calorie-counter/README.md

# Calorie Counter

AI-powered calorie tracking app — Spring Boot backend + React Native mobile.

## Architecture

```
Mobile (React Native + TypeScript)
        │  REST API (JWT)
Backend (Spring Boot 3.2 / Java 21)
        │
  ┌─────────────────────────────────┐
  │ PostgreSQL          Flyway      │
  │ OpenFoodFacts API   (food DB)   │
  │ OpenAI Vision API   (AI meals)  │
  └─────────────────────────────────┘
```

## Features

- Manual food search via OpenFoodFacts
- Barcode scan → auto-fill nutrition
- Photo meal logging with AI detection (OpenAI Vision)
- **Confidence-aware calories**: `500 kcal ± 80 kcal (85% confidence)`
- Daily calorie dashboard + macro tracking
- BMR-based personalised calorie targets (Mifflin-St Jeor)
- AI correction feedback loop → improves suggestions over time
- Repeat last meal one-tap shortcut

## Structure

```
backend/     Spring Boot REST API
mobile/      React Native app
docs/        Requirements, traceability matrix
idea/        Original product research & wireframes
```

## Getting Started

### Backend

```bash
cd backend

# Required environment variables
export DB_URL=jdbc:postgresql://localhost:5432/caloriecounter
export DB_USERNAME=caloriecounter
export DB_PASSWORD=<your-db-password>
export JWT_SECRET=<256-bit-secret>
export OPENAI_API_KEY=<your-openai-key>

mvn spring-boot:run
```

### Mobile

```bash
cd mobile
npm install
npx react-native run-ios    # or run-android
```

## Requirements & Traceability

See [docs/PLAN-AND-REQUIREMENTS.md](docs/PLAN-AND-REQUIREMENTS.md) and [docs/traceability.csv](docs/traceability.csv).

35 requirements tracked across 3 phases — all implemented.

## Security

- Passwords: BCrypt cost 12
- JWT: HS256, 1hr expiry, per-request user existence check
- All secrets via environment variables — nothing hardcoded
- Input validation on all endpoints (Jakarta Validation)
- User data isolation enforced at service layer