jettypod 3.0.1

package/docs/features/standards-inventory.md

@@ -0,0 +1,257 @@
+# JettyPod Standards Inventory
+
+Complete listing of all standards with their priority levels, project stage requirements, and default values.
+
+## Understanding the Attributes
+
+### Priority Levels
+- **critical**: Must-have standards that appear even in speed mode
+- **high**: Important standards that appear in speed and discovery modes
+- **medium**: Standard practices that appear in discovery and production modes
+- **low**: Nice-to-have standards that only appear in production mode
+
+### Project Stages
+- **empty**: Brand new project, just starting
+- **starting**: Early development, basic structure in place
+- **growing**: Active development, team expanding
+- **mature**: Established project, stable development
+- **production**: Live product with real users
+
+---
+
+## Core Standards (12 total)
+
+| Standard ID | Title | Priority | Stage | Default Value | Description |
+|------------|-------|----------|-------|---------------|-------------|
+| project_structure | Project Structure | critical | empty | feature-based | Organize by features with /features, /shared, /core folders |
+| naming_files | File Naming | critical | empty | PascalCase for components (.tsx), camelCase for utils (.ts) | Component: UserProfile.tsx, Util: formatDate.ts, Hook: useAuth.ts |
+| naming_variables | Variable Naming | critical | empty | camelCase, is/has/should prefixes for booleans | isLoading, hasError, shouldUpdate, userData |
+| naming_functions | Function Naming | high | empty | Verb prefixes (get/set/handle/validate) | getUserData, handleClick, validateForm |
+| git_commits | Git Commit Messages | high | empty | Conventional commits (feat/fix/docs) | feat: add user authentication, fix: resolve login bug |
+| git_branches | Git Branch Naming | medium | starting | type/description format | feature/user-auth, bugfix/login-error, hotfix/security-patch |
+| data_types | Data Types | high | empty | TypeScript strict mode, interfaces over types | Use interfaces for objects, types for unions/primitives |
+| styling_method | Styling Method | high | empty | Tailwind CSS or CSS Modules | Tailwind for utilities, CSS Modules for complex components |
+| component_structure | Component Structure | high | empty | Function components with hooks | Props at top, hooks next, handlers, then JSX return |
+| code_formatting | Code Formatting | medium | empty | Prettier with 2 spaces, single quotes | 80 char line limit, trailing commas, no semicolons |
+| imports_exports | Import/Export Style | medium | starting | Named exports, absolute imports | Named exports except pages, @ alias for src |
+| typescript_config | TypeScript Config | low | growing | Strict mode enabled | strict: true, noImplicitAny, strictNullChecks |
+
+---
+
+## Data & API Standards (10 total)
+
+| Standard ID | Title | Priority | Stage | Default Value | Description |
+|------------|-------|----------|-------|---------------|-------------|
+| database_naming | Database Naming | high | starting | snake_case | Tables: plural (users), columns: snake_case (created_at) |
+| api_naming | API Naming | critical | starting | RESTful URLs | /api/v1/users, /api/v1/users/:id, plural nouns |
+| api_responses | API Response Format | critical | starting | Envelope pattern | {success: true, data: {}, error: null, meta: {}} |
+| api_errors | API Error Handling | high | starting | Consistent error format | {success: false, error: {code, message, details}} |
+| rest_conventions | REST Conventions | high | growing | Standard HTTP methods | GET (read), POST (create), PUT (update), DELETE |
+| graphql_schema | GraphQL Schema | medium | growing | Type-first design | Define schema before resolvers, use clear type names |
+| pagination | Pagination | medium | growing | Cursor-based | {data: [], pageInfo: {hasNext, cursor}} |
+| filtering | Filtering & Sorting | medium | growing | Query parameters | ?filter[status]=active&sort=-created_at |
+| caching | Caching Strategy | low | mature | Cache-Control headers | CDN for static, Redis for dynamic, 5min default |
+| rate_limiting | Rate Limiting | low | production | Token bucket | 100 req/min authenticated, 20 req/min anonymous |
+
+---
+
+## UI/UX Standards (10 total)
+
+| Standard ID | Title | Priority | Stage | Default Value | Description |
+|------------|-------|----------|-------|---------------|-------------|
+| component_library | Component Library | high | starting | shadcn/ui | Use shadcn/ui components from @/components/ui/ |
+| ui_consistency | UI Consistency | critical | empty | Design system approach | Consistent components, patterns, and behaviors |
+| color_system | Color System | high | empty | Semantic colors | primary, secondary, success, warning, error, neutral |
+| spacing | Spacing System | high | empty | 8px base unit | 0.5rem (4px), 1rem (8px), 2rem (16px), 4rem (32px) |
+| typography | Typography | high | starting | System font stack | -apple-system, BlinkMacSystemFont, Segoe UI, Roboto |
+| forms | Form Design | high | starting | Label above input | Required fields marked with *, inline validation |
+| buttons | Button Styles | medium | starting | 3 variants | Primary (filled), secondary (outline), ghost (text) |
+| loading_states | Loading States | high | starting | Skeleton screens | Show layout structure while loading content |
+| error_states | Error States | high | starting | Inline + toast | Field errors inline, system errors as toast |
+| accessibility | Accessibility | medium | growing | WCAG 2.1 AA | Semantic HTML, ARIA labels, keyboard navigation |
+| animations | Animations | low | mature | 200-300ms duration | Ease-in-out, respect prefers-reduced-motion |
+
+---
+
+## Security Standards (10 total)
+
+| Standard ID | Title | Priority | Stage | Default Value | Description |
+|------------|-------|----------|-------|---------------|-------------|
+| authentication | Authentication | critical | starting | JWT + refresh tokens | Access token 15min, refresh token 7 days |
+| authorization | Authorization | critical | starting | RBAC | Role-based access control with permissions |
+| password_handling | Password Handling | critical | starting | bcrypt, 10 rounds | Min 8 chars, 1 upper, 1 lower, 1 number, 1 special |
+| data_encryption | Data Encryption | high | growing | AES-256 | Encrypt PII at rest, TLS 1.3 in transit |
+| input_validation | Input Validation | critical | starting | Whitelist approach | Validate type, length, format, sanitize HTML |
+| xss_prevention | XSS Prevention | critical | starting | Escape output | DOMPurify for user content, CSP headers |
+| sql_injection | SQL Injection Prevention | critical | starting | Parameterized queries | Never concatenate SQL, use ORM or prepared statements |
+| cors | CORS Configuration | high | growing | Whitelist origins | Specific origins only, credentials: true if needed |
+| security_headers | Security Headers | medium | mature | OWASP recommendations | X-Frame-Options, X-Content-Type-Options, CSP |
+| audit_logging | Audit Logging | low | production | Who, what, when, where | User ID, action, timestamp, IP, user agent |
+
+---
+
+## Quality & Testing Standards (9 total)
+
+| Standard ID | Title | Priority | Stage | Default Value | Description |
+|------------|-------|----------|-------|---------------|-------------|
+| unit_testing | Unit Testing | high | growing | Jest + Testing Library | Test behavior not implementation, aim for 80% coverage |
+| integration_testing | Integration Testing | medium | growing | API + DB tests | Test endpoints with real database, use transactions |
+| e2e_testing | E2E Testing | low | mature | Playwright or Cypress | Critical user flows only, run in CI |
+| test_coverage | Test Coverage | medium | mature | 80% target | Measure but don't enforce, focus on critical paths |
+| error_handling | Error Handling | critical | starting | Try-catch + boundaries | Async try-catch, React error boundaries, fallback UI |
+| logging | Logging | high | growing | Structured JSON | Log levels: error, warn, info, debug, trace |
+| monitoring | Monitoring | medium | production | APM + error tracking | Sentry for errors, DataDog/NewRelic for APM |
+| performance | Performance Standards | medium | mature | Core Web Vitals | LCP < 2.5s, FID < 100ms, CLS < 0.1 |
+| documentation | Documentation | high | growing | JSDoc + README | Function comments, API docs, setup instructions |
+
+---
+
+## Advanced/Enterprise Standards (8 total)
+
+| Standard ID | Title | Priority | Stage | Default Value | Description |
+|------------|-------|----------|-------|---------------|-------------|
+| deployment | Deployment Process | medium | mature | Blue-green deployment | Zero-downtime deploys with rollback capability |
+| ci_cd | CI/CD Pipeline | medium | mature | GitHub Actions + Vercel | Test → Build → Deploy on merge to main |
+| environment_config | Environment Config | high | growing | .env files + validation | Never commit .env, use .env.example, validate on start |
+| feature_flags | Feature Flags | low | mature | LaunchDarkly or custom | Boolean flags, gradual rollout, user targeting |
+| i18n | Internationalization | low | mature | next-i18next | JSON translation files, locale detection, RTL support |
+| microservices | Microservices | low | production | API Gateway pattern | Single entry point, service discovery, circuit breakers |
+| scaling | Scaling Patterns | low | production | Horizontal first | Auto-scaling groups, load balancers, CDN |
+| disaster_recovery | Disaster Recovery | low | production | 3-2-1 backup rule | 3 copies, 2 different media, 1 offsite, RTO < 4hrs |
+
+---
+
+## Standards Distribution Summary
+
+### By Priority
+- **Critical**: 11 standards (18%)
+- **High**: 20 standards (33%)
+- **Medium**: 17 standards (28%)
+- **Low**: 12 standards (20%)
+
+### By Stage (when first introduced)
+- **Empty**: 12 standards
+- **Starting**: 19 standards
+- **Growing**: 14 standards
+- **Mature**: 9 standards
+- **Production**: 6 standards
+
+### Stage Accumulation (total available)
+- **Empty stage**: 12 standards available
+- **Starting stage**: 31 standards available (empty + starting)
+- **Growing stage**: 45 standards available (+ growing)
+- **Mature stage**: 54 standards available (+ mature)
+- **Production stage**: 60 standards available (all)
+
+---
+
+## Mode Visibility Matrix
+
+### Speed Mode (Critical + High only)
+- **Empty stage**: ~8 standards visible
+- **Starting stage**: ~20 standards visible
+- **Growing stage**: ~25 standards visible
+- **Mature stage**: ~28 standards visible
+- **Production stage**: ~31 standards visible
+
+### Discovery Mode (All priorities, balanced detail)
+- **Empty stage**: 12 standards visible
+- **Starting stage**: 31 standards visible
+- **Growing stage**: 45 standards visible
+- **Mature stage**: 54 standards visible
+- **Production stage**: 60 standards visible
+
+### Production Mode (All priorities, full documentation)
+- Same counts as Discovery mode but with:
+  - Detailed examples for each standard
+  - Edge case documentation
+  - Implementation notes
+  - Security considerations
+  - Performance implications
+
+---
+
+## Bundle Composition
+
+### Core Bundle
+Contains: All 12 core standards
+
+### Auth Bundle
+Contains: authentication, authorization, password_handling, input_validation, xss_prevention
+
+### API Bundle
+Contains: api_naming, api_responses, api_errors, rest_conventions, pagination, filtering, rate_limiting
+
+### Database Bundle
+Contains: database_naming, sql_injection, data_encryption, caching
+
+### UI Bundle
+Contains: ui_consistency, color_system, spacing, typography, forms, buttons, loading_states, error_states
+
+### Forms Bundle
+Contains: forms, input_validation, error_states, accessibility
+
+### Testing Bundle
+Contains: unit_testing, integration_testing, e2e_testing, test_coverage
+
+### Security Bundle
+Contains: All 10 security standards
+
+### Quality Bundle
+Contains: All 9 quality standards
+
+### Advanced Bundle
+Contains: All 8 advanced standards
+
+### shadcn Bundle (NEW)
+Contains: component_library (configured for shadcn/ui), styling_method (Tailwind + CSS variables), styling_spacing, forms_structure, forms_validation, accessibility, button_patterns, modal_patterns, notifications
+
+### Stack-Specific Bundles
+- **nextjs**: core + ui + api + specific Next.js patterns
+- **vite_react**: core + ui + forms + Vite-specific patterns
+- **node_api**: core + api + database + Node.js patterns
+
+---
+
+## Default Values Quick Reference
+
+### Naming Conventions
+- **Files**: PascalCase.tsx for components, camelCase.ts for utils
+- **Variables**: camelCase with is/has/should prefixes for booleans
+- **Functions**: Verb prefixes (get, set, handle, validate)
+- **Database**: snake_case for tables and columns
+- **API**: /api/v1/resource format with plural nouns
+
+### Development Practices
+- **Git**: Conventional commits (feat/fix/docs)
+- **Branches**: type/description (feature/user-auth)
+- **Testing**: 80% coverage target, behavior over implementation
+- **Documentation**: JSDoc comments + README files
+- **Errors**: Try-catch blocks + React error boundaries
+
+### Technical Choices
+- **Component Library**: shadcn/ui (copy-paste into @/components/ui/)
+- **TypeScript**: Strict mode with interfaces for objects
+- **Styling**: Tailwind CSS or CSS Modules (shadcn uses Tailwind + CSS variables)
+- **Components**: Functional with hooks
+- **API Responses**: {success, data, error, meta} envelope
+- **Authentication**: JWT with 15min access, 7 day refresh
+
+### Security Defaults
+- **Passwords**: bcrypt with 10 rounds, complex requirements
+- **Validation**: Whitelist approach, sanitize HTML
+- **CORS**: Whitelist specific origins only
+- **Headers**: OWASP recommended security headers
+- **Encryption**: AES-256 at rest, TLS 1.3 in transit
+
+### shadcn/ui Specific
+- **Installation**: `npx shadcn-ui@latest init`
+- **Add Components**: `npx shadcn-ui@latest add [component]`
+- **Location**: Components go in @/components/ui/
+- **Styling**: Use cn() utility for conditional classes
+- **Customization**: Via CSS variables in globals.css
+- **Approach**: Always check if shadcn has the component before building custom
+
+---
+
+*Last Updated: 2025-09-02*