azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-21 09:31:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-495] [AZ-496] Cycle 3 batch 1: doc convention + AspNetCore 8.0.25
ci/woodpecker/push/01-test Pipeline was successful
Details
ci/woodpecker/push/02-build-push Pipeline was successful
Details

Browse Source 
AZ-495 (1 SP): formalize the modules-only documentation convention for
the WebApi component. _docs/02_document/module-layout.md now carries an
explicit Documentation Layout section anchoring WebApi docs at
modules/api_program.md; the components/06_web_api/ folder is
intentionally absent. .cursor/skills/new-task/SKILL.md Step 4 directs
future agents at the correct path. Cycle-1 + cycle-2 F1 findings in the
two batch-review files are marked RESOLVED with back-reference to
AZ-495. Cycle-2 retrospective decision-item list F1 updated.

AZ-496 (2 SP): bump Microsoft.AspNetCore.OpenApi and JwtBearer in
SatelliteProvider.Api.csproj from 8.0.21 to 8.0.25, closing CVE-
2026-26130 (SignalR DoS - not reachable in this app, but the runtime
patch is the recommended hardening per cycle-1 D1 + cycle-2 D3).
SatelliteProvider.Tests.csproj has no direct JwtBearer reference - it
consumes JwtBearer transitively via ProjectReference to Api, so no
edit needed there. Dockerfiles use floating mcr.microsoft.com/
dotnet/aspnet:8.0 / sdk:8.0 / runtime:8.0 tags which auto-resolve to
>= 8.0.25 on rebuild. Security artifacts (dependency_scan.md,
security_report.md) and current-state docs (module-layout.md,
architecture.md, modules/api_program.md, modules/tests_unit.md)
updated to reflect 8.0.25.

Batch report + code review report (verdict PASS_WITH_WARNINGS with 2
Low findings, neither blocking) written under _docs/03_implementation.

Test suite gate deferred to Step 16 (Final Test Run) per implement
skill convention. Patch-level bump within .NET 8 LTS; regression risk
very low.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-12 01:24:48 +03:00
parent 76076cbd90
commit 9cfd80babe
15 changed files with 140 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/02_document/module-layout.md
+11 -1
View File
@@ -16,6 +16,16 @@
5. Tests live in separate projects: `SatelliteProvider.Tests/` (unit) and `SatelliteProvider.IntegrationTests/` (integration).
6. DI registration per component lives in a `<Component>ServiceCollectionExtensions.cs` adjacent to the component's classes (e.g. `TileDownloaderServiceCollectionExtensions.AddTileDownloader()`).
## Documentation Layout (canonical — AZ-495)
Each Layer-3 service component (`Common`, `DataAccess`, `TileDownloader`, `RegionProcessing`, `RouteManagement`) owns one description file under `_docs/02_document/components/0N_<name>/description.md`. The numeric prefix (`01_common` ... `05_route_management`) matches the architectural-layer order — not the alphabetical order.
**The WebApi component (`SatelliteProvider.Api`) intentionally does NOT have a `components/*` folder.** Its documentation lives in `_docs/02_document/modules/api_program.md`. The rationale is that WebApi is the orchestrator / entry-point at Layer 4 rather than a Layer-3 service component — its concerns are minimal-API endpoint mapping, DI composition, and middleware chain composition, all of which are documented at module-level alongside the other process-level concerns (`tests_unit.md`, `tests_integration.md`, `migrations.md`). Splitting WebApi documentation into a component-stub plus a module file would create two sources of truth.
When authoring or reading a task that touches WebApi, use `_docs/02_document/modules/api_program.md` as the documentation anchor. Task-spec templates and the `new-task` / `decompose` skills point at this path; the `components/06_web_api/` folder is intentionally absent and MUST NOT be created.
The cycle-1 (AZ-487) and cycle-2 (AZ-488) code reviews each surfaced an F1 (Low / Style) finding because task specs referenced the non-existent `components/01_web_api/description.md` path. AZ-495 settles this convention; the finding should not recur.
## Per-Component Mapping
### Component: Common
@@ -117,7 +127,7 @@
- `SatelliteProvider.Api/DTOs/UavTileBatchUploadRequest.cs` (added by AZ-488; multipart form binding envelope — kept in WebApi because it depends on `IFormFileCollection` + `[FromForm]`, both API-layer types)
- **Internal**: (none)
- **Owns**: `SatelliteProvider.Api/**`
- **PackageReferences (added by AZ-487)**: `Microsoft.AspNetCore.Authentication.JwtBearer` 8.0.21 (pinned to the same minor as the existing ASP.NET Core 8 packages).
- **PackageReferences (added by AZ-487, bumped by AZ-496)**: `Microsoft.AspNetCore.Authentication.JwtBearer` 8.0.25 (pinned to the same minor patch as `Microsoft.AspNetCore.OpenApi` 8.0.25; AZ-496 bumped both packages from 8.0.21 → 8.0.25 to close cycle-1 D1 + cycle-2 D3 supply-chain findings).
- **Imports from**: Common (incl. AZ-488 UAV DTOs + `UavQualityConfig`), DataAccess, TileDownloader (incl. AZ-488 `IUavTileUploadHandler`), RegionProcessing, RouteManagement
- **Consumed by**: (none — top-level entry point)