andrisenins/calorie-counter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
calorie-counter/virsaitis-requirements/traceability.csv
Andris Enins 91cd18aec6 feat: initial implementation — all 35 requirements across phases 1-3 
Backend (Spring Boot 3.2 / Java 21 / PostgreSQL):
- JWT auth with BCrypt password hashing
- User profile + Mifflin-St Jeor BMR calculator
- Food search + barcode via OpenFoodFacts API with local cache
- Meal CRUD with user data isolation and ownership checks
- AI photo analysis (OpenAI Vision) with confidence intervals
- AI correction feedback loop for personalisation
- Flyway DB migrations + RFC-7807 error responses

Mobile (React Native / TypeScript):
- Full navigation stack (Auth → Tabs → Home stack)
- Design tokens (WCAG 2.2 AA colours, 8px grid, 48px touch targets)
- 10 screens: Login, Register, Home, Search, Camera, AI Result, Edit Meal,
  Daily Details, History, Profile
- Confidence-aware calorie display (kcal ± range)
- Repeat last meal shortcut + macro tracking

Docs:
- docs/PLAN-AND-REQUIREMENTS.md
- docs/traceability.csv (35 requirements, all Implemented)
2026-05-18 21:56:13 +03:00

209 lines
16 KiB
CSV
Raw Permalink Blame History

# Virsaitis Traceability Matrix
**Version**: 3.0.0
**Status**: Draft
**Updated**: 2026-04-20
---
## Purpose
This CSV tracks requirement implementation and testing status. Each REQ-ID maps to implementation locations and test files enabling bidirectional traceability.
**Columns:**
- **REQ_ID**: Unique requirement identifier (format: REQ-[A-Z]{2,4}-[0-9]{3})
- **Description**: Brief requirement summary
- **Priority**: TIER-0/TIER-1/TIER-2/TIER-3
- **Category**: Governance/Security/MCP/Extension/Agent/Skills/Testing
- **ImplementationRef**: File path and line numbers where requirement implemented
- **TestRef**: Test file path and test names validating requirement
- **Status**: Draft/Implemented/Tested/Verified
---
## Traceability Data
REQ_ID,Description,Priority,Category,ImplementationRef,TestRef,Status
REQ-GOV-001,Protected File Modification Enforcement,TIER-0,Governance,.github/copilot-modules/core-policies.md (TIER-0 Rule 1) + .github/copilot-instructions.md (TIER-0 section) + .github/agents/Virsaitis-3.0.agent.md (TIER-0.1),TBD,Implemented
REQ-GOV-002,Atomic Sentence Structure,TIER-0,Governance,.github/agents/Virsaitis-3.0.agent.md (262 lines) + .github/copilot-modules/agent-standards.md,TBD,Implemented
REQ-GOV-003,TIER System Definition,TIER-1,Governance,.github/copilot-modules/core-policies.md (TIER-0/1/2/3 sections),TBD,Implemented
REQ-GOV-004,REQ-ID Traceability,TIER-1,Governance,TBD,TBD,Draft
REQ-GOV-005,CHANGELOG Maintenance,TIER-1,Governance,CHANGELOG.md + .github/agents/Virsaitis-3.0.agent.md (TIER-1.2),TBD,Implemented
REQ-GOV-006,Discovery-First Workflow,TIER-1,Governance,.github/copilot-modules/development-workflow.md (authority) + .github/agents/Virsaitis-3.0.agent.md (TIER-1.4),TBD,Implemented
REQ-GOV-007,Test Coverage Enforcement,TIER-1,Governance,TBD,TBD,Draft
REQ-GOV-008,Modular Governance Architecture,TIER-1,Governance,.github/copilot-instructions.md (hub) + .github/copilot-modules/*.md (11 modules) + .github/virsaitis-definition-library.md,TBD,Implemented
REQ-GOV-009,Consequence Documentation,TIER-2,Governance,.github/copilot-modules/core-policies.md (consequence chains) + .github/virsaitis-definition-library.md,TBD,Implemented
REQ-GOV-010,Traceability CSV Management,TIER-1,Governance,virsaitis-requirements/traceability.csv (this file),TBD,Implemented
REQ-GOV-011,Version Synchronization,TIER-1,Governance,All 14 .github/ files at v3.0.0,TBD,Implemented
REQ-GOV-012,Quality Gates,TIER-1,Governance,TBD,TBD,Draft
REQ-SEC-001,Secret Detection 100% Coverage,TIER-0,Security,TBD,TBD,Draft
REQ-SEC-002,Credential Rotation Policy,TIER-0,Security,TBD,TBD,Draft
REQ-SEC-003,Environment Variable Enforcement,TIER-0,Security,TBD,TBD,Draft
REQ-SEC-004,Input Validation - File Paths,TIER-1,Security,TBD,TBD,Draft
REQ-SEC-005,Input Validation - Command Execution,TIER-1,Security,TBD,TBD,Draft
REQ-SEC-006,Regular Expression ReDoS Prevention,TIER-2,Security,TBD,TBD,Draft
REQ-SEC-007,Error Handling - No Information Disclosure,TIER-1,Security,TBD,TBD,Draft
REQ-SEC-008,Audit Logging,TIER-1,Security,TBD,TBD,Draft
REQ-SEC-009,Principle of Least Privilege,TIER-2,Security,TBD,TBD,Draft
REQ-SEC-010,Defense in Depth,TIER-2,Security,TBD,TBD,Draft
REQ-SEC-011,Secure Defaults,TIER-2,Security,TBD,TBD,Draft
REQ-SEC-012,Cryptography Standards,TIER-2,Security,TBD,TBD,Draft
REQ-SEC-013,Security Test Coverage 100%,TIER-1,Security,TBD,TBD,Draft
REQ-SEC-014,PII Logging Prevention,TIER-2,Security,TBD,TBD,Draft
REQ-SEC-015,Security Scan Automation,TIER-1,Security,TBD,TBD,Draft
REQ-SEC-016,Vulnerability Disclosure Policy,TIER-3,Security,TBD,TBD,Draft
REQ-MCP-001,TypeScript Implementation,TIER-1,MCP Server,virsaitis-mcp/src/**/*.ts (tsconfig.json: strict ES2022 Node16),tests/unit/*.test.ts + tests/e2e/*.test.ts (277 tests),Tested
REQ-MCP-002,MCP Protocol SDK Integration,TIER-1,MCP Server,virsaitis-mcp/src/server.ts + src/index.ts (@modelcontextprotocol/sdk),tests/unit/server.test.ts + server-integration.test.ts + tests/e2e/stdio-transport.test.ts,Tested
REQ-MCP-003,File Operation Validation Engine,TIER-0,MCP Server,virsaitis-mcp/src/governance/validator.ts + types.ts + patterns.ts + cache.ts,tests/unit/validator.test.ts + patterns.test.ts + cache.test.ts,Tested
REQ-MCP-004,Agent.md Governance Loading,TIER-1,MCP Server,virsaitis-mcp/src/governance/loader.ts (loadGovernanceRules + parseMachinePolicy + parseAgentProtectedPatterns),tests/unit/loader.test.ts,Tested
REQ-MCP-005,stdio Transport,TIER-1,MCP Server,virsaitis-mcp/src/index.ts (StdioServerTransport) + .github/copilot-modules/mcp-standards.md,tests/unit/server-integration.test.ts,Tested
REQ-MCP-006,Secret Scanning Tool,TIER-0,MCP Server,virsaitis-mcp/src/tools/scan-secrets.ts (20 patterns + entropy detection),tests/unit/scan-secrets.test.ts (46 tests),Tested
REQ-MCP-007,Path Validation Tool,TIER-1,MCP Server,virsaitis-mcp/src/tools/validate-path.ts (5-layer defense + Windows reserved names),tests/unit/validate-path.test.ts (19 tests),Tested
REQ-MCP-008,Command Validation Tool,TIER-1,MCP Server,virsaitis-mcp/src/tools/validate-command.ts (24 whitelist + 23 blocked + dangerous flags),tests/unit/validate-command.test.ts (30 tests),Tested
REQ-MCP-009,Audit Log Integration,TIER-1,MCP Server,"virsaitis-mcp/src/tools/audit-logger.ts (JSON-lines + 10MB rotation + HMAC-SHA256 + streaming reader + configurable rotation)",tests/unit/audit-logger.test.ts (29 tests),Tested
REQ-MCP-010,Server Configuration,TIER-2,MCP Server,"virsaitis-mcp/src/config.ts (env vars + TTL clamping + resolveConfig + hmacKey masking)",tests/unit/config.test.ts (13 tests),Tested
REQ-MCP-011,Post-Iteration Compliance Check,TIER-1,MCP Server,virsaitis-mcp/src/tools/iteration-complete.ts (AC1+AC2+AC3+AC5 checks + RFC 4180 CSV parsing),tests/unit/iteration-complete.test.ts (30 tests),Tested
REQ-EXT-001,Extension Activation (<200ms),TIER-2,VS Code Extension,virsaitis-extension/src/extension.ts (activate + async MCP spawn),test/commands.test.ts + test/config.test.ts,Tested
REQ-EXT-002,File Save Interception (TIER-0 blocking via MCP stdio),TIER-0,VS Code Extension,virsaitis-extension/src/interceptors/file-save.ts (readonlyInclude + post-save revert),test/file-save.test.ts (11 tests),Tested
REQ-EXT-003,MCP Client Communication (stdio transport),TIER-1,VS Code Extension,virsaitis-extension/src/mcp/client.ts (JSON-RPC over stdin/stdout + AbortController timeout),test/mcp-client.test.ts (9 tests),Tested
REQ-EXT-004,Status Bar Integration (Active/Disconnected/Error),TIER-2,VS Code Extension,virsaitis-extension/src/ui/status-bar.ts (7 states + accessibility + tooltip),test/status-bar.test.ts (13 tests),Tested
REQ-EXT-005,File Decoration for Protected Files,TIER-3,VS Code Extension,virsaitis-extension/src/ui/file-decoration.ts (shield badge + yellow color + normalizePath),test/file-decoration.test.ts (9 tests),Tested
REQ-EXT-006,Override Request Command,TIER-2,VS Code Extension,virsaitis-extension/src/commands/request-override.ts (3-step input + override record + MCP audit),test/request-override.test.ts (9 tests),Tested
REQ-EXT-007,Configuration Settings (5 settings with secure defaults),TIER-2,VS Code Extension,virsaitis-extension/src/config.ts (ConfigManager + change notifications + master toggle),test/config.test.ts (7 tests),Tested
REQ-EXT-008,Extension Packaging (VSIX <10MB with bundled MCP),TIER-1,VS Code Extension,virsaitis-extension/webpack.config.js + package.json (vsce:package script),VSIX 688 KB verified,Tested
REQ-EXT-009,Webpack Build Configuration,TIER-1,VS Code Extension,virsaitis-extension/webpack.config.js (commonjs2 + ts-loader + nosources-source-map),npm run compile verified,Tested
REQ-EXT-010,Extension Testing (unit + manual checklist),TIER-1,VS Code Extension,"virsaitis-extension/vitest.config.ts (80% thresholds) + 13 test files + MANUAL-TEST-CHECKLIST.md",136 tests / 83% statements / 85% branches / 89% functions,Tested
REQ-EXT-011,MCP Server Lifecycle Management (spawn/restart/shutdown),TIER-1,VS Code Extension,virsaitis-extension/src/mcp/lifecycle.ts (spawn + health check 30s + backoff 1s/2s/4s + graceful shutdown),test/lifecycle.test.ts (9 tests),Tested
REQ-EXT-012,Secret Scanning on Save (block on detection),TIER-0,VS Code Extension,virsaitis-extension/src/interceptors/secret-scan.ts (binary skip + >100KB skip + revert + audit),test/secret-scan.test.ts (9 tests),Tested
REQ-EXT-013,MCP Server Auto-Configuration (mcp.json generation),TIER-2,VS Code Extension,virsaitis-extension/src/commands/configure-mcp.ts (merge existing + stdio entry),test/commands.test.ts (2 tests),Tested
REQ-EXT-014,Output Channel Logging,TIER-2,VS Code Extension,virsaitis-extension/src/logger.ts (severity filtering + no PII + ISO timestamps),test/logger.test.ts (13 tests),Tested
REQ-EXT-015,Cross-Platform Compatibility (Win/macOS/Linux),TIER-1,VS Code Extension,"virsaitis-extension/src/ui/file-decoration.ts (normalizePath) + src/interceptors/file-save.ts (case-insensitive patterns)",test/file-decoration.test.ts + test/file-save.test.ts,Tested
REQ-EXT-016,Governance Framework Installation (portable package deploy),TIER-1,VS Code Extension,"virsaitis-extension/src/commands/install-framework.ts (24 files + AC9/AC10/AC11 guards + backup + progress)",test/install-framework.test.ts (13 tests),Tested
REQ-EXT-017,Governance Framework Detection (presence + version check),TIER-1,VS Code Extension,virsaitis-extension/src/detection.ts (hub check + version parse + partial detection + foreign content),test/detection.test.ts (11 tests),Tested
REQ-EXT-018,Governance Framework Update (version upgrade with backup),TIER-2,VS Code Extension,virsaitis-extension/src/commands/update-framework.ts (semver compare + backup + no-downgrade),test/commands.test.ts (4 tests),Tested
REQ-EXT-019,First-Run Setup Wizard (guided onboarding),TIER-2,VS Code Extension,virsaitis-extension/src/commands/setup-wizard.ts (5-step QuickPick + markers),test/setup-wizard.test.ts (8 tests),Tested
REQ-EXT-020,Governance Framework Validation Command,TIER-1,VS Code Extension,"virsaitis-extension/src/commands/validate-framework.ts (14-file inventory + structure check + version footer + JSON report)",test/commands.test.ts (4 tests),Tested
REQ-EXT-021,Runtime Prerequisite Check (Node.js >= 18),TIER-1,VS Code Extension,virsaitis-extension/src/commands/check-prerequisites.ts (node --version + >=18 gate + setNodeRequired),test/commands.test.ts (4 tests),Tested
REQ-AGT-001,Atomic Sentence Implementation,TIER-0,Agent,.github/agents/Virsaitis-3.0.agent.md (262 lines),TBD,Implemented
REQ-AGT-002,Agent Governance Rule Loading,TIER-1,Agent,.github/agents/Virsaitis-3.0.agent.md (TIER-0/1/2 sections),TBD,Implemented
REQ-AGT-003,Consequence Chain Documentation,TIER-2,Agent,.github/agents/Virsaitis-3.0.agent.md (TIER-0 sections) + .github/virsaitis-definition-library.md,TBD,Implemented
REQ-AGT-004,Workflow Pattern Definition,TIER-1,Agent,.github/agents/Virsaitis-3.0.agent.md (Verification Checkpoints section),TBD,Implemented
REQ-AGT-005,Uncertainty Response Pattern,TIER-1,Agent,.github/agents/Virsaitis-3.0.agent.md (My Limitations section),TBD,Implemented
REQ-AGT-006,Modular Governance Reference,TIER-1,Agent,.github/agents/Virsaitis-3.0.agent.md (Module Loading section),TBD,Implemented
REQ-AGT-007,Integration Awareness,TIER-2,Agent,.github/agents/Virsaitis-3.0.agent.md (My Limitations + Brownfield sections),TBD,Implemented
REQ-AGT-008,Self-Limitation Acknowledgment,TIER-2,Agent,.github/agents/Virsaitis-3.0.agent.md (My Limitations section),TBD,Implemented
REQ-SKL-001,Core Skills Creation,TIER-1,Skills,TBD,TBD,Draft
REQ-SKL-002,YAML Frontmatter Metadata,TIER-1,Skills,TBD,TBD,Draft
REQ-SKL-003,Consequences Section Mandatory,TIER-1,Skills,TBD,TBD,Draft
REQ-SKL-004,Progressive Disclosure Levels,TIER-2,Skills,TBD,TBD,Draft
REQ-SKL-005,Validation Commands,TIER-2,Skills,TBD,TBD,Draft
REQ-TEST-001,Test Coverage Target ≥70%,TIER-1,Testing,TBD,TBD,Draft
REQ-TEST-002,Security Test Coverage 100%,TIER-1,Testing,TBD,TBD,Draft
REQ-TEST-003,Test Framework - Vitest for MCP,TIER-1,Testing,TBD,TBD,Draft
REQ-TEST-004,Test Framework - @vscode/test-electron for Extension,TIER-1,Testing,TBD,TBD,Draft
REQ-TEST-005,TDD Red-Green-Refactor,TIER-2,Testing,TBD,TBD,Draft
REQ-TEST-006,Unit Test Naming Convention,TIER-2,Testing,TBD,TBD,Draft
REQ-TEST-007,Mocking Strategy,TIER-2,Testing,TBD,TBD,Draft
REQ-TEST-008,Integration Test Suite,TIER-1,Testing,TBD,TBD,Draft
REQ-TEST-009,Pre-Commit Test Execution,TIER-1,Testing,TBD,TBD,Draft
REQ-TEST-010,Regression Test Suite,TIER-2,Testing,TBD,TBD,Draft
---
## Status Definitions
- **Draft**: Requirement documented, not yet implemented
- **Implemented**: Code written, not yet tested
- **Tested**: Unit tests passing, integration tests needed
- **Verified**: All tests passing, peer reviewed, documented
---
## Coverage Statistics
| Priority | Total | Draft | Implemented | Tested | Verified |
|----------|-------|-------|-------------|--------|----------|
| TIER-0 | 7 | 4 | 3 | 0 | 0 |
| TIER-1 | 37 | 26 | 11 | 0 | 0 |
| TIER-2 | 24 | 24 | 0 | 0 | 0 |
| TIER-3 | 3 | 3 | 0 | 0 | 0 |
| **Total** | **71** | **57** | **14** | **0** | **0** |
**MUST Requirements**: 44 (TIER-0: 7, TIER-1: 37)
**SHOULD Requirements**: 27 (TIER-2: 24, TIER-3: 3)
**Coverage**:
- Implemented: 19.7% (14/71)
- Tested: 0% (0/71)
- Verified: 0% (0/71)
---
## Implementation Priority Order
### Phase 1: Foundation (Current)
1. REQ-GOV-002 ✅ - Atomic sentences (Agent.md complete)
2. REQ-GOV-006 ✅ - Discovery workflow (documented in Agent.md)
3. REQ-GOV-008 ✅ - Modular governance (hub + 10 modules complete)
4. REQ-GOV-010 ✅ - Traceability CSV (this file created)
5. REQ-AGT-001 through REQ-AGT-008 ✅ - Agent implementation (complete)
### Phase 2: MCP Server (Next)
1. REQ-MCP-001 - TypeScript setup
2. REQ-MCP-002 - MCP SDK integration
3. REQ-MCP-004 - Agent.md parser
4. REQ-MCP-003 - Validation engine (depends on REQ-MCP-004)
5. REQ-MCP-006 - Secret scanning tool
6. REQ-MCP-007 - Path validation tool
7. REQ-MCP-008 - Command validation tool
8. REQ-MCP-005 - stdio transport
9. REQ-MCP-009 - Audit logging
10. REQ-MCP-010 - Configuration
11. REQ-MCP-011 - Post-Iteration Compliance Check
### Phase 3: Extension (Parallel with Phase 4)
1. REQ-EXT-009 - Webpack build setup
2. REQ-EXT-001 - Extension activation
3. REQ-EXT-003 - MCP client communication
4. REQ-EXT-002 - File save interception (depends on REQ-EXT-003)
5. REQ-EXT-004 - Status bar
6. REQ-EXT-007 - Configuration settings
7. REQ-EXT-006 - Override command
8. REQ-EXT-005 - Shield icons (optional)
9. REQ-EXT-008 - VSIX packaging
10. REQ-EXT-010 - Extension Host testing
### Phase 4: Skills (Parallel with Phase 3)
1. REQ-SKL-001 - Create 6 core skills structure
2. REQ-SKL-002 - YAML frontmatter all skills
3. REQ-SKL-003 - Consequences sections all skills
4. REQ-SKL-004 - Progressive disclosure
5. REQ-SKL-005 - Validation commands
### Phase 5: Security & Testing (Throughout all phases)
1. REQ-TEST-003/004 - Setup test frameworks
2. REQ-TEST-009 - Pre-commit hooks
3. REQ-SEC-015 - Security scan automation
4. REQ-SEC-001 through REQ-SEC-003 - Secret management (TIER-0)
5. REQ-TEST-001/002 - Achieve coverage targets
6. REQ-TEST-008 - Integration tests
7. REQ-GOV-012 - Quality gates
---
## Change Log
| Date | REQ-ID | Change | Author |
|------|--------|--------|--------|
| 2026-02-17 | ALL | Initial traceability matrix created | Toms Eisaks |
| 2026-02-17 | REQ-GOV-002 | Marked Implemented (Agent.md complete) | Toms Eisaks |
| 2026-02-17 | REQ-GOV-006 | Marked Implemented (Workflow in Agent.md) | Toms Eisaks |
| 2026-02-17 | REQ-GOV-008 | Marked Implemented (Hub + 10 modules) | Toms Eisaks |
| 2026-02-17 | REQ-GOV-010 | Marked Implemented (CSV created) | Toms Eisaks |
| 2026-02-17 | REQ-AGT-001 to 008 | Marked Implemented (Agent.md sections complete) | Toms Eisaks |
---
*Virsaitis Traceability Matrix v2.0.0*
*Tracking implementation and testing status for 71 requirements*
Reference in New Issue View Git Blame Copy Permalink