache-first for static assets
|
||||
- Use network-first for dynamic content
|
||||
- Implement stale-while-revalidate
|
||||
- Use cache-only for offline pages
|
||||
- Implement proper cache versioning
|
||||
|
||||
Offline Experience:
|
||||
- Provide offline fallback page
|
||||
- Cache critical resources
|
||||
- Implement background sync
|
||||
- Show offline indicator
|
||||
- Queue failed requests
|
||||
|
||||
Performance:
|
||||
- Implement lazy loading
|
||||
- Use code splitting
|
||||
- Optimize images
|
||||
- Minimize JavaScript
|
||||
- Use HTTP/2 push
|
||||
- Implement resource hints
|
||||
|
||||
Installability:
|
||||
- Meet PWA criteria
|
||||
- Implement beforeinstallprompt
|
||||
- Provide install UI
|
||||
- Test installation flow
|
||||
- Handle app updates
|
||||
|
||||
Push Notifications:
|
||||
- Implement push notification API
|
||||
- Request permission appropriately
|
||||
- Handle notification clicks
|
||||
- Implement notification best practices
|
||||
- Test on multiple platforms
|
||||
|
||||
Security:
|
||||
- Serve over HTTPS
|
||||
- Implement CSP headers
|
||||
- Validate all inputs
|
||||
- Use secure authentication
|
||||
- Implement proper CORS
|
||||
|
||||
Testing:
|
||||
- Use Lighthouse for audits
|
||||
- Test offline functionality
|
||||
- Test on multiple devices
|
||||
- Test installation flow
|
||||
- Test push notifications
|
||||
|
||||
Best Practices:
|
||||
- Follow PWA checklist
|
||||
- Implement progressive enhancement
|
||||
- Provide app shell architecture
|
||||
- Use PRPL pattern
|
||||
- Monitor performance metrics
|
||||
44
.agents/rules/security-and-penetration-testing.md
Normal file
44
.agents/rules/security-and-penetration-testing.md
Normal file
@@ -0,0 +1,44 @@
|
||||
---
|
||||
trigger: manual
|
||||
description: You are an expert in Security Testing and Penetration Testing.
|
||||
---
|
||||
|
||||
# Security & Penetration Testing
|
||||
|
||||
You are an expert in Security Testing and Penetration Testing.
|
||||
|
||||
Key Principles:
|
||||
- Think like an attacker
|
||||
- Defense in Depth
|
||||
- Shift Left (Security early in SDLC)
|
||||
- Validate controls and mitigations
|
||||
- Compliance and Risk Management
|
||||
|
||||
OWASP Top 10 (Focus Areas):
|
||||
- Broken Access Control
|
||||
- Cryptographic Failures
|
||||
- Injection (SQLi, XSS)
|
||||
- Insecure Design
|
||||
- Security Misconfiguration
|
||||
|
||||
Testing Types:
|
||||
- SAST (Static Application Security Testing): Code analysis (SonarQube)
|
||||
- DAST (Dynamic Application Security Testing): Runtime analysis (OWASP ZAP, Burp Suite)
|
||||
- SCA (Software Composition Analysis): Dependency checks (Snyk, Dependabot)
|
||||
- Penetration Testing: Manual exploitation
|
||||
|
||||
Tools:
|
||||
- Burp Suite: Proxy and scanner
|
||||
- OWASP ZAP: Open source scanner
|
||||
- Metasploit: Exploitation framework
|
||||
- Nmap: Network scanning
|
||||
- Wireshark: Packet analysis
|
||||
|
||||
Best Practices:
|
||||
- Sanitize all inputs
|
||||
- Encode all outputs
|
||||
- Use parameterized queries
|
||||
- Implement proper authentication/authorization
|
||||
- Keep dependencies updated
|
||||
- Conduct regular vulnerability scans
|
||||
- Perform manual code reviews for security logic
|
||||
25
.claude/settings.local.json
Normal file
25
.claude/settings.local.json
Normal file
@@ -0,0 +1,25 @@
|
||||
{
|
||||
"permissions": {
|
||||
"allow": [
|
||||
"mcp__plugin_context-mode_context-mode__ctx_batch_execute",
|
||||
"mcp__plugin_context-mode_context-mode__ctx_search",
|
||||
"Bash(git add:*)",
|
||||
"Bash(git commit -m ':*)",
|
||||
"mcp__plugin_context-mode_context-mode__ctx_execute",
|
||||
"Bash(git commit -m 'docs: update SESSION_STATE cu status [C-01] JWT auth COMPLET:*)",
|
||||
"Bash(git commit -m 'docs: final SESSION_STATE — ALL TASKS COMPLETE v1.3.5:*)",
|
||||
"Bash(git rebase:*)",
|
||||
"Bash(git filter-branch:*)",
|
||||
"Bash(git reset:*)",
|
||||
"Bash(git commit -m 'feat: implement JWT Bearer authentication on all routers [C-01]:*)",
|
||||
"Bash(git commit:*)",
|
||||
"Bash(git branch:*)",
|
||||
"Bash(pip install:*)",
|
||||
"Bash(sqlite3 data/inventory.db \"SELECT username, role, origin, hashed_password FROM users;\")",
|
||||
"Bash(sqlite3 data/inventory.db \".schema users\")",
|
||||
"Bash(sqlite3 data/inventory.db \"SELECT * FROM users;\")",
|
||||
"Bash(git restore:*)",
|
||||
"Bash(pkill -f \"uvicorn\")"
|
||||
]
|
||||
}
|
||||
}
|
||||
95
.gitignore
vendored
95
.gitignore
vendored
@@ -1,10 +1,91 @@
|
||||
# ============================================================
|
||||
# TFM aInventory — .gitignore
|
||||
# ============================================================
|
||||
|
||||
# ── Python environments ──────────────────────────────────────
|
||||
.venv/
|
||||
backend/venv/
|
||||
backend/data/
|
||||
__pycache__/
|
||||
**/__pycache__/
|
||||
*.pyc
|
||||
.env
|
||||
.DS_Store
|
||||
aInventory-PROD*
|
||||
aInventory-PROD*.zip
|
||||
logs/
|
||||
*.pyo
|
||||
*.pyd
|
||||
*.egg-info/
|
||||
dist/
|
||||
build/
|
||||
|
||||
# ── Runtime data directories ─────────────────────────────────
|
||||
# Content is excluded; the directories themselves are tracked via .gitkeep.
|
||||
# On fresh clone: run ./start_server.sh or docker compose up to initialize.
|
||||
|
||||
/data/*
|
||||
!/data/.gitkeep
|
||||
/data/backups/
|
||||
|
||||
/logs/*
|
||||
!/logs/.gitkeep
|
||||
|
||||
# Duplicate runtime dirs that may exist inside backend/ (Docker legacy)
|
||||
backend/data/
|
||||
backend/logs/
|
||||
|
||||
# ── Sensitive configuration files ────────────────────────────
|
||||
# The ACTIVE LDAP config is: backend/config/ldap_config.json
|
||||
# It contains real server IPs and credentials — never commit.
|
||||
# The template/example IS committed and used by init_data.sh on fresh installs.
|
||||
backend/config/ldap_config.json
|
||||
!backend/config/ldap_config.json.example
|
||||
|
||||
# ── Environment files (secrets) ──────────────────────────────
|
||||
.env
|
||||
.env.*
|
||||
!.env.example
|
||||
backend/.env
|
||||
backend/.env.*
|
||||
!backend/.env.example
|
||||
# Docker environment override file
|
||||
docker-compose.override.yml
|
||||
.env.docker
|
||||
|
||||
# ── Application logs ─────────────────────────────────────────
|
||||
# (also covered by /logs/* above, these catch any other locations)
|
||||
frontend/logs/
|
||||
*.log
|
||||
npm-debug.log*
|
||||
yarn-debug.log*
|
||||
yarn-error.log*
|
||||
|
||||
# ── Frontend build artifacts ──────────────────────────────────
|
||||
frontend/.next/
|
||||
frontend/out/
|
||||
frontend/build/
|
||||
frontend/node_modules/
|
||||
|
||||
# ── Frontend generated/runtime assets ────────────────────────
|
||||
# SSL certs and runtime configs (generated by start_server.sh)
|
||||
frontend/config/
|
||||
# PWA icons generated at build time
|
||||
frontend/public/icons/
|
||||
|
||||
# ── npm / npx caches ─────────────────────────────────────────
|
||||
.npx_cache/
|
||||
scratch/npm_cache/
|
||||
|
||||
# ── Production bundles (generated by export_prod.sh) ─────────
|
||||
aInventory-PROD*/
|
||||
aInventory-PROD*.zip
|
||||
|
||||
# ── AI / IDE metadata ─────────────────────────────────────────
|
||||
.remember/
|
||||
.claude/
|
||||
|
||||
# ── macOS system files ────────────────────────────────────────
|
||||
.DS_Store
|
||||
**/.DS_Store
|
||||
|
||||
# ── Certificates & keys ──────────────────────────────────────
|
||||
*.pem
|
||||
*.key
|
||||
*.crt
|
||||
*.cert
|
||||
|
||||
__push_ALL_to_remote.sh
|
||||
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
Binary file not shown.
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user