calorie-counter/virsaitis-requirements/traceability.csv at main

Files

Andris Enins 91cd18aec6 feat: initial implementation — all 35 requirements across phases 1-3

Backend (Spring Boot 3.2 / Java 21 / PostgreSQL):
- JWT auth with BCrypt password hashing
- User profile + Mifflin-St Jeor BMR calculator
- Food search + barcode via OpenFoodFacts API with local cache
- Meal CRUD with user data isolation and ownership checks
- AI photo analysis (OpenAI Vision) with confidence intervals
- AI correction feedback loop for personalisation
- Flyway DB migrations + RFC-7807 error responses

Mobile (React Native / TypeScript):
- Full navigation stack (Auth → Tabs → Home stack)
- Design tokens (WCAG 2.2 AA colours, 8px grid, 48px touch targets)
- 10 screens: Login, Register, Home, Search, Camera, AI Result, Edit Meal,
  Daily Details, History, Profile
- Confidence-aware calorie display (kcal ± range)
- Repeat last meal shortcut + macro tracking

Docs:
- docs/PLAN-AND-REQUIREMENTS.md
- docs/traceability.csv (35 requirements, all Implemented)

2026-05-18 21:56:13 +03:00

16 KiB

Raw Permalink Blame History

1	# Virsaitis Traceability Matrix
2	Version: 3.0.0
3	Status: Draft
4	Updated: 2026-04-20
5	---
6	## Purpose
7	This CSV tracks requirement implementation and testing status. Each REQ-ID maps to implementation locations and test files enabling bidirectional traceability.
8	Columns:
9	- REQ_ID: Unique requirement identifier (format: REQ-[A-Z]{2	4}-[0-9]{3})
10	- Description: Brief requirement summary
11	- Priority: TIER-0/TIER-1/TIER-2/TIER-3
12	- Category: Governance/Security/MCP/Extension/Agent/Skills/Testing
13	- ImplementationRef: File path and line numbers where requirement implemented
14	- TestRef: Test file path and test names validating requirement
15	- Status: Draft/Implemented/Tested/Verified
16	---
17	## Traceability Data
18	REQ_ID	Description	Priority	Category	ImplementationRef	TestRef	Status
19	REQ-GOV-001	Protected File Modification Enforcement	TIER-0	Governance	.github/copilot-modules/core-policies.md (TIER-0 Rule 1) + .github/copilot-instructions.md (TIER-0 section) + .github/agents/Virsaitis-3.0.agent.md (TIER-0.1)	TBD	Implemented
20	REQ-GOV-002	Atomic Sentence Structure	TIER-0	Governance	.github/agents/Virsaitis-3.0.agent.md (262 lines) + .github/copilot-modules/agent-standards.md	TBD	Implemented
21	REQ-GOV-003	TIER System Definition	TIER-1	Governance	.github/copilot-modules/core-policies.md (TIER-0/1/2/3 sections)	TBD	Implemented
22	REQ-GOV-004	REQ-ID Traceability	TIER-1	Governance	TBD	TBD	Draft
23	REQ-GOV-005	CHANGELOG Maintenance	TIER-1	Governance	CHANGELOG.md + .github/agents/Virsaitis-3.0.agent.md (TIER-1.2)	TBD	Implemented
24	REQ-GOV-006	Discovery-First Workflow	TIER-1	Governance	.github/copilot-modules/development-workflow.md (authority) + .github/agents/Virsaitis-3.0.agent.md (TIER-1.4)	TBD	Implemented
25	REQ-GOV-007	Test Coverage Enforcement	TIER-1	Governance	TBD	TBD	Draft
26	REQ-GOV-008	Modular Governance Architecture	TIER-1	Governance	.github/copilot-instructions.md (hub) + .github/copilot-modules/*.md (11 modules) + .github/virsaitis-definition-library.md	TBD	Implemented
27	REQ-GOV-009	Consequence Documentation	TIER-2	Governance	.github/copilot-modules/core-policies.md (consequence chains) + .github/virsaitis-definition-library.md	TBD	Implemented
28	REQ-GOV-010	Traceability CSV Management	TIER-1	Governance	virsaitis-requirements/traceability.csv (this file)	TBD	Implemented
29	REQ-GOV-011	Version Synchronization	TIER-1	Governance	All 14 .github/ files at v3.0.0	TBD	Implemented
30	REQ-GOV-012	Quality Gates	TIER-1	Governance	TBD	TBD	Draft
31	REQ-SEC-001	Secret Detection 100% Coverage	TIER-0	Security	TBD	TBD	Draft
32	REQ-SEC-002	Credential Rotation Policy	TIER-0	Security	TBD	TBD	Draft
33	REQ-SEC-003	Environment Variable Enforcement	TIER-0	Security	TBD	TBD	Draft
34	REQ-SEC-004	Input Validation - File Paths	TIER-1	Security	TBD	TBD	Draft
35	REQ-SEC-005	Input Validation - Command Execution	TIER-1	Security	TBD	TBD	Draft
36	REQ-SEC-006	Regular Expression ReDoS Prevention	TIER-2	Security	TBD	TBD	Draft
37	REQ-SEC-007	Error Handling - No Information Disclosure	TIER-1	Security	TBD	TBD	Draft
38	REQ-SEC-008	Audit Logging	TIER-1	Security	TBD	TBD	Draft
39	REQ-SEC-009	Principle of Least Privilege	TIER-2	Security	TBD	TBD	Draft
40	REQ-SEC-010	Defense in Depth	TIER-2	Security	TBD	TBD	Draft
41	REQ-SEC-011	Secure Defaults	TIER-2	Security	TBD	TBD	Draft
42	REQ-SEC-012	Cryptography Standards	TIER-2	Security	TBD	TBD	Draft
43	REQ-SEC-013	Security Test Coverage 100%	TIER-1	Security	TBD	TBD	Draft
44	REQ-SEC-014	PII Logging Prevention	TIER-2	Security	TBD	TBD	Draft
45	REQ-SEC-015	Security Scan Automation	TIER-1	Security	TBD	TBD	Draft
46	REQ-SEC-016	Vulnerability Disclosure Policy	TIER-3	Security	TBD	TBD	Draft
47	REQ-MCP-001	TypeScript Implementation	TIER-1	MCP Server	virsaitis-mcp/src/*/.ts (tsconfig.json: strict ES2022 Node16)	tests/unit/.test.ts + tests/e2e/.test.ts (277 tests)	Tested
48	REQ-MCP-002	MCP Protocol SDK Integration	TIER-1	MCP Server	virsaitis-mcp/src/server.ts + src/index.ts (@modelcontextprotocol/sdk)	tests/unit/server.test.ts + server-integration.test.ts + tests/e2e/stdio-transport.test.ts	Tested
49	REQ-MCP-003	File Operation Validation Engine	TIER-0	MCP Server	virsaitis-mcp/src/governance/validator.ts + types.ts + patterns.ts + cache.ts	tests/unit/validator.test.ts + patterns.test.ts + cache.test.ts	Tested
50	REQ-MCP-004	Agent.md Governance Loading	TIER-1	MCP Server	virsaitis-mcp/src/governance/loader.ts (loadGovernanceRules + parseMachinePolicy + parseAgentProtectedPatterns)	tests/unit/loader.test.ts	Tested
51	REQ-MCP-005	stdio Transport	TIER-1	MCP Server	virsaitis-mcp/src/index.ts (StdioServerTransport) + .github/copilot-modules/mcp-standards.md	tests/unit/server-integration.test.ts	Tested
52	REQ-MCP-006	Secret Scanning Tool	TIER-0	MCP Server	virsaitis-mcp/src/tools/scan-secrets.ts (20 patterns + entropy detection)	tests/unit/scan-secrets.test.ts (46 tests)	Tested
53	REQ-MCP-007	Path Validation Tool	TIER-1	MCP Server	virsaitis-mcp/src/tools/validate-path.ts (5-layer defense + Windows reserved names)	tests/unit/validate-path.test.ts (19 tests)	Tested
54	REQ-MCP-008	Command Validation Tool	TIER-1	MCP Server	virsaitis-mcp/src/tools/validate-command.ts (24 whitelist + 23 blocked + dangerous flags)	tests/unit/validate-command.test.ts (30 tests)	Tested
55	REQ-MCP-009	Audit Log Integration	TIER-1	MCP Server	virsaitis-mcp/src/tools/audit-logger.ts (JSON-lines + 10MB rotation + HMAC-SHA256 + streaming reader + configurable rotation)	tests/unit/audit-logger.test.ts (29 tests)	Tested
56	REQ-MCP-010	Server Configuration	TIER-2	MCP Server	virsaitis-mcp/src/config.ts (env vars + TTL clamping + resolveConfig + hmacKey masking)	tests/unit/config.test.ts (13 tests)	Tested
57	REQ-MCP-011	Post-Iteration Compliance Check	TIER-1	MCP Server	virsaitis-mcp/src/tools/iteration-complete.ts (AC1+AC2+AC3+AC5 checks + RFC 4180 CSV parsing)	tests/unit/iteration-complete.test.ts (30 tests)	Tested
58	REQ-EXT-001	Extension Activation (<200ms)	TIER-2	VS Code Extension	virsaitis-extension/src/extension.ts (activate + async MCP spawn)	test/commands.test.ts + test/config.test.ts	Tested
59	REQ-EXT-002	File Save Interception (TIER-0 blocking via MCP stdio)	TIER-0	VS Code Extension	virsaitis-extension/src/interceptors/file-save.ts (readonlyInclude + post-save revert)	test/file-save.test.ts (11 tests)	Tested
60	REQ-EXT-003	MCP Client Communication (stdio transport)	TIER-1	VS Code Extension	virsaitis-extension/src/mcp/client.ts (JSON-RPC over stdin/stdout + AbortController timeout)	test/mcp-client.test.ts (9 tests)	Tested
61	REQ-EXT-004	Status Bar Integration (Active/Disconnected/Error)	TIER-2	VS Code Extension	virsaitis-extension/src/ui/status-bar.ts (7 states + accessibility + tooltip)	test/status-bar.test.ts (13 tests)	Tested
62	REQ-EXT-005	File Decoration for Protected Files	TIER-3	VS Code Extension	virsaitis-extension/src/ui/file-decoration.ts (shield badge + yellow color + normalizePath)	test/file-decoration.test.ts (9 tests)	Tested
63	REQ-EXT-006	Override Request Command	TIER-2	VS Code Extension	virsaitis-extension/src/commands/request-override.ts (3-step input + override record + MCP audit)	test/request-override.test.ts (9 tests)	Tested
64	REQ-EXT-007	Configuration Settings (5 settings with secure defaults)	TIER-2	VS Code Extension	virsaitis-extension/src/config.ts (ConfigManager + change notifications + master toggle)	test/config.test.ts (7 tests)	Tested
65	REQ-EXT-008	Extension Packaging (VSIX <10MB with bundled MCP)	TIER-1	VS Code Extension	virsaitis-extension/webpack.config.js + package.json (vsce:package script)	VSIX 688 KB verified	Tested
66	REQ-EXT-009	Webpack Build Configuration	TIER-1	VS Code Extension	virsaitis-extension/webpack.config.js (commonjs2 + ts-loader + nosources-source-map)	npm run compile verified	Tested
67	REQ-EXT-010	Extension Testing (unit + manual checklist)	TIER-1	VS Code Extension	virsaitis-extension/vitest.config.ts (80% thresholds) + 13 test files + MANUAL-TEST-CHECKLIST.md	136 tests / 83% statements / 85% branches / 89% functions	Tested
68	REQ-EXT-011	MCP Server Lifecycle Management (spawn/restart/shutdown)	TIER-1	VS Code Extension	virsaitis-extension/src/mcp/lifecycle.ts (spawn + health check 30s + backoff 1s/2s/4s + graceful shutdown)	test/lifecycle.test.ts (9 tests)	Tested
69	REQ-EXT-012	Secret Scanning on Save (block on detection)	TIER-0	VS Code Extension	virsaitis-extension/src/interceptors/secret-scan.ts (binary skip + >100KB skip + revert + audit)	test/secret-scan.test.ts (9 tests)	Tested
70	REQ-EXT-013	MCP Server Auto-Configuration (mcp.json generation)	TIER-2	VS Code Extension	virsaitis-extension/src/commands/configure-mcp.ts (merge existing + stdio entry)	test/commands.test.ts (2 tests)	Tested
71	REQ-EXT-014	Output Channel Logging	TIER-2	VS Code Extension	virsaitis-extension/src/logger.ts (severity filtering + no PII + ISO timestamps)	test/logger.test.ts (13 tests)	Tested
72	REQ-EXT-015	Cross-Platform Compatibility (Win/macOS/Linux)	TIER-1	VS Code Extension	virsaitis-extension/src/ui/file-decoration.ts (normalizePath) + src/interceptors/file-save.ts (case-insensitive patterns)	test/file-decoration.test.ts + test/file-save.test.ts	Tested
73	REQ-EXT-016	Governance Framework Installation (portable package deploy)	TIER-1	VS Code Extension	virsaitis-extension/src/commands/install-framework.ts (24 files + AC9/AC10/AC11 guards + backup + progress)	test/install-framework.test.ts (13 tests)	Tested
74	REQ-EXT-017	Governance Framework Detection (presence + version check)	TIER-1	VS Code Extension	virsaitis-extension/src/detection.ts (hub check + version parse + partial detection + foreign content)	test/detection.test.ts (11 tests)	Tested
75	REQ-EXT-018	Governance Framework Update (version upgrade with backup)	TIER-2	VS Code Extension	virsaitis-extension/src/commands/update-framework.ts (semver compare + backup + no-downgrade)	test/commands.test.ts (4 tests)	Tested
76	REQ-EXT-019	First-Run Setup Wizard (guided onboarding)	TIER-2	VS Code Extension	virsaitis-extension/src/commands/setup-wizard.ts (5-step QuickPick + markers)	test/setup-wizard.test.ts (8 tests)	Tested
77	REQ-EXT-020	Governance Framework Validation Command	TIER-1	VS Code Extension	virsaitis-extension/src/commands/validate-framework.ts (14-file inventory + structure check + version footer + JSON report)	test/commands.test.ts (4 tests)	Tested
78	REQ-EXT-021	Runtime Prerequisite Check (Node.js >= 18)	TIER-1	VS Code Extension	virsaitis-extension/src/commands/check-prerequisites.ts (node --version + >=18 gate + setNodeRequired)	test/commands.test.ts (4 tests)	Tested
79	REQ-AGT-001	Atomic Sentence Implementation	TIER-0	Agent	.github/agents/Virsaitis-3.0.agent.md (262 lines)	TBD	Implemented
80	REQ-AGT-002	Agent Governance Rule Loading	TIER-1	Agent	.github/agents/Virsaitis-3.0.agent.md (TIER-0/1/2 sections)	TBD	Implemented
81	REQ-AGT-003	Consequence Chain Documentation	TIER-2	Agent	.github/agents/Virsaitis-3.0.agent.md (TIER-0 sections) + .github/virsaitis-definition-library.md	TBD	Implemented
82	REQ-AGT-004	Workflow Pattern Definition	TIER-1	Agent	.github/agents/Virsaitis-3.0.agent.md (Verification Checkpoints section)	TBD	Implemented
83	REQ-AGT-005	Uncertainty Response Pattern	TIER-1	Agent	.github/agents/Virsaitis-3.0.agent.md (My Limitations section)	TBD	Implemented
84	REQ-AGT-006	Modular Governance Reference	TIER-1	Agent	.github/agents/Virsaitis-3.0.agent.md (Module Loading section)	TBD	Implemented
85	REQ-AGT-007	Integration Awareness	TIER-2	Agent	.github/agents/Virsaitis-3.0.agent.md (My Limitations + Brownfield sections)	TBD	Implemented
86	REQ-AGT-008	Self-Limitation Acknowledgment	TIER-2	Agent	.github/agents/Virsaitis-3.0.agent.md (My Limitations section)	TBD	Implemented
87	REQ-SKL-001	Core Skills Creation	TIER-1	Skills	TBD	TBD	Draft
88	REQ-SKL-002	YAML Frontmatter Metadata	TIER-1	Skills	TBD	TBD	Draft
89	REQ-SKL-003	Consequences Section Mandatory	TIER-1	Skills	TBD	TBD	Draft
90	REQ-SKL-004	Progressive Disclosure Levels	TIER-2	Skills	TBD	TBD	Draft
91	REQ-SKL-005	Validation Commands	TIER-2	Skills	TBD	TBD	Draft
92	REQ-TEST-001	Test Coverage Target ≥70%	TIER-1	Testing	TBD	TBD	Draft
93	REQ-TEST-002	Security Test Coverage 100%	TIER-1	Testing	TBD	TBD	Draft
94	REQ-TEST-003	Test Framework - Vitest for MCP	TIER-1	Testing	TBD	TBD	Draft
95	REQ-TEST-004	Test Framework - @vscode/test-electron for Extension	TIER-1	Testing	TBD	TBD	Draft
96	REQ-TEST-005	TDD Red-Green-Refactor	TIER-2	Testing	TBD	TBD	Draft
97	REQ-TEST-006	Unit Test Naming Convention	TIER-2	Testing	TBD	TBD	Draft
98	REQ-TEST-007	Mocking Strategy	TIER-2	Testing	TBD	TBD	Draft
99	REQ-TEST-008	Integration Test Suite	TIER-1	Testing	TBD	TBD	Draft
100	REQ-TEST-009	Pre-Commit Test Execution	TIER-1	Testing	TBD	TBD	Draft
101	REQ-TEST-010	Regression Test Suite	TIER-2	Testing	TBD	TBD	Draft
102	---
103	## Status Definitions
104	- Draft: Requirement documented	not yet implemented
105	- Implemented: Code written	not yet tested
106	- Tested: Unit tests passing	integration tests needed
107	- Verified: All tests passing	peer reviewed	documented
108	---
109	## Coverage Statistics
110	\| Priority \| Total \| Draft \| Implemented \| Tested \| Verified \|
111	\|----------\|-------\|-------\|-------------\|--------\|----------\|
112	\| TIER-0 \| 7 \| 4 \| 3 \| 0 \| 0 \|
113	\| TIER-1 \| 37 \| 26 \| 11 \| 0 \| 0 \|
114	\| TIER-2 \| 24 \| 24 \| 0 \| 0 \| 0 \|
115	\| TIER-3 \| 3 \| 3 \| 0 \| 0 \| 0 \|
116	\| Total \| 71 \| 57 \| 14 \| 0 \| 0 \|
117	MUST Requirements: 44 (TIER-0: 7	TIER-1: 37)
118	SHOULD Requirements: 27 (TIER-2: 24	TIER-3: 3)
119	Coverage:
120	- Implemented: 19.7% (14/71)
121	- Tested: 0% (0/71)
122	- Verified: 0% (0/71)
123	---
124	## Implementation Priority Order
125	### Phase 1: Foundation (Current)
126	1. REQ-GOV-002 ✅ - Atomic sentences (Agent.md complete)
127	2. REQ-GOV-006 ✅ - Discovery workflow (documented in Agent.md)
128	3. REQ-GOV-008 ✅ - Modular governance (hub + 10 modules complete)
129	4. REQ-GOV-010 ✅ - Traceability CSV (this file created)
130	5. REQ-AGT-001 through REQ-AGT-008 ✅ - Agent implementation (complete)
131	### Phase 2: MCP Server (Next)
132	1. REQ-MCP-001 - TypeScript setup
133	2. REQ-MCP-002 - MCP SDK integration
134	3. REQ-MCP-004 - Agent.md parser
135	4. REQ-MCP-003 - Validation engine (depends on REQ-MCP-004)
136	5. REQ-MCP-006 - Secret scanning tool
137	6. REQ-MCP-007 - Path validation tool
138	7. REQ-MCP-008 - Command validation tool
139	8. REQ-MCP-005 - stdio transport
140	9. REQ-MCP-009 - Audit logging
141	10. REQ-MCP-010 - Configuration
142	11. REQ-MCP-011 - Post-Iteration Compliance Check
143	### Phase 3: Extension (Parallel with Phase 4)
144	1. REQ-EXT-009 - Webpack build setup
145	2. REQ-EXT-001 - Extension activation
146	3. REQ-EXT-003 - MCP client communication
147	4. REQ-EXT-002 - File save interception (depends on REQ-EXT-003)
148	5. REQ-EXT-004 - Status bar
149	6. REQ-EXT-007 - Configuration settings
150	7. REQ-EXT-006 - Override command
151	8. REQ-EXT-005 - Shield icons (optional)
152	9. REQ-EXT-008 - VSIX packaging
153	10. REQ-EXT-010 - Extension Host testing
154	### Phase 4: Skills (Parallel with Phase 3)
155	1. REQ-SKL-001 - Create 6 core skills structure
156	2. REQ-SKL-002 - YAML frontmatter all skills
157	3. REQ-SKL-003 - Consequences sections all skills
158	4. REQ-SKL-004 - Progressive disclosure
159	5. REQ-SKL-005 - Validation commands
160	### Phase 5: Security & Testing (Throughout all phases)
161	1. REQ-TEST-003/004 - Setup test frameworks
162	2. REQ-TEST-009 - Pre-commit hooks
163	3. REQ-SEC-015 - Security scan automation
164	4. REQ-SEC-001 through REQ-SEC-003 - Secret management (TIER-0)
165	5. REQ-TEST-001/002 - Achieve coverage targets
166	6. REQ-TEST-008 - Integration tests
167	7. REQ-GOV-012 - Quality gates
168	---
169	## Change Log
170	\| Date \| REQ-ID \| Change \| Author \|
171	\|------\|--------\|--------\|--------\|
172	\| 2026-02-17 \| ALL \| Initial traceability matrix created \| Toms Eisaks \|
173	\| 2026-02-17 \| REQ-GOV-002 \| Marked Implemented (Agent.md complete) \| Toms Eisaks \|
174	\| 2026-02-17 \| REQ-GOV-006 \| Marked Implemented (Workflow in Agent.md) \| Toms Eisaks \|
175	\| 2026-02-17 \| REQ-GOV-008 \| Marked Implemented (Hub + 10 modules) \| Toms Eisaks \|
176	\| 2026-02-17 \| REQ-GOV-010 \| Marked Implemented (CSV created) \| Toms Eisaks \|
177	\| 2026-02-17 \| REQ-AGT-001 to 008 \| Marked Implemented (Agent.md sections complete) \| Toms Eisaks \|
178	---
179	Virsaitis Traceability Matrix v2.0.0
180	Tracking implementation and testing status for 71 requirements

16 KiB Raw Permalink Blame History

16 KiB

Raw Permalink Blame History