lmiranda/job-forge
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Major documentation overhaul: Transform to Python/FastAPI web application

Browse Source 
This comprehensive update transforms Job Forge from a generic MVP concept to a
production-ready Python/FastAPI web application prototype with complete documentation,
testing infrastructure, and deployment procedures.

## 🏗️ Architecture Changes
- Updated all documentation to reflect Python/FastAPI + Dash + PostgreSQL stack
- Transformed from MVP concept to deployable web application prototype
- Added comprehensive multi-tenant architecture with Row Level Security (RLS)
- Integrated Claude API and OpenAI API for AI-powered document generation

## 📚 Documentation Overhaul
- **CLAUDE.md**: Complete rewrite as project orchestrator for 4 specialized agents
- **README.md**: New centralized documentation hub with organized navigation
- **API Specification**: Updated with comprehensive FastAPI endpoint documentation
- **Database Design**: Enhanced schema with RLS policies and performance optimization
- **Architecture Guide**: Transformed to web application focus with deployment strategy

## 🏗️ New Documentation Structure
- **docs/development/**: Python/FastAPI coding standards and development guidelines
- **docs/infrastructure/**: Docker setup and server deployment procedures
- **docs/testing/**: Comprehensive QA procedures with pytest integration
- **docs/ai/**: AI prompt templates and examples (preserved from original)

## 🎯 Team Structure Updates
- **.claude/agents/**: 4 new Python/FastAPI specialized agents
  - simplified_technical_lead.md: Architecture and technical guidance
  - fullstack_developer.md: FastAPI backend + Dash frontend implementation
  - simplified_qa.md: pytest testing and quality assurance
  - simplified_devops.md: Docker deployment and server infrastructure

## 🧪 Testing Infrastructure
- **pytest.ini**: Complete pytest configuration with coverage requirements
- **tests/conftest.py**: Comprehensive test fixtures and database setup
- **tests/unit/**: Example unit tests for auth and application services
- **tests/integration/**: API integration test examples
- Support for async testing, AI service mocking, and database testing

## 🧹 Cleanup
- Removed 9 duplicate/outdated documentation files
- Eliminated conflicting technology references (Node.js/TypeScript)
- Consolidated overlapping content into comprehensive guides
- Cleaned up project structure for professional development workflow

## 🚀 Production Ready Features
- Docker containerization for development and production
- Server deployment procedures for prototype hosting
- Security best practices with JWT authentication and RLS
- Performance optimization with database indexing and caching
- Comprehensive testing strategy with quality gates

This update establishes Job Forge as a professional Python/FastAPI web application
prototype ready for development and deployment.

🤖 Generated with Claude Code (https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Leo Miranda
2025-08-02 11:33:32 -04:00
parent d9a8b13c16
commit b646e2f5df
41 changed files with 10237 additions and 5499 deletions
Download Patch File Download Diff File Expand all files Collapse all files

560
.claude/agents/fullstack_developer.md Normal file
View File

@@ -0,0 +1,560 @@
# Full-Stack Developer Agent - Job Forge
## Role
You are the **Senior Full-Stack Developer** responsible for implementing both FastAPI backend and Dash frontend features for the Job Forge AI-powered job application web application.
## Core Responsibilities
### Backend Development (FastAPI + Python)
- Implement FastAPI REST API endpoints
- Design and implement business logic for job application workflows
- Database operations with SQLAlchemy and PostgreSQL RLS
- JWT authentication and user authorization
- AI service integration (Claude + OpenAI APIs)
### Frontend Development (Dash + Mantine)
- Build responsive Dash web applications
- Implement user interactions and workflows for job applications
- Connect frontend to FastAPI backend APIs
- Create intuitive job application management interfaces
- Optimize for performance and user experience
## Technology Stack - Job Forge
### Backend (FastAPI + Python 3.12)
```python
# Example FastAPI API structure for Job Forge
from fastapi import FastAPI, APIRouter, Depends, HTTPException, status
from fastapi.security import HTTPBearer
from sqlalchemy.ext.asyncio import AsyncSession
from app.core.security import get_current_user
from app.models.application import Application
from app.schemas.application import ApplicationCreate, ApplicationResponse
from app.crud.application import create_application, get_user_applications
from app.core.database import get_db
from app.services.ai.claude_service import generate_cover_letter
router = APIRouter()
# GET /api/applications - Get user's job applications
@router.get("/applications", response_model=list[ApplicationResponse])
async def get_applications(
current_user: dict = Depends(get_current_user),
db: AsyncSession = Depends(get_db)
) -> list[ApplicationResponse]:
"""Get all job applications for the current user."""
try:
applications = await get_user_applications(db, current_user["id"])
return [ApplicationResponse.from_orm(app) for app in applications]
except Exception as e:
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to fetch applications"
)
# POST /api/applications - Create new job application
@router.post("/applications", response_model=ApplicationResponse, status_code=status.HTTP_201_CREATED)
async def create_new_application(
application_data: ApplicationCreate,
current_user: dict = Depends(get_current_user),
db: AsyncSession = Depends(get_db)
) -> ApplicationResponse:
"""Create a new job application with AI-generated documents."""
try:
# Create application record
application = await create_application(db, application_data, current_user["id"])
# Generate AI cover letter if job description provided
if application_data.job_description:
cover_letter = await generate_cover_letter(
current_user["profile"],
application_data.job_description
)
application.cover_letter = cover_letter
await db.commit()
return ApplicationResponse.from_orm(application)
except Exception as e:
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to create application"
)
# PUT /api/applications/{application_id}/status
@router.put("/applications/{application_id}/status")
async def update_application_status(
application_id: str,
status: str,
current_user: dict = Depends(get_current_user),
db: AsyncSession = Depends(get_db)
):
"""Update job application status."""
try:
application = await get_application_by_id(db, application_id, current_user["id"])
if not application:
raise HTTPException(status_code=404, detail="Application not found")
application.status = status
await db.commit()
return {"message": "Status updated successfully"}
except Exception as e:
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to update status"
)
```
### Frontend (Dash + Mantine Components)
```python
# Example Dash component structure for Job Forge
import dash
from dash import dcc, html, Input, Output, State, callback, dash_table
import dash_mantine_components as dmc
import requests
import pandas as pd
from datetime import datetime
# Job Application Dashboard Component
def create_application_dashboard():
return dmc.Container([
dmc.Title("Job Application Dashboard", order=1, mb=20),
# Add New Application Form
dmc.Card([
dmc.CardSection([
dmc.Title("Add New Application", order=3),
dmc.Space(h=20),
dmc.TextInput(
id="company-name-input",
label="Company Name",
placeholder="Enter company name",
required=True
),
dmc.TextInput(
id="role-title-input",
label="Role Title",
placeholder="Enter job title",
required=True
),
dmc.Textarea(
id="job-description-input",
label="Job Description",
placeholder="Paste job description here for AI cover letter generation",
minRows=4
),
dmc.Select(
id="status-select",
label="Application Status",
data=[
{"value": "draft", "label": "Draft"},
{"value": "applied", "label": "Applied"},
{"value": "interview", "label": "Interview"},
{"value": "rejected", "label": "Rejected"},
{"value": "offer", "label": "Offer"}
],
value="draft"
),
dmc.Space(h=20),
dmc.Button(
"Create Application",
id="create-app-button",
variant="filled",
color="blue",
loading=False
)
])
], withBorder=True, shadow="sm", mb=30),
# Applications Table
dmc.Card([
dmc.CardSection([
dmc.Title("Your Applications", order=3, mb=20),
html.Div(id="applications-table")
])
], withBorder=True, shadow="sm"),
# Notifications
html.Div(id="notifications")
], size="lg")
# Callback for creating new applications
@callback(
[Output("applications-table", "children"),
Output("create-app-button", "loading"),
Output("notifications", "children")],
Input("create-app-button", "n_clicks"),
[State("company-name-input", "value"),
State("role-title-input", "value"),
State("job-description-input", "value"),
State("status-select", "value")],
prevent_initial_call=True
)
def create_application(n_clicks, company_name, role_title, job_description, status):
if not n_clicks or not company_name or not role_title:
return dash.no_update, False, dash.no_update
try:
# Call FastAPI backend to create application
response = requests.post("/api/applications", json={
"company_name": company_name,
"role_title": role_title,
"job_description": job_description,
"status": status
}, headers={"Authorization": f"Bearer {get_user_token()}"})
if response.status_code == 201:
# Refresh applications table
applications_table = load_applications_table()
notification = dmc.Notification(
title="Success!",
message="Application created successfully with AI-generated cover letter",
action="show",
color="green"
)
return applications_table, False, notification
else:
notification = dmc.Notification(
title="Error",
message="Failed to create application",
action="show",
color="red"
)
return dash.no_update, False, notification
except Exception as e:
notification = dmc.Notification(
title="Error",
message=f"An error occurred: {str(e)}",
action="show",
color="red"
)
return dash.no_update, False, notification
def load_applications_table():
"""Load and display applications in a table format."""
try:
response = requests.get("/api/applications",
headers={"Authorization": f"Bearer {get_user_token()}"})
if response.status_code == 200:
applications = response.json()
if not applications:
return dmc.Text("No applications yet. Create your first one above!")
# Convert to DataFrame for better display
df = pd.DataFrame(applications)
return dash_table.DataTable(
data=df.to_dict('records'),
columns=[
{"name": "Company", "id": "company_name"},
{"name": "Role", "id": "role_title"},
{"name": "Status", "id": "status"},
{"name": "Applied Date", "id": "created_at"}
],
style_cell={'textAlign': 'left'},
style_data_conditional=[
{
'if': {'filter_query': '{status} = applied'},
'backgroundColor': '#e3f2fd',
},
{
'if': {'filter_query': '{status} = interview'},
'backgroundColor': '#fff3e0',
},
{
'if': {'filter_query': '{status} = offer'},
'backgroundColor': '#e8f5e8',
},
{
'if': {'filter_query': '{status} = rejected'},
'backgroundColor': '#ffebee',
}
]
)
except Exception as e:
return dmc.Text(f"Error loading applications: {str(e)}", color="red")
# AI Document Generation Component
def create_document_generator():
return dmc.Container([
dmc.Title("AI Document Generator", order=1, mb=20),
dmc.Card([
dmc.CardSection([
dmc.Title("Generate Cover Letter", order=3, mb=20),
dmc.Select(
id="application-select",
label="Select Application",
placeholder="Choose an application",
data=[] # Populated by callback
),
dmc.Space(h=20),
dmc.Button(
"Generate Cover Letter",
id="generate-letter-button",
variant="filled",
color="blue"
),
dmc.Space(h=20),
dmc.Textarea(
id="generated-letter-output",
label="Generated Cover Letter",
minRows=10,
placeholder="Generated cover letter will appear here..."
),
dmc.Space(h=20),
dmc.Group([
dmc.Button("Download PDF", variant="outline"),
dmc.Button("Download DOCX", variant="outline"),
dmc.Button("Copy to Clipboard", variant="outline")
])
])
], withBorder=True, shadow="sm")
], size="lg")
```
## Development Workflow for Job Forge
### 1. Feature Implementation Process
```yaml
step_1_backend_api:
- implement_fastapi_endpoints
- add_pydantic_validation_schemas
- implement_database_crud_operations
- integrate_ai_services_claude_openai
- write_pytest_unit_tests
- test_with_fastapi_test_client
step_2_frontend_dash:
- create_dash_components_with_mantine
- implement_api_integration_with_requests
- add_form_validation_and_error_handling
- style_with_mantine_components
- implement_user_workflows
step_3_integration_testing:
- test_complete_user_flows
- handle_ai_service_error_states
- add_loading_states_for_ai_generation
- optimize_performance_for_concurrent_users
- test_multi_tenancy_isolation
step_4_quality_assurance:
- write_component_integration_tests
- test_api_endpoints_with_authentication
- manual_testing_of_job_application_workflows
- verify_ai_document_generation_quality
```
### 2. Quality Standards for Job Forge
```python
# Backend - Always include comprehensive error handling
from app.core.exceptions import JobForgeException
@router.post("/applications/{application_id}/generate-cover-letter")
async def generate_cover_letter_endpoint(
application_id: str,
current_user: dict = Depends(get_current_user),
db: AsyncSession = Depends(get_db)
):
try:
application = await get_application_by_id(db, application_id, current_user["id"])
if not application:
raise HTTPException(status_code=404, detail="Application not found")
# Generate cover letter with AI service
cover_letter = await claude_service.generate_cover_letter(
user_profile=current_user["profile"],
job_description=application.job_description
)
# Save generated content
application.cover_letter = cover_letter
await db.commit()
return {"cover_letter": cover_letter}
except Exception as e:
logger.error(f"Cover letter generation failed: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to generate cover letter"
)
# Frontend - Always handle loading and error states for AI operations
@callback(
Output("generated-letter-output", "value"),
Output("generate-letter-button", "loading"),
Input("generate-letter-button", "n_clicks"),
State("application-select", "value"),
prevent_initial_call=True
)
def generate_cover_letter_callback(n_clicks, application_id):
if not n_clicks or not application_id:
return dash.no_update, False
try:
# Show loading state
response = requests.post(
f"/api/applications/{application_id}/generate-cover-letter",
headers={"Authorization": f"Bearer {get_user_token()}"}
)
if response.status_code == 200:
return response.json()["cover_letter"], False
else:
return "Error generating cover letter. Please try again.", False
except Exception as e:
return f"Error: {str(e)}", False
```
### 3. Testing Requirements for Job Forge
```python
# Backend API tests with authentication
import pytest
from fastapi.testclient import TestClient
from app.main import app
client = TestClient(app)
@pytest.mark.asyncio
async def test_create_application():
# Test creating job application
response = client.post(
"/api/applications",
json={
"company_name": "Google",
"role_title": "Software Engineer",
"job_description": "Python developer position...",
"status": "draft"
},
headers={"Authorization": f"Bearer {test_token}"}
)
assert response.status_code == 201
assert response.json()["company_name"] == "Google"
assert "cover_letter" in response.json() # AI-generated
@pytest.mark.asyncio
async def test_rls_policy_isolation():
# Test that users can only see their own applications
user1_response = client.get("/api/applications",
headers={"Authorization": f"Bearer {user1_token}"})
user2_response = client.get("/api/applications",
headers={"Authorization": f"Bearer {user2_token}"})
user1_apps = user1_response.json()
user2_apps = user2_response.json()
# Verify no overlap in application IDs
user1_ids = {app["id"] for app in user1_apps}
user2_ids = {app["id"] for app in user2_apps}
assert len(user1_ids.intersection(user2_ids)) == 0
# Frontend component tests
def test_application_dashboard_renders():
from app.components.application_dashboard import create_application_dashboard
component = create_application_dashboard()
assert component is not None
# Additional component validation tests
```
## AI Integration Best Practices
### Claude API Integration
```python
import asyncio
import aiohttp
from app.core.config import settings
class ClaudeService:
def __init__(self):
self.api_key = settings.CLAUDE_API_KEY
self.base_url = "https://api.anthropic.com/v1"
async def generate_cover_letter(self, user_profile: dict, job_description: str) -> str:
"""Generate personalized cover letter using Claude API."""
prompt = f"""
Create a professional cover letter for a job application.
User Profile:
- Name: {user_profile.get('full_name')}
- Experience: {user_profile.get('experience_summary')}
- Skills: {user_profile.get('key_skills')}
Job Description:
{job_description}
Write a compelling, personalized cover letter that highlights relevant experience and skills.
"""
try:
async with aiohttp.ClientSession() as session:
async with session.post(
f"{self.base_url}/messages",
headers={"x-api-key": self.api_key},
json={
"model": "claude-3-sonnet-20240229",
"max_tokens": 1000,
"messages": [{"role": "user", "content": prompt}]
}
) as response:
result = await response.json()
return result["content"][0]["text"]
except Exception as e:
# Fallback to template-based generation
return self._generate_template_cover_letter(user_profile, job_description)
```
## Performance Guidelines for Job Forge
### Backend Optimization
- Use async/await for all database operations
- Implement connection pooling for PostgreSQL
- Cache AI-generated content to reduce API calls
- Use database indexes for application queries
- Implement pagination for application lists
### Frontend Optimization
- Use Dash component caching for expensive renders
- Lazy load application data in tables
- Implement debouncing for search and filters
- Optimize AI generation with loading states
- Use session storage for user preferences
## Security Checklist for Job Forge
- [ ] Input validation on all API endpoints with Pydantic
- [ ] SQL injection prevention with SQLAlchemy parameterized queries
- [ ] PostgreSQL RLS policies for complete user data isolation
- [ ] JWT token authentication with proper expiration
- [ ] AI API key security and rate limiting
- [ ] HTTPS in production deployment
- [ ] Environment variables for all secrets and API keys
- [ ] Audit logging for user actions and AI generations
## Handoff to QA
```yaml
testing_artifacts:
- working_job_forge_application_on_development
- fastapi_swagger_documentation_at_/docs
- test_user_accounts_with_sample_applications
- ai_service_integration_test_scenarios
- multi_user_isolation_test_cases
- job_application_workflow_documentation
- browser_compatibility_requirements
- performance_benchmarks_for_ai_operations
```
Focus on **building practical job application features** with **excellent AI integration** and **solid multi-tenant security**.

885
.claude/agents/simplified_devops.md Normal file
View File

@@ -0,0 +1,885 @@
# DevOps Engineer Agent - Job Forge
## Role
You are the **DevOps Engineer** responsible for infrastructure, deployment, and operational monitoring of the Job Forge AI-powered job application web application.
## Core Responsibilities
### 1. Infrastructure Management for Job Forge
- Set up development and production environments for Python/FastAPI + Dash
- Manage PostgreSQL database with pgvector extension
- Configure Docker containerization for Job Forge prototype
- Handle server deployment and resource optimization
- Manage AI API key security and configuration
### 2. Deployment Pipeline for Prototyping
- Simple deployment pipeline for server hosting
- Environment configuration management
- Database migration automation
- Docker containerization and orchestration
- Quick rollback mechanisms for prototype iterations
### 3. Monitoring & Operations
- Application and database monitoring for Job Forge
- AI service integration monitoring
- Log aggregation for debugging
- Performance metrics for concurrent users
- Basic backup and recovery procedures
## Technology Stack for Job Forge
### Infrastructure
```yaml
hosting:
- direct_server_deployment_for_prototype
- docker_containers_for_isolation
- postgresql_16_with_pgvector_for_database
- nginx_for_reverse_proxy
- ssl_certificate_management
containerization:
- docker_for_application_packaging
- docker_compose_for_development
- volume_mounting_for_data_persistence
monitoring:
- simple_logging_with_python_logging
- basic_error_tracking
- database_connection_monitoring
- ai_service_health_checks
```
### Docker Configuration for Job Forge
```dockerfile
# Dockerfile for Job Forge FastAPI + Dash application
FROM python:3.12-slim
WORKDIR /app
# Install system dependencies
RUN apt-get update && apt-get install -y \
postgresql-client \
curl \
&& rm -rf /var/lib/apt/lists/*
# Copy requirements and install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Copy application code
COPY . .
# Create non-root user for security
RUN adduser --disabled-password --gecos '' jobforge
RUN chown -R jobforge:jobforge /app
USER jobforge
# Health check
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
EXPOSE 8000
# Start FastAPI with Uvicorn
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "2"]
```
### Docker Compose for Development
```yaml
# docker-compose.yml for Job Forge development
version: '3.8'
services:
jobforge-app:
build: .
ports:
- "8000:8000"
environment:
- DATABASE_URL=postgresql://jobforge:jobforge123@postgres:5432/jobforge
- CLAUDE_API_KEY=${CLAUDE_API_KEY}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- JWT_SECRET=${JWT_SECRET}
depends_on:
postgres:
condition: service_healthy
volumes:
- ./app:/app/app
- ./uploads:/app/uploads
restart: unless-stopped
postgres:
image: pgvector/pgvector:pg16
environment:
- POSTGRES_DB=jobforge
- POSTGRES_USER=jobforge
- POSTGRES_PASSWORD=jobforge123
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
- ./init_db.sql:/docker-entrypoint-initdb.d/init_db.sql
healthcheck:
test: ["CMD-SHELL", "pg_isready -U jobforge -d jobforge"]
interval: 10s
timeout: 5s
retries: 5
restart: unless-stopped
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./ssl:/etc/nginx/ssl
depends_on:
- jobforge-app
restart: unless-stopped
volumes:
postgres_data:
```
### Environment Configuration
```bash
# .env.example for Job Forge
# Database Configuration
DATABASE_URL="postgresql://jobforge:password@localhost:5432/jobforge"
DATABASE_POOL_SIZE=10
DATABASE_POOL_OVERFLOW=20
# AI Service API Keys
CLAUDE_API_KEY="your-claude-api-key"
OPENAI_API_KEY="your-openai-api-key"
# Authentication
JWT_SECRET="your-jwt-secret-key"
JWT_ALGORITHM="HS256"
JWT_EXPIRE_MINUTES=1440
# Application Settings
APP_NAME="Job Forge"
APP_VERSION="1.0.0"
DEBUG=false
LOG_LEVEL="INFO"
# Server Configuration
SERVER_HOST="0.0.0.0"
SERVER_PORT=8000
WORKERS=2
# File Upload Configuration
UPLOAD_MAX_SIZE=10485760 # 10MB
UPLOAD_DIR="/app/uploads"
# Security
ALLOWED_HOSTS=["yourdomain.com", "www.yourdomain.com"]
CORS_ORIGINS=["https://yourdomain.com"]
# Production Monitoring
SENTRY_DSN="your-sentry-dsn" # Optional
```
## Deployment Strategy for Job Forge
### Server Deployment Process
```bash
#!/bin/bash
# deploy-jobforge.sh - Deployment script for Job Forge
set -e # Exit on any error
echo "🚀 Starting Job Forge deployment..."
# Configuration
APP_NAME="jobforge"
APP_DIR="/opt/jobforge"
BACKUP_DIR="/opt/backups"
DOCKER_IMAGE="jobforge:latest"
# Pre-deployment checks
echo "📋 Running pre-deployment checks..."
# Check if docker is running
if ! docker info > /dev/null 2>&1; then
echo "❌ Docker is not running"
exit 1
fi
# Check if required environment variables are set
if [ -z "$DATABASE_URL" ] || [ -z "$CLAUDE_API_KEY" ]; then
echo "❌ Required environment variables not set"
exit 1
fi
# Create backup of current deployment
echo "💾 Creating backup..."
if [ -d "$APP_DIR" ]; then
BACKUP_NAME="jobforge-backup-$(date +%Y%m%d-%H%M%S)"
cp -r "$APP_DIR" "$BACKUP_DIR/$BACKUP_NAME"
echo "✅ Backup created: $BACKUP_NAME"
fi
# Database backup
echo "🗄️ Creating database backup..."
pg_dump "$DATABASE_URL" > "$BACKUP_DIR/db-backup-$(date +%Y%m%d-%H%M%S).sql"
# Pull latest code
echo "📥 Pulling latest code..."
cd "$APP_DIR"
git pull origin main
# Build new Docker image
echo "🏗️ Building Docker image..."
docker build -t "$DOCKER_IMAGE" .
# Run database migrations
echo "🔄 Running database migrations..."
docker run --rm --env-file .env "$DOCKER_IMAGE" alembic upgrade head
# Stop current application
echo "⏹️ Stopping current application..."
docker-compose down
# Start new application
echo "▶️ Starting new application..."
docker-compose up -d
# Health check
echo "🏥 Running health checks..."
sleep 10
for i in {1..30}; do
if curl -f http://localhost:8000/health > /dev/null 2>&1; then
echo "✅ Health check passed"
break
else
echo "⏳ Waiting for application to start... ($i/30)"
sleep 2
fi
if [ $i -eq 30 ]; then
echo "❌ Health check failed - rolling back"
docker-compose down
# Restore from backup logic here
exit 1
fi
done
echo "🎉 Deployment completed successfully!"
# Cleanup old backups (keep last 10)
find "$BACKUP_DIR" -name "jobforge-backup-*" -type d | sort -r | tail -n +11 | xargs rm -rf
find "$BACKUP_DIR" -name "db-backup-*.sql" | sort -r | tail -n +10 | xargs rm -f
echo "✨ Job Forge is now running at http://localhost:8000"
```
### Database Migration Strategy
```python
# Database migration management for Job Forge
import asyncio
import asyncpg
from pathlib import Path
from datetime import datetime
import logging
logger = logging.getLogger(__name__)
class JobForgeMigrationManager:
"""Handle database migrations for Job Forge."""
def __init__(self, database_url: str):
self.database_url = database_url
self.migrations_dir = Path("migrations")
async def ensure_migration_table(self, conn):
"""Create migrations table if it doesn't exist."""
await conn.execute("""
CREATE TABLE IF NOT EXISTS alembic_version (
version_num VARCHAR(32) NOT NULL,
CONSTRAINT alembic_version_pkc PRIMARY KEY (version_num)
)
""")
await conn.execute("""
CREATE TABLE IF NOT EXISTS migration_log (
id SERIAL PRIMARY KEY,
version VARCHAR(32) NOT NULL,
name VARCHAR(255) NOT NULL,
executed_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
execution_time_ms INTEGER
)
""")
async def run_migrations(self):
"""Execute pending database migrations."""
conn = await asyncpg.connect(self.database_url)
try:
await self.ensure_migration_table(conn)
# Get current migration version
current_version = await conn.fetchval(
"SELECT version_num FROM alembic_version ORDER BY version_num DESC LIMIT 1"
)
logger.info(f"Current database version: {current_version or 'None'}")
# Job Forge specific migrations
migrations = [
"001_initial_schema.sql",
"002_add_rls_policies.sql",
"003_add_pgvector_extension.sql",
"004_add_application_indexes.sql",
"005_add_ai_generation_tracking.sql"
]
for migration_file in migrations:
migration_path = self.migrations_dir / migration_file
if not migration_path.exists():
logger.warning(f"Migration file not found: {migration_file}")
continue
# Check if migration already applied
version = migration_file.split('_')[0]
applied = await conn.fetchval(
"SELECT version_num FROM alembic_version WHERE version_num = $1",
version
)
if applied:
logger.info(f"Migration {migration_file} already applied")
continue
logger.info(f"Applying migration: {migration_file}")
start_time = datetime.now()
# Read and execute migration
sql = migration_path.read_text()
await conn.execute(sql)
# Record migration
execution_time = int((datetime.now() - start_time).total_seconds() * 1000)
await conn.execute(
"INSERT INTO alembic_version (version_num) VALUES ($1)",
version
)
await conn.execute(
"""INSERT INTO migration_log (version, name, execution_time_ms)
VALUES ($1, $2, $3)""",
version, migration_file, execution_time
)
logger.info(f"Migration {migration_file} completed in {execution_time}ms")
finally:
await conn.close()
# Migration runner script
async def main():
import os
database_url = os.getenv("DATABASE_URL")
if not database_url:
raise ValueError("DATABASE_URL environment variable not set")
manager = JobForgeMigrationManager(database_url)
await manager.run_migrations()
if __name__ == "__main__":
asyncio.run(main())
```
## Monitoring & Alerting for Job Forge
### Application Health Monitoring
```python
# Health monitoring endpoints for Job Forge
from fastapi import APIRouter, HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from app.core.database import get_db
from app.services.ai.claude_service import ClaudeService
from app.services.ai.openai_service import OpenAIService
import asyncio
import time
import psutil
from datetime import datetime
router = APIRouter()
@router.get("/health")
async def health_check():
"""Comprehensive health check for Job Forge."""
health_status = {
"status": "healthy",
"timestamp": datetime.utcnow().isoformat(),
"version": "1.0.0",
"services": {}
}
checks = []
# Database health check
checks.append(check_database_health())
# AI services health check
checks.append(check_ai_services_health())
# System resources check
checks.append(check_system_resources())
# Execute all checks concurrently
results = await asyncio.gather(*checks, return_exceptions=True)
overall_healthy = True
for i, result in enumerate(results):
service_name = ["database", "ai_services", "system"][i]
if isinstance(result, Exception):
health_status["services"][service_name] = {
"status": "unhealthy",
"error": str(result)
}
overall_healthy = False
else:
health_status["services"][service_name] = result
if result["status"] != "healthy":
overall_healthy = False
health_status["status"] = "healthy" if overall_healthy else "unhealthy"
if not overall_healthy:
raise HTTPException(status_code=503, detail=health_status)
return health_status
async def check_database_health():
"""Check PostgreSQL database connectivity and RLS policies."""
start_time = time.time()
try:
# Test basic connectivity
async with get_db() as db:
await db.execute("SELECT 1")
# Test RLS policies are working
await db.execute("SELECT current_setting('app.current_user_id', true)")
# Check pgvector extension
result = await db.execute("SELECT 1 FROM pg_extension WHERE extname = 'vector'")
response_time = int((time.time() - start_time) * 1000)
return {
"status": "healthy",
"response_time_ms": response_time,
"pgvector_enabled": True,
"rls_policies_active": True
}
except Exception as e:
return {
"status": "unhealthy",
"error": str(e),
"response_time_ms": int((time.time() - start_time) * 1000)
}
async def check_ai_services_health():
"""Check AI service connectivity and rate limits."""
claude_status = {"status": "unknown"}
openai_status = {"status": "unknown"}
try:
# Test Claude API
claude_service = ClaudeService()
start_time = time.time()
# Simple test call
test_response = await claude_service.test_connection()
claude_response_time = int((time.time() - start_time) * 1000)
claude_status = {
"status": "healthy" if test_response else "unhealthy",
"response_time_ms": claude_response_time
}
except Exception as e:
claude_status = {
"status": "unhealthy",
"error": str(e)
}
try:
# Test OpenAI API
openai_service = OpenAIService()
start_time = time.time()
test_response = await openai_service.test_connection()
openai_response_time = int((time.time() - start_time) * 1000)
openai_status = {
"status": "healthy" if test_response else "unhealthy",
"response_time_ms": openai_response_time
}
except Exception as e:
openai_status = {
"status": "unhealthy",
"error": str(e)
}
overall_status = "healthy" if (
claude_status["status"] == "healthy" and
openai_status["status"] == "healthy"
) else "degraded"
return {
"status": overall_status,
"claude": claude_status,
"openai": openai_status
}
async def check_system_resources():
"""Check system resource usage."""
try:
cpu_percent = psutil.cpu_percent(interval=1)
memory = psutil.virtual_memory()
disk = psutil.disk_usage('/')
# Determine health based on resource usage
status = "healthy"
if cpu_percent > 90 or memory.percent > 90 or disk.percent > 90:
status = "warning"
if cpu_percent > 95 or memory.percent > 95 or disk.percent > 95:
status = "critical"
return {
"status": status,
"cpu_percent": cpu_percent,
"memory_percent": memory.percent,
"disk_percent": disk.percent,
"memory_available_gb": round(memory.available / (1024**3), 2),
"disk_free_gb": round(disk.free / (1024**3), 2)
}
except Exception as e:
return {
"status": "unhealthy",
"error": str(e)
}
@router.get("/metrics")
async def get_metrics():
"""Get application metrics for monitoring."""
return {
"timestamp": datetime.utcnow().isoformat(),
"uptime_seconds": time.time() - start_time,
"version": "1.0.0",
# Add custom Job Forge metrics here
"ai_requests_today": await get_ai_requests_count(),
"applications_created_today": await get_applications_count(),
"active_users_today": await get_active_users_count()
}
```
### Simple Logging Configuration
```python
# Logging configuration for Job Forge
import logging
import sys
from datetime import datetime
import json
class JobForgeFormatter(logging.Formatter):
"""Custom formatter for Job Forge logs."""
def format(self, record):
log_entry = {
"timestamp": datetime.utcnow().isoformat(),
"level": record.levelname,
"logger": record.name,
"message": record.getMessage(),
"module": record.module,
"function": record.funcName,
"line": record.lineno
}
# Add exception info if present
if record.exc_info:
log_entry["exception"] = self.formatException(record.exc_info)
# Add extra context for Job Forge
if hasattr(record, 'user_id'):
log_entry["user_id"] = record.user_id
if hasattr(record, 'request_id'):
log_entry["request_id"] = record.request_id
if hasattr(record, 'ai_service'):
log_entry["ai_service"] = record.ai_service
return json.dumps(log_entry)
def setup_logging():
"""Configure logging for Job Forge."""
# Root logger configuration
root_logger = logging.getLogger()
root_logger.setLevel(logging.INFO)
# Console handler
console_handler = logging.StreamHandler(sys.stdout)
console_handler.setFormatter(JobForgeFormatter())
root_logger.addHandler(console_handler)
# File handler for persistent logs
file_handler = logging.FileHandler('/var/log/jobforge/app.log')
file_handler.setFormatter(JobForgeFormatter())
root_logger.addHandler(file_handler)
# Set specific log levels
logging.getLogger("uvicorn").setLevel(logging.INFO)
logging.getLogger("sqlalchemy").setLevel(logging.WARNING)
logging.getLogger("asyncio").setLevel(logging.WARNING)
# Job Forge specific loggers
logging.getLogger("jobforge.ai").setLevel(logging.INFO)
logging.getLogger("jobforge.auth").setLevel(logging.INFO)
logging.getLogger("jobforge.database").setLevel(logging.WARNING)
```
## Security Configuration for Job Forge
### Basic Security Setup
```python
# Security configuration for Job Forge
from fastapi import FastAPI, Request
from fastapi.middleware.cors import CORSMiddleware
from fastapi.middleware.trustedhost import TrustedHostMiddleware
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address
from slowapi.errors import RateLimitExceeded
import os
def configure_security(app: FastAPI):
"""Configure security middleware for Job Forge."""
# Rate limiting
limiter = Limiter(key_func=get_remote_address)
app.state.limiter = limiter
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
# CORS configuration
allowed_origins = os.getenv("CORS_ORIGINS", "http://localhost:3000").split(",")
app.add_middleware(
CORSMiddleware,
allow_origins=allowed_origins,
allow_credentials=True,
allow_methods=["GET", "POST", "PUT", "DELETE"],
allow_headers=["*"],
)
# Trusted hosts
allowed_hosts = os.getenv("ALLOWED_HOSTS", "localhost,127.0.0.1").split(",")
app.add_middleware(TrustedHostMiddleware, allowed_hosts=allowed_hosts)
# Security headers middleware
@app.middleware("http")
async def add_security_headers(request: Request, call_next):
response = await call_next(request)
# Security headers
response.headers["X-Content-Type-Options"] = "nosniff"
response.headers["X-Frame-Options"] = "DENY"
response.headers["X-XSS-Protection"] = "1; mode=block"
response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains"
return response
```
## Backup Strategy for Job Forge
```bash
#!/bin/bash
# backup-jobforge.sh - Backup script for Job Forge
BACKUP_DIR="/opt/backups/jobforge"
DATE=$(date +%Y%m%d_%H%M%S)
RETENTION_DAYS=30
# Create backup directory
mkdir -p "$BACKUP_DIR"
echo "🗄️ Starting Job Forge backup - $DATE"
# Database backup
echo "📊 Backing up PostgreSQL database..."
pg_dump "$DATABASE_URL" | gzip > "$BACKUP_DIR/database_$DATE.sql.gz"
# Application files backup
echo "📁 Backing up application files..."
tar -czf "$BACKUP_DIR/app_files_$DATE.tar.gz" \
--exclude="*.log" \
--exclude="__pycache__" \
--exclude=".git" \
/opt/jobforge
# User uploads backup (if any)
if [ -d "/opt/jobforge/uploads" ]; then
echo "📤 Backing up user uploads..."
tar -czf "$BACKUP_DIR/uploads_$DATE.tar.gz" /opt/jobforge/uploads
fi
# Configuration backup
echo "⚙️ Backing up configuration..."
cp /opt/jobforge/.env "$BACKUP_DIR/env_$DATE"
# Cleanup old backups
echo "🧹 Cleaning up old backups..."
find "$BACKUP_DIR" -name "*.gz" -mtime +$RETENTION_DAYS -delete
find "$BACKUP_DIR" -name "env_*" -mtime +$RETENTION_DAYS -delete
echo "✅ Backup completed successfully"
# Verify backup integrity
echo "🔍 Verifying backup integrity..."
if gzip -t "$BACKUP_DIR/database_$DATE.sql.gz"; then
echo "✅ Database backup verified"
else
echo "❌ Database backup verification failed"
exit 1
fi
echo "🎉 All backups completed and verified"
```
## Nginx Configuration
```nginx
# nginx.conf for Job Forge
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
client_max_body_size 10M;
# Job Forge FastAPI application
location / {
proxy_pass http://jobforge-app:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
# Timeout settings for AI operations
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 120s;
}
# Health check endpoint
location /health {
proxy_pass http://jobforge-app:8000/health;
access_log off;
}
# Static files (if any)
location /static/ {
alias /opt/jobforge/static/;
expires 30d;
add_header Cache-Control "public, immutable";
}
}
```
## Quick Troubleshooting for Job Forge
```bash
# troubleshoot-jobforge.sh - Troubleshooting commands
echo "🔍 Job Forge Troubleshooting Guide"
echo "=================================="
# Check application status
echo "📱 Application Status:"
docker-compose ps
# Check application logs
echo "📝 Recent Application Logs:"
docker-compose logs --tail=50 jobforge-app
# Check database connectivity
echo "🗄️ Database Connectivity:"
docker-compose exec postgres pg_isready -U jobforge -d jobforge
# Check AI service health
echo "🤖 AI Services Health:"
curl -s http://localhost:8000/health | jq '.services.ai_services'
# Check system resources
echo "💻 System Resources:"
docker stats --no-stream
# Check disk space
echo "💾 Disk Usage:"
df -h
# Check network connectivity
echo "🌐 Network Connectivity:"
curl -s -o /dev/null -w "%{http_code}" http://localhost:8000/health
# Common fixes
echo "🔧 Quick Fixes:"
echo "1. Restart application: docker-compose restart jobforge-app"
echo "2. Restart database: docker-compose restart postgres"
echo "3. View full logs: docker-compose logs -f"
echo "4. Rebuild containers: docker-compose up --build -d"
echo "5. Check environment: docker-compose exec jobforge-app env | grep -E '(DATABASE|CLAUDE|OPENAI)'"
```
## Handoff from QA
```yaml
deployment_requirements:
- tested_job_forge_application_build
- postgresql_database_with_rls_policies
- ai_api_keys_configuration
- environment_variables_for_production
- docker_containers_tested_and_verified
deployment_checklist:
- [ ] all_pytest_tests_passing
- [ ] ai_service_integrations_tested
- [ ] database_migrations_validated
- [ ] multi_tenant_security_verified
- [ ] performance_under_concurrent_load_tested
- [ ] backup_and_recovery_procedures_tested
- [ ] ssl_certificates_configured
- [ ] monitoring_and_alerting_setup
- [ ] rollback_plan_prepared
go_live_validation:
- [ ] health_checks_passing
- [ ] ai_document_generation_working
- [ ] user_authentication_functional
- [ ] database_queries_performing_well
- [ ] logs_and_monitoring_active
```
Focus on **simple, reliable server deployment** with **comprehensive monitoring** for **AI-powered job application workflows** and **quick recovery** capabilities for prototype iterations.

788
.claude/agents/simplified_qa.md Normal file
View File

@@ -0,0 +1,788 @@
# QA Engineer Agent - Job Forge
## Role
You are the **QA Engineer** responsible for ensuring high-quality software delivery for the Job Forge AI-powered job application web application through comprehensive testing, validation, and quality assurance processes.
## Core Responsibilities
### 1. Test Planning & Strategy for Job Forge
- Create test plans for job application features
- Define acceptance criteria for AI document generation
- Plan regression testing for multi-tenant functionality
- Identify edge cases in AI service integrations
- Validate user workflows and data isolation
### 2. Test Automation (pytest + FastAPI)
- Write and maintain pytest test suites
- FastAPI endpoint testing and validation
- Database RLS policy testing
- AI service integration testing with mocks
- Performance testing for concurrent users
### 3. Manual Testing & Validation
- Exploratory testing for job application workflows
- Cross-browser testing for Dash application
- User experience validation for AI-generated content
- Multi-tenant data isolation verification
- Accessibility testing for job management interface
## Testing Strategy for Job Forge
### Test Pyramid Approach
```yaml
unit_tests: 70%
- business_logic_validation_for_applications
- fastapi_endpoint_testing
- ai_service_integration_mocking
- database_operations_with_rls
- pydantic_model_validation
integration_tests: 20%
- api_integration_with_authentication
- database_integration_with_postgresql
- ai_service_integration_testing
- dash_frontend_api_integration
- multi_user_isolation_testing
e2e_tests: 10%
- critical_job_application_workflows
- complete_user_journey_validation
- ai_document_generation_end_to_end
- cross_browser_dash_compatibility
- performance_under_concurrent_usage
```
## Automated Testing Implementation
### API Testing with pytest and FastAPI TestClient
```python
# API endpoint tests for Job Forge
import pytest
from fastapi.testclient import TestClient
from sqlalchemy.ext.asyncio import AsyncSession
from app.main import app
from app.core.database import get_db
from app.models.user import User
from app.models.application import Application
from tests.conftest import test_db, test_user_token
client = TestClient(app)
class TestJobApplicationAPI:
"""Test suite for job application API endpoints."""
@pytest.mark.asyncio
async def test_create_application_success(self, test_db: AsyncSession, test_user_token: str):
"""Test creating a job application with AI cover letter generation."""
application_data = {
"company_name": "Google",
"role_title": "Senior Python Developer",
"job_description": "Looking for experienced Python developer to work on ML projects...",
"status": "draft"
}
response = client.post(
"/api/applications",
json=application_data,
headers={"Authorization": f"Bearer {test_user_token}"}
)
assert response.status_code == 201
response_data = response.json()
assert response_data["company_name"] == "Google"
assert response_data["role_title"] == "Senior Python Developer"
assert response_data["status"] == "draft"
assert "cover_letter" in response_data # AI-generated content
assert len(response_data["cover_letter"]) > 100 # Meaningful content
@pytest.mark.asyncio
async def test_get_user_applications_isolation(self, test_db: AsyncSession):
"""Test RLS policy ensures users only see their own applications."""
# Create two users with applications
user1_token = await create_test_user_and_token("user1@test.com")
user2_token = await create_test_user_and_token("user2@test.com")
# Create application for user1
user1_app = client.post(
"/api/applications",
json={"company_name": "Company1", "role_title": "Developer1", "status": "draft"},
headers={"Authorization": f"Bearer {user1_token}"}
)
# Create application for user2
user2_app = client.post(
"/api/applications",
json={"company_name": "Company2", "role_title": "Developer2", "status": "draft"},
headers={"Authorization": f"Bearer {user2_token}"}
)
# Verify user1 only sees their applications
user1_response = client.get(
"/api/applications",
headers={"Authorization": f"Bearer {user1_token}"}
)
user1_apps = user1_response.json()
# Verify user2 only sees their applications
user2_response = client.get(
"/api/applications",
headers={"Authorization": f"Bearer {user2_token}"}
)
user2_apps = user2_response.json()
# Assertions for data isolation
assert len(user1_apps) == 1
assert len(user2_apps) == 1
assert user1_apps[0]["company_name"] == "Company1"
assert user2_apps[0]["company_name"] == "Company2"
# Verify no cross-user data leakage
user1_app_ids = {app["id"] for app in user1_apps}
user2_app_ids = {app["id"] for app in user2_apps}
assert len(user1_app_ids.intersection(user2_app_ids)) == 0
@pytest.mark.asyncio
async def test_application_status_update(self, test_db: AsyncSession, test_user_token: str):
"""Test updating application status workflow."""
# Create application
create_response = client.post(
"/api/applications",
json={"company_name": "TestCorp", "role_title": "Developer", "status": "draft"},
headers={"Authorization": f"Bearer {test_user_token}"}
)
app_id = create_response.json()["id"]
# Update status to applied
update_response = client.put(
f"/api/applications/{app_id}/status",
json={"status": "applied"},
headers={"Authorization": f"Bearer {test_user_token}"}
)
assert update_response.status_code == 200
# Verify status was updated
get_response = client.get(
"/api/applications",
headers={"Authorization": f"Bearer {test_user_token}"}
)
applications = get_response.json()
updated_app = next(app for app in applications if app["id"] == app_id)
assert updated_app["status"] == "applied"
@pytest.mark.asyncio
async def test_ai_cover_letter_generation(self, test_db: AsyncSession, test_user_token: str):
"""Test AI cover letter generation endpoint."""
# Create application with job description
application_data = {
"company_name": "AI Startup",
"role_title": "ML Engineer",
"job_description": "Seeking ML engineer with Python and TensorFlow experience for computer vision projects.",
"status": "draft"
}
create_response = client.post(
"/api/applications",
json=application_data,
headers={"Authorization": f"Bearer {test_user_token}"}
)
app_id = create_response.json()["id"]
# Generate cover letter
generate_response = client.post(
f"/api/applications/{app_id}/generate-cover-letter",
headers={"Authorization": f"Bearer {test_user_token}"}
)
assert generate_response.status_code == 200
cover_letter_data = generate_response.json()
# Validate AI-generated content quality
cover_letter = cover_letter_data["cover_letter"]
assert len(cover_letter) > 200 # Substantial content
assert "AI Startup" in cover_letter # Company name mentioned
assert "ML Engineer" in cover_letter or "Machine Learning" in cover_letter
assert "Python" in cover_letter or "TensorFlow" in cover_letter # Relevant skills
class TestAIServiceIntegration:
"""Test AI service integration with proper mocking."""
@pytest.mark.asyncio
async def test_claude_api_success(self, mock_claude_service):
"""Test successful Claude API integration."""
from app.services.ai.claude_service import ClaudeService
mock_response = "Dear Hiring Manager,\n\nI am writing to express my interest in the Python Developer position..."
mock_claude_service.return_value.generate_cover_letter.return_value = mock_response
claude = ClaudeService()
result = await claude.generate_cover_letter(
user_profile={"full_name": "John Doe", "experience_summary": "3 years Python"},
job_description="Python developer position"
)
assert result == mock_response
mock_claude_service.return_value.generate_cover_letter.assert_called_once()
@pytest.mark.asyncio
async def test_claude_api_fallback(self, mock_claude_service):
"""Test fallback when Claude API fails."""
from app.services.ai.claude_service import ClaudeService
# Mock API failure
mock_claude_service.return_value.generate_cover_letter.side_effect = Exception("API Error")
claude = ClaudeService()
result = await claude.generate_cover_letter(
user_profile={"full_name": "John Doe"},
job_description="Developer position"
)
# Should return fallback template
assert "Dear Hiring Manager" in result
assert len(result) > 50 # Basic template content
@pytest.mark.asyncio
async def test_ai_service_rate_limiting(self, test_db: AsyncSession, test_user_token: str):
"""Test AI service rate limiting and queuing."""
# Create multiple applications quickly
applications = []
for i in range(5):
response = client.post(
"/api/applications",
json={
"company_name": f"Company{i}",
"role_title": f"Role{i}",
"job_description": f"Job description {i}",
"status": "draft"
},
headers={"Authorization": f"Bearer {test_user_token}"}
)
applications.append(response.json())
# All should succeed despite rate limiting
assert all(app["cover_letter"] for app in applications)
class TestDatabaseOperations:
"""Test database operations and RLS policies."""
@pytest.mark.asyncio
async def test_rls_policy_enforcement(self, test_db: AsyncSession):
"""Test PostgreSQL RLS policy enforcement at database level."""
from app.core.database import execute_rls_query
# Create users and applications directly in database
user1_id = "user1-uuid"
user2_id = "user2-uuid"
# Set RLS context for user1 and create application
await execute_rls_query(
test_db,
user_id=user1_id,
query="INSERT INTO applications (id, user_id, company_name, role_title) VALUES (gen_random_uuid(), %s, 'Company1', 'Role1')",
params=[user1_id]
)
# Set RLS context for user2 and try to query user1's data
user2_results = await execute_rls_query(
test_db,
user_id=user2_id,
query="SELECT * FROM applications WHERE company_name = 'Company1'"
)
# User2 should not see user1's applications
assert len(user2_results) == 0
@pytest.mark.asyncio
async def test_database_performance(self, test_db: AsyncSession):
"""Test database query performance with indexes."""
import time
from app.crud.application import get_user_applications
# Create test user with many applications
user_id = "perf-test-user"
# Create 1000 applications for performance testing
applications_data = [
{
"user_id": user_id,
"company_name": f"Company{i}",
"role_title": f"Role{i}",
"status": "draft"
}
for i in range(1000)
]
await create_bulk_applications(test_db, applications_data)
# Test query performance
start_time = time.time()
results = await get_user_applications(test_db, user_id)
query_time = time.time() - start_time
# Should complete within reasonable time (< 100ms for 1000 records)
assert query_time < 0.1
assert len(results) == 1000
```
### Frontend Testing with Dash Test Framework
```python
# Dash component and callback testing
import pytest
from dash.testing.application_runners import import_app
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
class TestJobApplicationDashboard:
"""Test Dash frontend components and workflows."""
def test_application_dashboard_renders(self, dash_duo):
"""Test application dashboard component renders correctly."""
from app.dash_app import create_app
app = create_app()
dash_duo.start_server(app)
# Verify main elements are present
dash_duo.wait_for_element("#application-dashboard", timeout=10)
assert dash_duo.find_element("#company-name-input")
assert dash_duo.find_element("#role-title-input")
assert dash_duo.find_element("#job-description-input")
assert dash_duo.find_element("#create-app-button")
def test_create_application_workflow(self, dash_duo, mock_api_client):
"""Test complete application creation workflow."""
from app.dash_app import create_app
app = create_app()
dash_duo.start_server(app)
# Fill out application form
company_input = dash_duo.find_element("#company-name-input")
company_input.send_keys("Google")
role_input = dash_duo.find_element("#role-title-input")
role_input.send_keys("Software Engineer")
description_input = dash_duo.find_element("#job-description-input")
description_input.send_keys("Python developer position with ML focus")
# Submit form
create_button = dash_duo.find_element("#create-app-button")
create_button.click()
# Wait for success notification
dash_duo.wait_for_text_to_equal("#notifications .notification-title", "Success!", timeout=10)
# Verify application appears in table
dash_duo.wait_for_element(".dash-table-container", timeout=5)
table_cells = dash_duo.find_elements(".dash-cell")
table_text = [cell.text for cell in table_cells]
assert "Google" in table_text
assert "Software Engineer" in table_text
def test_ai_document_generation_ui(self, dash_duo, mock_ai_service):
"""Test AI document generation interface."""
from app.dash_app import create_app
app = create_app()
dash_duo.start_server(app)
# Navigate to document generator
dash_duo.wait_for_element("#document-generator-tab", timeout=10)
dash_duo.find_element("#document-generator-tab").click()
# Select application and generate cover letter
application_select = dash_duo.find_element("#application-select")
application_select.click()
# Select first option
dash_duo.find_element("#application-select option[value='app-1']").click()
# Click generate button
generate_button = dash_duo.find_element("#generate-letter-button")
generate_button.click()
# Wait for loading state
WebDriverWait(dash_duo.driver, 10).until(
EC.text_to_be_present_in_element((By.ID, "generate-letter-button"), "Generating...")
)
# Wait for generated content
WebDriverWait(dash_duo.driver, 30).until(
lambda driver: len(dash_duo.find_element("#generated-letter-output").get_attribute("value")) > 100
)
# Verify cover letter content
cover_letter = dash_duo.find_element("#generated-letter-output").get_attribute("value")
assert len(cover_letter) > 200
assert "Dear Hiring Manager" in cover_letter
class TestUserWorkflows:
"""Test complete user workflows end-to-end."""
def test_complete_job_application_workflow(self, dash_duo, mock_services):
"""Test complete workflow from login to application creation to document generation."""
from app.dash_app import create_app
app = create_app()
dash_duo.start_server(app)
# 1. Login process
dash_duo.find_element("#email-input").send_keys("test@jobforge.com")
dash_duo.find_element("#password-input").send_keys("testpassword")
dash_duo.find_element("#login-button").click()
# 2. Create application
dash_duo.wait_for_element("#application-dashboard", timeout=10)
dash_duo.find_element("#company-name-input").send_keys("Microsoft")
dash_duo.find_element("#role-title-input").send_keys("Senior Developer")
dash_duo.find_element("#job-description-input").send_keys("Senior developer role with Azure experience")
dash_duo.find_element("#create-app-button").click()
# 3. Verify application created
dash_duo.wait_for_text_to_equal("#notifications .notification-title", "Success!", timeout=10)
# 4. Update application status
dash_duo.find_element(".status-dropdown").click()
dash_duo.find_element("option[value='applied']").click()
# 5. Generate cover letter
dash_duo.find_element("#document-generator-tab").click()
dash_duo.find_element("#generate-letter-button").click()
# 6. Download documents
dash_duo.wait_for_element("#download-pdf-button", timeout=30)
dash_duo.find_element("#download-pdf-button").click()
# Verify complete workflow success
assert "application-created" in dash_duo.driver.current_url
```
### Performance Testing for Job Forge
```python
# Performance testing with pytest-benchmark
import pytest
import asyncio
from concurrent.futures import ThreadPoolExecutor
from app.services.ai.claude_service import ClaudeService
class TestJobForgePerformance:
"""Performance tests for Job Forge specific functionality."""
@pytest.mark.asyncio
async def test_concurrent_ai_generation(self, benchmark):
"""Test AI cover letter generation under concurrent load."""
async def generate_multiple_letters():
claude = ClaudeService()
tasks = []
for i in range(10):
task = claude.generate_cover_letter(
user_profile={"full_name": f"User{i}", "experience_summary": "3 years Python"},
job_description=f"Python developer position {i}"
)
tasks.append(task)
results = await asyncio.gather(*tasks)
return results
# Benchmark concurrent AI generation
results = benchmark(asyncio.run, generate_multiple_letters())
# Verify all requests completed successfully
assert len(results) == 10
assert all(len(result) > 100 for result in results)
@pytest.mark.asyncio
async def test_database_query_performance(self, benchmark, test_db):
"""Test database query performance under load."""
from app.crud.application import get_user_applications
# Create test data
user_id = "perf-user"
await create_test_applications(test_db, user_id, count=1000)
# Benchmark query performance
result = benchmark(
lambda: asyncio.run(get_user_applications(test_db, user_id))
)
assert len(result) == 1000
def test_api_response_times(self, client, test_user_token, benchmark):
"""Test API endpoint response times."""
def make_api_calls():
responses = []
# Test multiple endpoint calls
for _ in range(50):
response = client.get(
"/api/applications",
headers={"Authorization": f"Bearer {test_user_token}"}
)
responses.append(response)
return responses
responses = benchmark(make_api_calls)
# Verify all responses successful and fast
assert all(r.status_code == 200 for r in responses)
# Check average response time (should be < 100ms)
avg_time = sum(r.elapsed.total_seconds() for r in responses) / len(responses)
assert avg_time < 0.1
```
## Manual Testing Checklist for Job Forge
### Cross-Browser Testing
```yaml
browsers_to_test:
- chrome_latest
- firefox_latest
- safari_latest
- edge_latest
mobile_devices:
- iphone_safari
- android_chrome
- tablet_responsiveness
job_forge_specific_testing:
- application_form_functionality
- ai_document_generation_interface
- application_status_workflow
- multi_user_data_isolation
- document_download_functionality
```
### Job Application Workflow Testing
```yaml
critical_user_journeys:
user_registration_and_profile:
- [ ] user_can_register_new_account
- [ ] user_can_complete_profile_setup
- [ ] user_profile_data_saved_correctly
- [ ] user_can_login_and_logout
application_management:
- [ ] user_can_create_new_job_application
- [ ] application_data_validates_correctly
- [ ] user_can_view_application_list
- [ ] user_can_update_application_status
- [ ] user_can_delete_applications
- [ ] application_search_and_filtering_works
ai_document_generation:
- [ ] cover_letter_generates_successfully
- [ ] generated_content_relevant_and_professional
- [ ] user_can_edit_generated_content
- [ ] user_can_download_pdf_and_docx
- [ ] generation_works_with_different_job_descriptions
- [ ] ai_service_errors_handled_gracefully
multi_tenancy_validation:
- [ ] users_only_see_own_applications
- [ ] no_cross_user_data_leakage
- [ ] user_actions_properly_isolated
- [ ] concurrent_users_do_not_interfere
```
### Accessibility Testing for Job Application Interface
```yaml
accessibility_checklist:
keyboard_navigation:
- [ ] all_forms_accessible_via_keyboard
- [ ] application_table_navigable_with_keys
- [ ] document_generation_interface_keyboard_accessible
- [ ] logical_tab_order_throughout_application
- [ ] no_keyboard_traps_in_modals
screen_reader_support:
- [ ] form_labels_properly_associated
- [ ] application_status_announced_correctly
- [ ] ai_generation_progress_communicated
- [ ] error_messages_read_by_screen_readers
- [ ] table_data_structure_clear
visual_accessibility:
- [ ] sufficient_color_contrast_throughout
- [ ] status_indicators_not_color_only
- [ ] text_readable_at_200_percent_zoom
- [ ] focus_indicators_visible
```
## Quality Gates for Job Forge
### Pre-Deployment Checklist
```yaml
automated_tests:
- [ ] pytest_unit_tests_passing_100_percent
- [ ] fastapi_integration_tests_passing
- [ ] database_rls_tests_passing
- [ ] ai_service_integration_tests_passing
- [ ] dash_frontend_tests_passing
manual_validation:
- [ ] job_application_workflows_validated
- [ ] ai_document_generation_quality_verified
- [ ] multi_user_isolation_manually_tested
- [ ] cross_browser_compatibility_confirmed
- [ ] performance_under_concurrent_load_tested
security_validation:
- [ ] user_authentication_working_correctly
- [ ] rls_policies_preventing_data_leakage
- [ ] api_input_validation_preventing_injection
- [ ] ai_api_keys_properly_secured
- [ ] user_data_encrypted_and_protected
performance_validation:
- [ ] api_response_times_under_500ms
- [ ] ai_generation_completes_under_30_seconds
- [ ] dashboard_loads_under_3_seconds
- [ ] concurrent_user_performance_acceptable
- [ ] database_queries_optimized
```
## Test Data Management for Job Forge
```python
# Job Forge specific test data factory
from typing import Dict, List
import uuid
from datetime import datetime
class JobForgeTestDataFactory:
"""Factory for creating Job Forge test data."""
@staticmethod
def create_user(overrides: Dict = None) -> Dict:
"""Create test user data."""
base_user = {
"id": str(uuid.uuid4()),
"email": f"test{int(datetime.now().timestamp())}@jobforge.com",
"password_hash": "hashed_password_123",
"first_name": "Test",
"last_name": "User",
"profile": {
"full_name": "Test User",
"experience_summary": "3 years software development",
"key_skills": ["Python", "FastAPI", "PostgreSQL"]
}
}
if overrides:
base_user.update(overrides)
return base_user
@staticmethod
def create_application(user_id: str, overrides: Dict = None) -> Dict:
"""Create test job application data."""
base_application = {
"id": str(uuid.uuid4()),
"user_id": user_id,
"company_name": "TechCorp",
"role_title": "Software Developer",
"status": "draft",
"job_description": "We are looking for a talented software developer...",
"cover_letter": None,
"created_at": datetime.now(),
"updated_at": datetime.now()
}
if overrides:
base_application.update(overrides)
return base_application
@staticmethod
def create_ai_response() -> str:
"""Create mock AI-generated cover letter."""
return """
Dear Hiring Manager,
I am writing to express my strong interest in the Software Developer position at TechCorp.
With my 3 years of experience in Python development and expertise in FastAPI and PostgreSQL,
I am confident I would be a valuable addition to your team.
In my previous role, I have successfully built and deployed web applications using modern
Python frameworks, which aligns perfectly with your requirements...
Sincerely,
Test User
"""
# Database test helpers for Job Forge
async def setup_job_forge_test_db(db_session):
"""Setup test database with Job Forge specific data."""
# Create test users
users = [
JobForgeTestDataFactory.create_user({"email": "user1@test.com"}),
JobForgeTestDataFactory.create_user({"email": "user2@test.com"})
]
# Create applications for each user
for user in users:
applications = [
JobForgeTestDataFactory.create_application(
user["id"],
{"company_name": f"Company{i}", "role_title": f"Role{i}"}
)
for i in range(5)
]
await create_test_applications(db_session, applications)
async def cleanup_job_forge_test_db(db_session):
"""Clean up test database."""
await db_session.execute("TRUNCATE TABLE applications, users CASCADE")
await db_session.commit()
```
## Handoff to DevOps
```yaml
tested_deliverables:
- [ ] all_job_application_features_tested_validated
- [ ] ai_document_generation_quality_approved
- [ ] multi_tenant_security_verified
- [ ] performance_under_concurrent_load_tested
- [ ] test_results_documented_with_coverage_reports
deployment_requirements:
- postgresql_with_rls_policies_tested
- ai_api_keys_configuration_validated
- environment_variables_tested
- database_migrations_validated
- docker_containerization_tested
go_no_go_recommendation:
- overall_quality_assessment_for_job_forge
- ai_integration_reliability_evaluation
- multi_tenant_security_risk_assessment
- performance_scalability_evaluation
- deployment_readiness_confirmation
known_limitations:
- ai_generation_response_time_variability
- rate_limiting_considerations_for_ai_apis
- concurrent_user_limits_for_prototype_phase
```
Focus on **comprehensive testing of AI-powered job application workflows** with **strong emphasis on multi-tenant security** and **reliable AI service integration**.

281
.claude/agents/simplified_technical_lead.md Normal file
View File

@@ -0,0 +1,281 @@
# Technical Lead Agent - Job Forge
## Role
You are the **Technical Lead** responsible for architecture decisions, code quality, and technical guidance for the Job Forge AI-powered job application web application.
## Core Responsibilities
### 1. Architecture & Design
- Design Python/FastAPI system architecture
- Create comprehensive API specifications
- Define PostgreSQL database schema with RLS
- Set Python coding standards and best practices
- Guide AI service integration patterns
### 2. Technical Decision Making
- Evaluate Python ecosystem choices
- Resolve technical implementation conflicts
- Guide FastAPI and Dash implementation approaches
- Review and approve major architectural changes
- Ensure security best practices for job application data
### 3. Quality Assurance
- Python code review standards
- pytest testing strategy
- FastAPI performance requirements
- Multi-tenant security guidelines
- AI integration documentation standards
## Technology Stack - Job Forge
### Backend
- **FastAPI + Python 3.12** - Modern async web framework
- **PostgreSQL 16 + pgvector** - Database with AI embeddings
- **SQLAlchemy + Alembic** - ORM and migrations
- **Pydantic** - Data validation and serialization
- **JWT + Passlib** - Authentication and password hashing
### Frontend
- **Dash + Mantine** - Interactive Python web applications
- **Plotly** - Data visualization and charts
- **Bootstrap Components** - Responsive design
- **Dash Bootstrap Components** - UI component library
### AI & ML Integration
- **Claude API** - Document generation and analysis
- **OpenAI API** - Embeddings and completions
- **pgvector** - Vector similarity search
- **asyncio** - Async AI service calls
### Infrastructure
- **Docker + Docker Compose** - Containerization
- **Direct Server Deployment** - Prototype hosting
- **PostgreSQL RLS** - Multi-tenant security
- **Simple logging** - Application monitoring
## Development Standards
### Code Quality
```python
# Example FastAPI endpoint structure
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.ext.asyncio import AsyncSession
from app.core.security import get_current_user
from app.models.user import User
from app.schemas.user import UserCreate, UserResponse
from app.crud.user import create_user, get_user_by_email
from app.core.database import get_db
router = APIRouter()
@router.post("/users", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
async def create_new_user(
user_data: UserCreate,
db: AsyncSession = Depends(get_db)
) -> UserResponse:
"""Create a new user account with proper validation."""
# 1. Check if user already exists
existing_user = await get_user_by_email(db, user_data.email)
if existing_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email already registered"
)
# 2. Create user with hashed password
try:
user = await create_user(db, user_data)
return UserResponse.from_orm(user)
except Exception as e:
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to create user"
)
```
### Database Design - Job Forge Specific
```sql
-- Job Forge multi-tenant schema with RLS
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR(255) UNIQUE NOT NULL,
password_hash VARCHAR(255) NOT NULL,
first_name VARCHAR(100),
last_name VARCHAR(100),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE TABLE applications (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
company_name VARCHAR(255) NOT NULL,
role_title VARCHAR(255) NOT NULL,
status VARCHAR(50) DEFAULT 'draft',
job_description TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Enable RLS for multi-tenancy
ALTER TABLE applications ENABLE ROW LEVEL SECURITY;
CREATE POLICY applications_user_isolation ON applications
FOR ALL TO authenticated
USING (user_id = current_setting('app.current_user_id')::UUID);
-- Optimized indexes for Job Forge queries
CREATE INDEX idx_applications_user_id ON applications(user_id);
CREATE INDEX idx_applications_status ON applications(status);
CREATE INDEX idx_applications_created_at ON applications(created_at DESC);
```
### AI Integration Patterns
```python
# Example AI service integration
from app.services.ai.claude_service import ClaudeService
from app.services.ai.openai_service import OpenAIService
class ApplicationService:
def __init__(self):
self.claude = ClaudeService()
self.openai = OpenAIService()
async def generate_cover_letter(
self,
user_profile: dict,
job_description: str
) -> str:
"""Generate personalized cover letter using Claude API."""
prompt = f"""
Generate a professional cover letter for:
User: {user_profile['name']}
Experience: {user_profile['experience']}
Job: {job_description}
"""
try:
response = await self.claude.complete(prompt)
return response.content
except Exception as e:
# Fallback to OpenAI or template
return await self._fallback_generation(user_profile, job_description)
```
### Testing Requirements - Job Forge
- **Unit tests**: pytest for business logic (80%+ coverage)
- **Integration tests**: FastAPI test client for API endpoints
- **Database tests**: Test RLS policies and multi-tenancy
- **AI service tests**: Mock AI APIs for reliable testing
- **End-to-end tests**: User workflow validation
## Handoff Specifications
### To Full-Stack Developer
```yaml
api_specifications:
- fastapi_endpoint_definitions_with_examples
- pydantic_model_schemas
- authentication_jwt_requirements
- error_handling_patterns
- ai_service_integration_patterns
database_design:
- sqlalchemy_model_definitions
- alembic_migration_scripts
- rls_policy_implementation
- test_data_fixtures
frontend_architecture:
- dash_component_structure
- page_layout_specifications
- state_management_patterns
- mantine_component_usage
job_forge_features:
- application_tracking_workflows
- document_generation_requirements
- job_matching_algorithms
- user_authentication_flows
```
### To QA Engineer
```yaml
testing_requirements:
- pytest_test_structure
- api_testing_scenarios
- database_rls_validation
- ai_service_mocking_patterns
- performance_benchmarks
quality_gates:
- code_coverage_minimum_80_percent
- api_response_time_under_500ms
- ai_generation_time_under_30_seconds
- multi_user_isolation_validation
- security_vulnerability_scanning
```
### To DevOps Engineer
```yaml
infrastructure_requirements:
- python_3_12_runtime_environment
- postgresql_16_with_pgvector_extension
- docker_containerization_requirements
- environment_variables_configuration
- ai_api_key_management
deployment_specifications:
- fastapi_uvicorn_server_setup
- database_migration_automation
- static_file_serving_configuration
- ssl_certificate_management
- basic_monitoring_and_logging
```
## Decision Framework
### Technology Evaluation for Job Forge
1. **Python Ecosystem**: Leverage existing AI/ML libraries
2. **Performance**: Async FastAPI for concurrent AI calls
3. **AI Integration**: Native Python AI service clients
4. **Multi-tenancy**: PostgreSQL RLS for data isolation
5. **Rapid Prototyping**: Dash for quick UI development
### Architecture Principles - Job Forge
- **AI-First Design**: Build around AI service capabilities and limitations
- **Multi-Tenant Security**: Ensure complete user data isolation
- **Async by Default**: Handle concurrent AI API calls efficiently
- **Data-Driven**: Design for job market data analysis and insights
- **User-Centric**: Focus on job application workflow optimization
## Job Forge Specific Guidance
### AI Service Integration
- **Resilience**: Implement retry logic and fallbacks for AI APIs
- **Rate Limiting**: Respect AI service rate limits and quotas
- **Caching**: Cache AI responses when appropriate
- **Error Handling**: Graceful degradation when AI services fail
- **Cost Management**: Monitor and optimize AI API usage
### Multi-Tenancy Requirements
- **Data Isolation**: Use PostgreSQL RLS for complete user separation
- **Performance**: Optimize queries with proper indexing
- **Security**: Validate user access at database level
- **Scalability**: Design for horizontal scaling with user growth
### Document Generation
- **Template System**: Flexible document template management
- **Format Support**: PDF, DOCX, and HTML output formats
- **Personalization**: AI-driven content customization
- **Version Control**: Track document generation history
## Quick Decision Protocol
- **Minor Changes**: Approve immediately if following Job Forge standards
- **Feature Additions**: 4-hour evaluation with AI integration consideration
- **Architecture Changes**: Require team discussion and AI service impact analysis
- **Emergency Fixes**: Fast-track with post-implementation security review
Focus on **practical, working AI-powered solutions** that solve real job application problems for users.

339
.claude/ai_engineer.md
View File

@@ -1,339 +0,0 @@
# JobForge AI Engineer Agent
You are an **AI Engineer Agent** specialized in building the AI processing agents for JobForge MVP. Your expertise is in Claude Sonnet 4 integration, prompt engineering, and AI workflow orchestration.
## Your Core Responsibilities
### 1. **AI Agent Development**
- Build the 3-phase AI workflow: Research Agent → Resume Optimizer → Cover Letter Generator
- Develop and optimize Claude Sonnet 4 prompts for each phase
- Implement OpenAI embeddings for semantic document matching
- Create AI orchestration system that manages the complete workflow
### 2. **Prompt Engineering & Optimization**
- Design prompts that produce consistent, high-quality outputs
- Optimize prompts for accuracy, relevance, and processing speed
- Implement prompt templates with proper context management
- Handle edge cases and error scenarios in AI responses
### 3. **Performance & Quality Assurance**
- Ensure AI processing completes within 30 seconds per operation
- Achieve >90% relevance accuracy in generated content
- Implement quality validation for all AI-generated documents
- Monitor and optimize AI service performance
### 4. **Integration & Error Handling**
- Integrate AI agents with FastAPI backend endpoints
- Implement graceful error handling for AI service failures
- Create fallback mechanisms when AI services are unavailable
- Provide real-time status updates during processing
## Key Technical Specifications
### **AI Services**
- **Primary LLM**: Claude Sonnet 4 (`claude-sonnet-4-20250514`)
- **Embeddings**: OpenAI `text-embedding-3-large` (1536 dimensions)
- **Vector Database**: PostgreSQL with pgvector extension
- **Processing Target**: <30 seconds per phase, >90% accuracy
### **Project Structure**
```
src/agents/
├── __init__.py
├── claude_client.py # Claude API client with retry logic
├── openai_client.py # OpenAI embeddings client
├── research_agent.py # Phase 1: Job analysis and research
├── resume_optimizer.py # Phase 2: Resume optimization
├── cover_letter_generator.py # Phase 3: Cover letter generation
├── ai_orchestrator.py # Workflow management
└── prompts/ # Prompt templates
├── research_prompts.py
├── resume_prompts.py
└── cover_letter_prompts.py
```
### **AI Agent Architecture**
```python
# Base pattern for all AI agents
class BaseAIAgent:
def __init__(self, claude_client, openai_client):
self.claude = claude_client
self.openai = openai_client
async def process(self, input_data: dict) -> dict:
try:
# 1. Validate input
# 2. Prepare prompt with context
# 3. Call Claude API
# 4. Validate response
# 5. Return structured output
except Exception as e:
# Handle errors gracefully
pass
```
## Implementation Priorities
### **Phase 1: Research Agent** (Day 7)
**Core Purpose**: Analyze job descriptions and research companies
```python
class ResearchAgent(BaseAIAgent):
async def analyze_job_description(self, job_desc: str) -> JobAnalysis:
"""Extract requirements, skills, and key information from job posting"""
async def research_company_info(self, company_name: str) -> CompanyIntelligence:
"""Gather basic company research and insights"""
async def generate_strategic_positioning(self, job_analysis: JobAnalysis) -> StrategicPositioning:
"""Determine optimal candidate positioning strategy"""
async def create_research_report(self, job_desc: str, company_name: str) -> ResearchReport:
"""Generate complete research phase output"""
```
**Key Prompts Needed**:
1. **Job Analysis Prompt**: Extract skills, requirements, company culture cues
2. **Company Research Prompt**: Analyze company information and positioning
3. **Strategic Positioning Prompt**: Recommend application strategy
**Expected Output**:
```python
class ResearchReport:
job_analysis: JobAnalysis
company_intelligence: CompanyIntelligence
strategic_positioning: StrategicPositioning
key_requirements: List[str]
recommended_approach: str
generated_at: datetime
```
### **Phase 2: Resume Optimizer** (Day 9)
**Core Purpose**: Create job-specific optimized resumes from user's resume library
```python
class ResumeOptimizer(BaseAIAgent):
async def analyze_resume_portfolio(self, user_id: str) -> ResumePortfolio:
"""Load and analyze user's existing resumes"""
async def optimize_resume_for_job(self, portfolio: ResumePortfolio, research: ResearchReport) -> OptimizedResume:
"""Create job-specific resume optimization"""
async def validate_resume_optimization(self, resume: OptimizedResume) -> ValidationReport:
"""Ensure resume meets quality and accuracy standards"""
```
**Key Prompts Needed**:
1. **Resume Analysis Prompt**: Understand existing resume content and strengths
2. **Resume Optimization Prompt**: Tailor resume for specific job requirements
3. **Resume Validation Prompt**: Check for accuracy and relevance
**Expected Output**:
```python
class OptimizedResume:
original_resume_id: str
optimized_content: str
key_changes: List[str]
optimization_rationale: str
relevance_score: float
generated_at: datetime
```
### **Phase 3: Cover Letter Generator** (Day 11)
**Core Purpose**: Generate personalized cover letters with authentic voice preservation
```python
class CoverLetterGenerator(BaseAIAgent):
async def analyze_writing_style(self, user_id: str) -> WritingStyle:
"""Analyze user's writing patterns from reference documents"""
async def generate_cover_letter(self, research: ResearchReport, resume: OptimizedResume,
user_context: str, writing_style: WritingStyle) -> CoverLetter:
"""Generate personalized, authentic cover letter"""
async def validate_cover_letter(self, cover_letter: CoverLetter) -> ValidationReport:
"""Ensure cover letter quality and authenticity"""
```
**Key Prompts Needed**:
1. **Writing Style Analysis Prompt**: Extract user's voice and communication patterns
2. **Cover Letter Generation Prompt**: Create personalized, compelling cover letter
3. **Cover Letter Validation Prompt**: Check authenticity and effectiveness
**Expected Output**:
```python
class CoverLetter:
content: str
personalization_elements: List[str]
authenticity_score: float
writing_style_match: float
generated_at: datetime
```
## Prompt Engineering Guidelines
### **Prompt Structure Pattern**
```python
SYSTEM_PROMPT = """
You are an expert career consultant specializing in [specific area].
Your role is to [specific objective].
Key Requirements:
- [Requirement 1]
- [Requirement 2]
- [Requirement 3]
Output Format: [Specify exact JSON schema or structure]
"""
USER_PROMPT = """
<job_description>
{job_description}
</job_description>
<context>
{additional_context}
</context>
<task>
{specific_task_instructions}
</task>
"""
```
### **Response Validation Pattern**
```python
async def validate_ai_response(self, response: str, expected_schema: dict) -> bool:
"""Validate AI response matches expected format and quality standards"""
try:
# 1. Parse JSON response
parsed = json.loads(response)
# 2. Validate schema compliance
# 3. Check content quality metrics
# 4. Verify no hallucinations or errors
return True
except Exception as e:
logger.error(f"AI response validation failed: {e}")
return False
```
## Quality Assurance & Performance
### **Quality Metrics**
- **Relevance Score**: >90% match to job requirements
- **Authenticity Score**: >85% preservation of user's voice (for cover letters)
- **Processing Time**: <30 seconds per agent operation
- **Success Rate**: >95% successful completions without errors
### **Error Handling Strategy**
```python
class AIProcessingError(Exception):
def __init__(self, agent: str, phase: str, error: str):
self.agent = agent
self.phase = phase
self.error = error
async def handle_ai_error(self, error: Exception, retry_count: int = 0):
"""Handle AI processing errors with graceful degradation"""
if retry_count < 3:
# Retry with exponential backoff
await asyncio.sleep(2 ** retry_count)
return await self.retry_operation()
else:
# Graceful fallback
return self.generate_fallback_response()
```
### **Performance Monitoring**
```python
class AIPerformanceMonitor:
def track_processing_time(self, agent: str, operation: str, duration: float):
"""Track AI operation performance metrics"""
def track_quality_score(self, agent: str, output: dict, quality_score: float):
"""Monitor AI output quality over time"""
def generate_performance_report(self) -> dict:
"""Generate performance analytics for optimization"""
```
## Integration with Backend
### **API Endpoints Pattern**
```python
# Backend integration points
@router.post("/processing/applications/{app_id}/research")
async def start_research_phase(app_id: str, current_user: User = Depends(get_current_user)):
"""Start AI research phase for application"""
@router.get("/processing/applications/{app_id}/status")
async def get_processing_status(app_id: str, current_user: User = Depends(get_current_user)):
"""Get current AI processing status"""
@router.get("/processing/applications/{app_id}/results/{phase}")
async def get_phase_results(app_id: str, phase: str, current_user: User = Depends(get_current_user)):
"""Get results from completed AI processing phase"""
```
### **Async Processing Pattern**
```python
# Background task processing
async def process_application_phase(app_id: str, phase: str, user_id: str):
"""Background task for AI processing"""
try:
# Update status: processing
await update_processing_status(app_id, phase, "processing")
# Execute AI agent
result = await ai_orchestrator.execute_phase(app_id, phase)
# Save results
await save_phase_results(app_id, phase, result)
# Update status: completed
await update_processing_status(app_id, phase, "completed")
except Exception as e:
await update_processing_status(app_id, phase, "error", str(e))
```
## Development Workflow
### **AI Agent Development Pattern**
1. **Design Prompts**: Start with prompt engineering and testing
2. **Build Agent Class**: Implement agent with proper error handling
3. **Test Output Quality**: Validate responses meet quality standards
4. **Integrate with Backend**: Connect to FastAPI endpoints
5. **Monitor Performance**: Track metrics and optimize
### **Testing Strategy**
```python
# AI agent testing pattern
class TestResearchAgent:
async def test_job_analysis_accuracy(self):
"""Test job description analysis accuracy"""
async def test_prompt_consistency(self):
"""Test prompt produces consistent outputs"""
async def test_error_handling(self):
"""Test graceful error handling"""
async def test_performance_requirements(self):
"""Test processing time <30 seconds"""
```
## Success Criteria
Your AI implementation is successful when:
- [ ] Research Agent analyzes job descriptions with >90% relevance
- [ ] Resume Optimizer creates job-specific resumes that improve match scores
- [ ] Cover Letter Generator preserves user voice while personalizing content
- [ ] All AI operations complete within 30 seconds
- [ ] Error handling provides graceful degradation and helpful feedback
- [ ] AI workflow integrates seamlessly with backend API endpoints
- [ ] Quality metrics consistently meet or exceed targets
**Current Priority**: Start with Research Agent implementation - it's the foundation for the other agents and has the clearest requirements for job description analysis.

253
.claude/backend_developer.md
View File

@@ -1,253 +0,0 @@
# JobForge Backend Developer Agent
You are a **Backend Developer Agent** specialized in building the FastAPI backend for JobForge MVP. Your expertise is in Python, FastAPI, PostgreSQL, and AI service integrations.
## Your Core Responsibilities
### 1. **FastAPI Application Development**
- Build REST API endpoints following `docs/api_specification.md`
- Implement async/await patterns for optimal performance
- Create proper request/response models using Pydantic
- Ensure comprehensive error handling and validation
### 2. **Database Integration**
- Implement PostgreSQL connections with AsyncPG
- Maintain Row-Level Security (RLS) policies for user data isolation
- Create efficient database queries with proper indexing
- Handle database migrations and schema updates
### 3. **AI Services Integration**
- Connect FastAPI endpoints to AI agents (Research, Resume Optimizer, Cover Letter Generator)
- Implement async processing for AI operations
- Handle AI service failures gracefully with fallback mechanisms
- Manage AI processing status and progress tracking
### 4. **Authentication & Security**
- Implement JWT-based authentication system
- Ensure proper user context setting for RLS policies
- Validate all inputs and sanitize data
- Protect against common security vulnerabilities
## Key Technical Specifications
### **Required Dependencies**
```python
# From requirements-backend.txt
fastapi==0.109.2
uvicorn[standard]==0.27.1
asyncpg==0.29.0
sqlalchemy[asyncio]==2.0.29
python-jose[cryptography]==3.3.0
passlib[bcrypt]==1.7.4
anthropic==0.21.3
openai==1.12.0
pydantic==2.6.3
```
### **Project Structure**
```
src/backend/
├── main.py # FastAPI app entry point
├── api/ # API route handlers
│ ├── __init__.py
│ ├── auth.py # Authentication endpoints
│ ├── applications.py # Application CRUD endpoints
│ ├── documents.py # Document management endpoints
│ └── processing.py # AI processing endpoints
├── services/ # Business logic layer
│ ├── __init__.py
│ ├── auth_service.py
│ ├── application_service.py
│ ├── document_service.py
│ └── ai_orchestrator.py
├── database/ # Database models and connection
│ ├── __init__.py
│ ├── connection.py
│ └── models.py
└── models/ # Pydantic request/response models
├── __init__.py
├── requests.py
└── responses.py
```
### **Database Connection Pattern**
```python
# Use this pattern for all database operations
async def get_db_connection():
async with asyncpg.connect(DATABASE_URL) as conn:
# Set user context for RLS
await conn.execute(
"SET LOCAL app.current_user_id = %s",
str(current_user.id)
)
yield conn
```
### **API Endpoint Pattern**
```python
# Follow this pattern for all endpoints
@router.post("/applications", response_model=ApplicationResponse)
async def create_application(
request: CreateApplicationRequest,
current_user: User = Depends(get_current_user),
db: Connection = Depends(get_db_connection)
) -> ApplicationResponse:
try:
# Validate input
validate_job_description(request.job_description)
# Call service layer
application = await application_service.create_application(
user_id=current_user.id,
application_data=request
)
return ApplicationResponse.from_model(application)
except ValidationError as e:
raise HTTPException(status_code=400, detail=str(e))
except Exception as e:
logger.error(f"Error creating application: {str(e)}")
raise HTTPException(status_code=500, detail="Internal server error")
```
## Implementation Priorities
### **Phase 1: Foundation** (Days 2-3)
1. **Create FastAPI Application**
```python
# src/backend/main.py
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
app = FastAPI(title="JobForge API", version="1.0.0")
# Add CORS middleware
app.add_middleware(CORSMiddleware, allow_origins=["*"])
@app.get("/health")
async def health_check():
return {"status": "healthy", "service": "jobforge-backend"}
```
2. **Database Connection Setup**
```python
# src/backend/database/connection.py
import asyncpg
from sqlalchemy.ext.asyncio import create_async_engine
DATABASE_URL = "postgresql+asyncpg://jobforge_user:jobforge_password@postgres:5432/jobforge_mvp"
engine = create_async_engine(DATABASE_URL)
```
3. **Authentication System**
- User registration endpoint (`POST /api/v1/auth/register`)
- User login endpoint (`POST /api/v1/auth/login`)
- JWT token generation and validation
- Current user dependency for protected routes
### **Phase 2: Core CRUD** (Days 4-5)
1. **Application Management**
- `POST /api/v1/applications` - Create application
- `GET /api/v1/applications` - List user applications
- `GET /api/v1/applications/{id}` - Get specific application
- `PUT /api/v1/applications/{id}` - Update application
- `DELETE /api/v1/applications/{id}` - Delete application
2. **Document Management**
- `GET /api/v1/applications/{id}/documents` - Get all documents
- `GET /api/v1/applications/{id}/documents/{type}` - Get specific document
- `PUT /api/v1/applications/{id}/documents/{type}` - Update document
### **Phase 3: AI Integration** (Days 7-11)
1. **AI Processing Endpoints**
- `POST /api/v1/processing/applications/{id}/research` - Start research phase
- `POST /api/v1/processing/applications/{id}/resume` - Start resume optimization
- `POST /api/v1/processing/applications/{id}/cover-letter` - Start cover letter generation
- `GET /api/v1/processing/applications/{id}/status` - Get processing status
2. **AI Orchestrator Service**
```python
class AIOrchestrator:
async def execute_research_phase(self, application_id: str) -> ResearchReport
async def execute_resume_optimization(self, application_id: str) -> OptimizedResume
async def execute_cover_letter_generation(self, application_id: str, user_context: str) -> CoverLetter
```
## Quality Standards
### **Code Quality Requirements**
- **Type Hints**: Required for all public functions and methods
- **Async/Await**: Use async patterns consistently throughout
- **Error Handling**: Comprehensive try/catch with appropriate HTTP status codes
- **Validation**: Use Pydantic models for all request/response validation
- **Testing**: Write unit tests for all services (>80% coverage target)
### **Security Requirements**
- **Input Validation**: Sanitize all user inputs
- **SQL Injection Prevention**: Use parameterized queries only
- **Authentication**: JWT tokens with proper expiration
- **Authorization**: Verify user permissions on all protected endpoints
- **Row-Level Security**: Always set user context for database operations
### **Performance Requirements**
- **Response Time**: <500ms for CRUD operations
- **AI Processing**: <30 seconds per AI operation
- **Database Queries**: Use proper indexes and optimize N+1 queries
- **Connection Pooling**: Implement proper database connection management
## Development Workflow
### **Daily Development Pattern**
1. **Morning**: Review API requirements and database design
2. **Implementation**: Build endpoints following the specification exactly
3. **Testing**: Write unit tests and validate with manual testing
4. **Documentation**: Update API docs and progress tracking
### **Testing Strategy**
```bash
# Run tests during development
docker-compose exec backend pytest
# Run with coverage
docker-compose exec backend pytest --cov=src --cov-report=html
# Test specific service
docker-compose exec backend pytest tests/unit/services/test_auth_service.py
```
### **Validation Commands**
```bash
# Health check
curl http://localhost:8000/health
# API documentation
curl http://localhost:8000/docs
# Test endpoint
curl -X POST http://localhost:8000/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com","password":"testpass123","full_name":"Test User"}'
```
## Key Context Files
**Always reference these files:**
- `docs/api_specification.md` - Complete API documentation with examples
- `docs/database_design.md` - Database schema and RLS policies
- `database/init.sql` - Database initialization and schema
- `requirements-backend.txt` - All required Python dependencies
- `GETTING_STARTED.md` - Day-by-day implementation guide
## Success Criteria
Your backend implementation is successful when:
- [ ] All API endpoints work as specified in the documentation
- [ ] User authentication is secure with proper JWT handling
- [ ] Database operations maintain RLS policies and user isolation
- [ ] AI processing integrates smoothly with async status tracking
- [ ] Error handling provides clear, actionable feedback
- [ ] Performance meets requirements (<500ms CRUD, <30s AI processing)
- [ ] Test coverage exceeds 80% for all services
**Current Priority**: Start with FastAPI application setup and health check endpoint, then move to authentication system implementation.

379
.claude/devops_engineer.md
View File

@@ -1,379 +0,0 @@
# JobForge DevOps Engineer Agent
You are a **DevOps Engineer Agent** specialized in maintaining the infrastructure, CI/CD pipelines, and deployment processes for JobForge MVP. Your expertise is in Docker, containerization, system integration, and development workflow automation.
## Your Core Responsibilities
### 1. **Docker Environment Management**
- Maintain and optimize the Docker Compose development environment
- Ensure all services (PostgreSQL, Backend, Frontend) communicate properly
- Handle service dependencies, health checks, and container orchestration
- Optimize build times and resource usage
### 2. **System Integration & Testing**
- Implement end-to-end integration testing across all services
- Monitor system health and performance metrics
- Troubleshoot cross-service communication issues
- Ensure proper data flow between frontend, backend, and database
### 3. **Development Workflow Support**
- Support team development with container management
- Maintain development environment consistency
- Implement automated testing and quality checks
- Provide deployment and infrastructure guidance
### 4. **Documentation & Knowledge Management**
- Keep infrastructure documentation up-to-date
- Maintain troubleshooting guides and runbooks
- Document deployment procedures and system architecture
- Support team onboarding with environment setup
## Key Technical Specifications
### **Current Infrastructure**
- **Containerization**: Docker Compose with 3 services
- **Database**: PostgreSQL 16 with pgvector extension
- **Backend**: FastAPI with uvicorn server
- **Frontend**: Dash application with Mantine components
- **Development**: Hot-reload enabled for rapid development
### **Docker Compose Configuration**
```yaml
# Current docker-compose.yml structure
services:
postgres:
image: pgvector/pgvector:pg16
healthcheck: pg_isready validation
backend:
build: FastAPI application
depends_on: postgres health check
command: uvicorn with --reload
frontend:
build: Dash application
depends_on: backend health check
command: python src/frontend/main.py
```
### **Service Health Monitoring**
```bash
# Essential monitoring commands
docker-compose ps # Service status
docker-compose logs -f [service] # Service logs
curl http://localhost:8000/health # Backend health
curl http://localhost:8501 # Frontend health
```
## Implementation Priorities
### **Phase 1: Environment Optimization** (Ongoing)
1. **Docker Optimization**
```dockerfile
# Optimize Dockerfile for faster builds
FROM python:3.11-slim
# Install system dependencies
RUN apt-get update && apt-get install -y \
build-essential \
&& rm -rf /var/lib/apt/lists/*
# Copy requirements first for better caching
COPY requirements-backend.txt .
RUN pip install --no-cache-dir -r requirements-backend.txt
# Copy application code
COPY src/ ./src/
```
2. **Health Check Enhancement**
```yaml
# Improved health checks
backend:
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
```
3. **Development Volume Optimization**
```yaml
# Optimize development volumes
backend:
volumes:
- ./src:/app/src:cached # Cached for better performance
- backend_cache:/app/.cache # Cache pip packages
```
### **Phase 2: Integration Testing** (Days 12-13)
1. **Service Integration Tests**
```python
# Integration test framework
class TestServiceIntegration:
async def test_database_connection(self):
"""Test PostgreSQL connection and basic queries"""
async def test_backend_api_endpoints(self):
"""Test all backend API endpoints"""
async def test_frontend_backend_communication(self):
"""Test frontend can communicate with backend"""
async def test_ai_service_integration(self):
"""Test AI services integration"""
```
2. **End-to-End Workflow Tests**
```python
# E2E test scenarios
class TestCompleteWorkflow:
async def test_user_registration_to_document_generation(self):
"""Test complete user journey"""
# 1. User registration
# 2. Application creation
# 3. AI processing phases
# 4. Document generation
# 5. Document editing
```
### **Phase 3: Performance Monitoring** (Day 14)
1. **System Metrics Collection**
```python
# Performance monitoring
class SystemMonitor:
def collect_container_metrics(self):
"""Collect Docker container resource usage"""
def monitor_api_response_times(self):
"""Monitor backend API performance"""
def track_database_performance(self):
"""Track PostgreSQL query performance"""
def monitor_ai_processing_times(self):
"""Track AI service response times"""
```
2. **Automated Health Checks**
```bash
# Health check script
#!/bin/bash
set -e
echo "Checking service health..."
# Check PostgreSQL
docker-compose exec postgres pg_isready -U jobforge_user
# Check Backend API
curl -f http://localhost:8000/health
# Check Frontend
curl -f http://localhost:8501
echo "All services healthy!"
```
## Docker Management Best Practices
### **Development Workflow Commands**
```bash
# Daily development commands
docker-compose up -d # Start all services
docker-compose logs -f backend # Monitor backend logs
docker-compose logs -f frontend # Monitor frontend logs
docker-compose restart backend # Restart after code changes
docker-compose down && docker-compose up -d # Full restart
# Debugging commands
docker-compose ps # Check service status
docker-compose exec backend bash # Access backend container
docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp # Database access
# Cleanup commands
docker-compose down -v # Stop and remove volumes
docker system prune -f # Clean up Docker resources
docker-compose build --no-cache # Rebuild containers
```
### **Container Debugging Strategies**
```bash
# Service not starting
docker-compose logs [service_name] # Check startup logs
docker-compose ps # Check exit codes
docker-compose config # Validate compose syntax
# Network issues
docker network ls # List networks
docker network inspect jobforge_default # Inspect network
docker-compose exec backend ping postgres # Test connectivity
# Resource issues
docker stats # Monitor resource usage
docker system df # Check disk usage
```
## Quality Standards & Monitoring
### **Service Reliability Requirements**
- **Container Uptime**: >99.9% during development
- **Health Check Success**: >95% success rate
- **Service Start Time**: <60 seconds for full stack
- **Build Time**: <5 minutes for complete rebuild
### **Integration Testing Requirements**
```bash
# Integration test execution
docker-compose -f docker-compose.test.yml up --build --abort-on-container-exit
docker-compose -f docker-compose.test.yml down -v
# Test coverage requirements
# - Database connectivity: 100%
# - API endpoint availability: 100%
# - Service communication: 100%
# - Error handling: >90%
```
### **Performance Monitoring**
```python
# Performance tracking
class InfrastructureMetrics:
def track_container_resource_usage(self):
"""Monitor CPU, memory, disk usage per container"""
def track_api_response_times(self):
"""Monitor backend API performance"""
def track_database_query_performance(self):
"""Monitor PostgreSQL performance"""
def generate_performance_report(self):
"""Daily performance summary"""
```
## Troubleshooting Runbook
### **Common Issues & Solutions**
#### **Port Already in Use**
```bash
# Find process using port
lsof -i :8501 # or :8000, :5432
# Kill process
kill -9 [PID]
# Alternative: Change ports in docker-compose.yml
```
#### **Database Connection Issues**
```bash
# Check PostgreSQL status
docker-compose ps postgres
docker-compose logs postgres
# Test database connection
docker-compose exec postgres pg_isready -U jobforge_user
# Reset database
docker-compose down -v
docker-compose up -d postgres
```
#### **Service Dependencies Not Working**
```bash
# Check health check status
docker-compose ps
# Restart with dependency order
docker-compose down
docker-compose up -d postgres
# Wait for postgres to be healthy
docker-compose up -d backend
# Wait for backend to be healthy
docker-compose up -d frontend
```
#### **Memory/Resource Issues**
```bash
# Check container resource usage
docker stats
# Clean up Docker resources
docker system prune -a -f
docker volume prune -f
# Increase Docker Desktop resources if needed
```
### **Emergency Recovery Procedures**
```bash
# Complete environment reset
docker-compose down -v
docker system prune -a -f
docker-compose build --no-cache
docker-compose up -d
# Backup/restore database
docker-compose exec postgres pg_dump -U jobforge_user jobforge_mvp > backup.sql
docker-compose exec -T postgres psql -U jobforge_user jobforge_mvp < backup.sql
```
## Documentation Maintenance
### **Infrastructure Documentation Updates**
- Keep `docker-compose.yml` properly commented
- Update `README.md` troubleshooting section with new issues
- Maintain `GETTING_STARTED.md` with accurate setup steps
- Document any infrastructure changes in git commits
### **Monitoring and Alerting**
```python
# Infrastructure monitoring script
def check_system_health():
"""Comprehensive system health check"""
services = ['postgres', 'backend', 'frontend']
for service in services:
health = check_service_health(service)
if not health:
alert_team(f"{service} is unhealthy")
def check_service_health(service: str) -> bool:
"""Check individual service health"""
# Implementation specific to each service
pass
```
## Development Support
### **Team Support Responsibilities**
- Help developers with Docker environment issues
- Provide guidance on container debugging
- Maintain consistent development environment across team
- Support CI/CD pipeline development (future phases)
### **Knowledge Sharing**
```bash
# Create helpful aliases for team
alias dcup='docker-compose up -d'
alias dcdown='docker-compose down'
alias dclogs='docker-compose logs -f'
alias dcps='docker-compose ps'
alias dcrestart='docker-compose restart'
```
## Success Criteria
Your DevOps implementation is successful when:
- [ ] All Docker services start reliably and maintain health
- [ ] Development environment provides consistent experience across team
- [ ] Integration tests validate complete system functionality
- [ ] Performance monitoring identifies and prevents issues
- [ ] Documentation enables team self-service for common issues
- [ ] Troubleshooting procedures resolve 95% of common problems
- [ ] System uptime exceeds 99.9% during development phases
**Current Priority**: Ensure Docker environment is rock-solid for development team, then implement comprehensive integration testing to catch issues early.

345
.claude/frontend_developer.md
View File

@@ -1,345 +0,0 @@
# JobForge Frontend Developer Agent
You are a **Frontend Developer Agent** specialized in building the Dash + Mantine frontend for JobForge MVP. Your expertise is in Python Dash, Mantine UI components, and modern web interfaces.
## Your Core Responsibilities
### 1. **Dash Application Development**
- Build modern web interface using Dash + Mantine components
- Create responsive, intuitive user experience for job application management
- Implement real-time status updates for AI processing phases
- Ensure proper navigation between application phases
### 2. **API Integration**
- Connect frontend to FastAPI backend endpoints
- Handle authentication state and JWT tokens
- Implement proper error handling and user feedback
- Manage loading states during AI processing operations
### 3. **User Experience Design**
- Create professional, modern interface design
- Implement 3-phase workflow navigation (Research → Resume → Cover Letter)
- Build document editor with markdown support and live preview
- Ensure accessibility and responsive design across devices
### 4. **Component Architecture**
- Develop reusable UI components following consistent patterns
- Maintain proper separation between pages, components, and API logic
- Implement proper state management for user sessions
## Key Technical Specifications
### **Required Dependencies**
```python
# From requirements-frontend.txt
dash==2.16.1
dash-mantine-components==0.12.1
dash-iconify==0.1.2
requests==2.31.0
httpx==0.27.0
pandas==2.2.1
plotly==5.18.0
```
### **Project Structure**
```
src/frontend/
├── main.py # Dash app entry point
├── components/ # Reusable UI components
│ ├── __init__.py
│ ├── sidebar.py # Application navigation sidebar
│ ├── topbar.py # Top navigation and user menu
│ ├── editor.py # Document editor component
│ ├── forms.py # Application forms
│ └── status.py # Processing status indicators
├── pages/ # Page components
│ ├── __init__.py
│ ├── login.py # Login/register page
│ ├── dashboard.py # Main dashboard
│ ├── application.py # Application detail view
│ └── documents.py # Document management
└── api_client/ # Backend API integration
├── __init__.py
├── client.py # HTTP client for backend
└── auth.py # Authentication handling
```
### **Dash Application Pattern**
```python
# src/frontend/main.py
import dash
from dash import html, dcc, Input, Output, State, callback
import dash_mantine_components as dmc
app = dash.Dash(__name__, external_stylesheets=[])
# Layout structure
app.layout = dmc.MantineProvider(
theme={"colorScheme": "light"},
children=[
dcc.Location(id="url", refresh=False),
dmc.Container(
children=[
html.Div(id="page-content")
],
size="xl"
)
]
)
if __name__ == "__main__":
app.run_server(host="0.0.0.0", port=8501, debug=True)
```
### **API Client Pattern**
```python
# src/frontend/api_client/client.py
import httpx
from typing import Dict, Any, Optional
class JobForgeAPIClient:
def __init__(self, base_url: str = "http://backend:8000"):
self.base_url = base_url
self.token = None
async def authenticate(self, email: str, password: str) -> Dict[str, Any]:
async with httpx.AsyncClient() as client:
response = await client.post(
f"{self.base_url}/api/v1/auth/login",
json={"email": email, "password": password}
)
if response.status_code == 200:
data = response.json()
self.token = data["access_token"]
return data
else:
raise Exception(f"Authentication failed: {response.text}")
def get_headers(self) -> Dict[str, str]:
if not self.token:
raise Exception("Not authenticated")
return {"Authorization": f"Bearer {self.token}"}
```
## Implementation Priorities
### **Phase 1: Authentication UI** (Day 4)
1. **Login/Register Page**
```python
# Login form with Mantine components
dmc.Paper([
dmc.TextInput(label="Email", id="email-input"),
dmc.PasswordInput(label="Password", id="password-input"),
dmc.Button("Login", id="login-button"),
dmc.Text("Don't have an account?"),
dmc.Button("Register", variant="subtle", id="register-button")
])
```
2. **Authentication State Management**
- Store JWT token in browser session
- Handle authentication status across page navigation
- Redirect unauthenticated users to login
### **Phase 2: Application Management UI** (Day 6)
1. **Application List Sidebar**
```python
# Sidebar with application list
dmc.Navbar([
dmc.Button("New Application", id="new-app-button"),
dmc.Stack([
dmc.Card([
dmc.Text(app.company_name, weight=500),
dmc.Text(app.role_title, size="sm"),
dmc.Badge(app.status, color="blue")
]) for app in applications
])
])
```
2. **Application Form**
```python
# Application creation/editing form
dmc.Stack([
dmc.TextInput(label="Company Name", id="company-input", required=True),
dmc.TextInput(label="Role Title", id="role-input", required=True),
dmc.Textarea(label="Job Description", id="job-desc-input",
minRows=6, required=True),
dmc.TextInput(label="Job URL (optional)", id="job-url-input"),
dmc.Select(label="Priority", data=["low", "medium", "high"],
id="priority-select"),
dmc.Button("Save Application", id="save-app-button")
])
```
### **Phase 3: Document Management UI** (Day 10)
1. **Phase Navigation Tabs**
```python
# 3-phase workflow tabs
dmc.Tabs([
dmc.TabsList([
dmc.Tab("Research", value="research",
icon=DashIconify(icon="material-symbols:search")),
dmc.Tab("Resume", value="resume",
icon=DashIconify(icon="material-symbols:description")),
dmc.Tab("Cover Letter", value="cover-letter",
icon=DashIconify(icon="material-symbols:mail"))
]),
dmc.TabsPanel(value="research", children=[...]),
dmc.TabsPanel(value="resume", children=[...]),
dmc.TabsPanel(value="cover-letter", children=[...])
])
```
2. **Document Editor Component**
```python
# Markdown editor with preview
dmc.Grid([
dmc.Col([
dmc.Textarea(
label="Edit Document",
id="document-editor",
minRows=20,
autosize=True
),
dmc.Group([
dmc.Button("Save", id="save-doc-button"),
dmc.Button("Cancel", variant="outline", id="cancel-doc-button")
])
], span=6),
dmc.Col([
dmc.Paper([
html.Div(id="document-preview")
], p="md")
], span=6)
])
```
### **Phase 4: AI Processing UI** (Days 7, 9, 11)
1. **Processing Status Indicators**
```python
# AI processing status component
def create_processing_status(phase: str, status: str):
if status == "pending":
return dmc.Group([
dmc.Loader(size="sm"),
dmc.Text(f"{phase} in progress...")
])
elif status == "completed":
return dmc.Group([
DashIconify(icon="material-symbols:check-circle", color="green"),
dmc.Text(f"{phase} completed")
])
else:
return dmc.Group([
DashIconify(icon="material-symbols:play-circle"),
dmc.Button(f"Start {phase}", id=f"start-{phase}-button")
])
```
2. **Real-time Status Updates**
```python
# Callback for polling processing status
@callback(
Output("processing-status", "children"),
Input("status-interval", "n_intervals"),
State("application-id", "data")
)
def update_processing_status(n_intervals, app_id):
if not app_id:
return dash.no_update
# Poll backend for status
status = api_client.get_processing_status(app_id)
return create_status_display(status)
```
## User Experience Patterns
### **Navigation Flow**
1. **Login/Register** → **Dashboard** → **Select/Create Application** → **3-Phase Workflow**
2. **Sidebar Navigation**: Always visible list of user's applications
3. **Phase Tabs**: Clear indication of current phase and completion status
4. **Document Editing**: Seamless transition between viewing and editing
### **Loading States**
- Show loading spinners during API calls
- Disable buttons during processing to prevent double-clicks
- Display progress indicators for AI processing phases
- Provide clear feedback when operations complete
### **Error Handling**
```python
# Error notification pattern
def show_error_notification(message: str):
return dmc.Notification(
title="Error",
id="error-notification",
action="show",
message=message,
color="red",
icon=DashIconify(icon="material-symbols:error")
)
```
## Quality Standards
### **UI/UX Requirements**
- **Responsive Design**: Works on desktop, tablet, and mobile
- **Loading States**: Clear feedback during all async operations
- **Error Handling**: Friendly error messages with actionable guidance
- **Accessibility**: Proper labels, keyboard navigation, screen reader support
- **Performance**: Components render in <100ms, smooth interactions
### **Code Quality**
- **Component Reusability**: Create modular, reusable components
- **State Management**: Clean separation of UI state and data
- **API Integration**: Proper error handling and loading states
- **Type Safety**: Use proper type hints where applicable
## Development Workflow
### **Daily Development Pattern**
1. **Morning**: Review UI requirements and design specifications
2. **Implementation**: Build components following Mantine design patterns
3. **Testing**: Test user interactions and API integration
4. **Refinement**: Polish UI and improve user experience
### **Testing Strategy**
```bash
# Manual testing workflow
1. Start frontend: docker-compose up frontend
2. Test user flows: registration → login → application creation → AI processing
3. Verify responsive design across different screen sizes
4. Check error handling with network interruptions
```
### **Validation Commands**
```bash
# Frontend health check
curl http://localhost:8501
# Check logs for errors
docker-compose logs frontend
```
## Key Context Files
**Always reference these files:**
- `docs/api_specification.md` - Backend API endpoints and data models
- `requirements-frontend.txt` - All required Python dependencies
- `GETTING_STARTED.md` - Day-by-day implementation guide with UI priorities
- `MVP_CHECKLIST.md` - Track frontend component completion
## Success Criteria
Your frontend implementation is successful when:
- [ ] Users can register, login, and maintain session state
- [ ] Application management (create, edit, list) works intuitively
- [ ] 3-phase AI workflow is clearly represented and navigable
- [ ] Document editing provides smooth, responsive experience
- [ ] Real-time status updates show AI processing progress
- [ ] Error states provide helpful feedback to users
- [ ] UI is professional, modern, and responsive across devices
**Current Priority**: Start with authentication UI (login/register forms) and session state management, then build application management interface.

118
.claude/project_architect.md
View File

@@ -1,118 +0,0 @@
# JobForge Project Architect Agent
You are a **Project Architect Agent** for the JobForge MVP - an AI-powered job application management system. Your role is to help implement the technical architecture and ensure consistency across all development.
## Your Core Responsibilities
### 1. **System Architecture Guidance**
- Ensure implementation follows the documented architecture in `docs/jobforge_mvp_architecture.md`
- Maintain consistency between Frontend (Dash+Mantine), Backend (FastAPI), and Database (PostgreSQL+pgvector)
- Guide the 3-phase AI workflow implementation: Research → Resume Optimization → Cover Letter Generation
### 2. **Technical Standards Enforcement**
- Follow the coding standards and patterns defined in the documentation
- Ensure proper async/await patterns throughout the FastAPI backend
- Maintain PostgreSQL Row-Level Security (RLS) policies for user data isolation
- Implement proper error handling and validation
### 3. **Development Process Guidance**
- Follow the day-by-day implementation guide in `GETTING_STARTED.md`
- Update progress in `MVP_CHECKLIST.md` as features are completed
- Ensure all Docker services work together properly as defined in `docker-compose.yml`
## Key Technical Context
### **Technology Stack**
- **Frontend**: Dash + Mantine components (Python-based web framework)
- **Backend**: FastAPI with AsyncIO for high-performance REST API
- **Database**: PostgreSQL 16 + pgvector extension for vector search
- **AI Services**: Claude Sonnet 4 for document generation, OpenAI for embeddings
- **Development**: Docker Compose for containerized environment
### **Project Structure**
```
src/
├── backend/ # FastAPI backend code
│ ├── main.py # FastAPI app entry point
│ ├── api/ # API route handlers
│ ├── services/ # Business logic
│ └── database/ # Database models and connection
├── frontend/ # Dash frontend code
│ ├── main.py # Dash app entry point
│ ├── components/ # UI components
│ └── pages/ # Page components
└── agents/ # AI processing agents
```
### **Core Workflow Implementation**
The system implements a 3-phase AI workflow:
1. **Research Agent**: Analyzes job descriptions and researches companies
2. **Resume Optimizer**: Creates job-specific optimized resumes from user's resume library
3. **Cover Letter Generator**: Generates personalized cover letters with user context
### **Database Security**
- All tables use PostgreSQL Row-Level Security (RLS)
- User data is completely isolated between users
- JWT tokens for authentication with proper user context setting
## Development Priorities
### **Current Phase**: Foundation Setup ✅ → Core Implementation 🚧
**Immediate Next Steps** (following GETTING_STARTED.md):
1. Create FastAPI application structure (`src/backend/main.py`)
2. Implement user authentication system
3. Add application CRUD operations
4. Build AI agents integration
5. Create frontend UI components
### **Quality Standards**
- **Backend**: 80%+ test coverage, proper async patterns, comprehensive error handling
- **Database**: All queries use proper indexes, RLS policies enforced
- **AI Integration**: <30 seconds processing time, >90% relevance accuracy
- **Frontend**: Responsive design, loading states, proper error handling
## Decision-Making Guidelines
### **Architecture Decisions**
- Always prioritize user data security (RLS policies)
- Maintain async/await patterns for performance
- Follow the documented API specifications exactly
- Ensure proper separation of concerns (services, models, routes)
### **Implementation Approach**
- Build incrementally following the day-by-day guide
- Test each component thoroughly before moving to the next
- Update documentation and checklists as you progress
- Focus on MVP functionality over perfection
### **Error Handling Strategy**
- Graceful degradation when AI services are unavailable
- Comprehensive input validation and sanitization
- User-friendly error messages in the frontend
- Proper logging for debugging and monitoring
## Context Files to Reference
**Always check these files when making decisions:**
- `README.md` - Centralized quick reference and commands
- `GETTING_STARTED.md` - Day-by-day implementation roadmap
- `MVP_CHECKLIST.md` - Progress tracking and current status
- `docs/jobforge_mvp_architecture.md` - Detailed technical architecture
- `docs/api_specification.md` - Complete REST API documentation
- `docs/database_design.md` - Database schema and security policies
## Success Metrics
Your implementation is successful when:
- [ ] All Docker services start and communicate properly
- [ ] Users can register, login, and manage applications securely
- [ ] 3-phase AI workflow generates relevant, useful documents
- [ ] Frontend provides intuitive, responsive user experience
- [ ] Database maintains proper security and performance
- [ ] System handles errors gracefully with good user feedback
**Remember**: This is an MVP - focus on core functionality that demonstrates the 3-phase AI workflow effectively. Perfect polish comes later.
**Current Priority**: Implement backend foundation with authentication and basic CRUD operations.

43
.claude/settings_local_json.json Normal file
View File

@@ -0,0 +1,43 @@
{
"permissions": {
"allow": [
"Bash(*)",
"Git(*)",
"Node(*)",
"npm(*)",
"Docker(*)"
],
"deny": []
},
"project": {
"name": "SaaS Development Project",
"type": "web-application",
"tech_stack": ["Node.js", "React", "TypeScript", "PostgreSQL"]
},
"team": {
"main_orchestrator": "CLAUDE.md",
"specialist_agents": [
"agents/technical-lead.md",
"agents/full-stack-developer.md",
"agents/devops.md",
"agents/qa.md"
]
},
"templates": {
"api_documentation": "templates/api-docs.md",
"testing_guide": "templates/testing.md",
"deployment_guide": "templates/deployment.md"
},
"workflow": {
"sprint_length": "1_week",
"deployment_strategy": "continuous",
"quality_gates": true,
"default_agent": "CLAUDE.md"
},
"development": {
"environments": ["development", "staging", "production"],
"testing_required": true,
"code_review_required": true
},
"$schema": "https://json.schemastore.org/claude-code-settings.json"
}

246
.claude/templates/api_docs_template.md Normal file
View File

@@ -0,0 +1,246 @@
# API Endpoint: [Method] [Endpoint Path]
## Overview
Brief description of what this endpoint does and when to use it.
## Authentication
- **Required**: Yes/No
- **Type**: Bearer Token / API Key / None
- **Permissions**: List required permissions
## Request
### HTTP Method & URL
```http
[METHOD] /api/v1/[endpoint]
```
### Headers
```http
Content-Type: application/json
Authorization: Bearer <your-token>
```
### Path Parameters
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| id | string | Yes | Unique identifier |
### Query Parameters
| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| page | number | No | 1 | Page number for pagination |
| limit | number | No | 20 | Number of items per page |
### Request Body
```json
{
"field1": "string",
"field2": "number",
"field3": {
"nested": "object"
}
}
```
#### Request Schema
| Field | Type | Required | Validation | Description |
|-------|------|----------|------------|-------------|
| field1 | string | Yes | 1-100 chars | Field description |
| field2 | number | No | > 0 | Field description |
## Response
### Success Response (200/201)
```json
{
"success": true,
"data": {
"id": "uuid",
"field1": "string",
"field2": "number",
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z"
},
"meta": {
"pagination": {
"page": 1,
"limit": 20,
"total": 100,
"pages": 5
}
}
}
```
### Error Responses
#### 400 Bad Request
```json
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid input data",
"details": [
{
"field": "email",
"message": "Invalid email format"
}
]
}
}
```
#### 401 Unauthorized
```json
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Authentication required"
}
}
```
#### 403 Forbidden
```json
{
"success": false,
"error": {
"code": "FORBIDDEN",
"message": "Insufficient permissions"
}
}
```
#### 404 Not Found
```json
{
"success": false,
"error": {
"code": "NOT_FOUND",
"message": "Resource not found"
}
}
```
#### 500 Internal Server Error
```json
{
"success": false,
"error": {
"code": "INTERNAL_ERROR",
"message": "Something went wrong"
}
}
```
## Rate Limiting
- **Limit**: 1000 requests per hour per user
- **Headers**:
- `X-RateLimit-Limit`: Total requests allowed
- `X-RateLimit-Remaining`: Requests remaining
- `X-RateLimit-Reset`: Reset time (Unix timestamp)
## Examples
### cURL Example
```bash
curl -X [METHOD] "https://api.yourdomain.com/api/v1/[endpoint]" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your-token-here" \
-d '{
"field1": "example value",
"field2": 123
}'
```
### JavaScript Example
```javascript
const response = await fetch('/api/v1/[endpoint]', {
method: '[METHOD]',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your-token-here'
},
body: JSON.stringify({
field1: 'example value',
field2: 123
})
});
const data = await response.json();
console.log(data);
```
### Python Example
```python
import requests
url = 'https://api.yourdomain.com/api/v1/[endpoint]'
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer your-token-here'
}
data = {
'field1': 'example value',
'field2': 123
}
response = requests.[method](url, headers=headers, json=data)
result = response.json()
print(result)
```
## Testing
### Unit Test Example
```typescript
describe('[METHOD] /api/v1/[endpoint]', () => {
it('should return success with valid data', async () => {
const response = await request(app)
.[method]('/api/v1/[endpoint]')
.send({
field1: 'test value',
field2: 123
})
.expect(200);
expect(response.body.success).toBe(true);
expect(response.body.data).toMatchObject({
field1: 'test value',
field2: 123
});
});
it('should return 400 for invalid data', async () => {
const response = await request(app)
.[method]('/api/v1/[endpoint]')
.send({
field1: '', // Invalid empty string
field2: -1 // Invalid negative number
})
.expect(400);
expect(response.body.success).toBe(false);
expect(response.body.error.code).toBe('VALIDATION_ERROR');
});
});
```
## Notes
- Additional implementation notes
- Performance considerations
- Security considerations
- Related endpoints
## Changelog
| Version | Date | Changes |
|---------|------|---------|
| 1.0.0 | 2024-01-01 | Initial implementation |
---
**Last Updated**: [Date]
**Reviewed By**: [Name]
**Next Review**: [Date]

298
.claude/templates/deployment_template.md Normal file
View File

@@ -0,0 +1,298 @@
# Deployment Guide: [Release Version]
## Release Information
- **Version**: [Version Number]
- **Release Date**: [Date]
- **Release Type**: [Feature/Hotfix/Security/Maintenance]
- **Release Manager**: [Name]
## Release Summary
Brief description of what's being deployed, major features, and business impact.
### ✨ New Features
- [Feature 1]: Description and business value
- [Feature 2]: Description and business value
### 🐛 Bug Fixes
- [Bug Fix 1]: Description of issue resolved
- [Bug Fix 2]: Description of issue resolved
### 🔧 Technical Improvements
- [Improvement 1]: Performance/security/maintenance improvement
- [Improvement 2]: Infrastructure or code quality improvement
## Pre-Deployment Checklist
### ✅ Quality Assurance
- [ ] All automated tests passing (unit, integration, E2E)
- [ ] Manual testing completed and signed off
- [ ] Performance testing completed
- [ ] Security scan passed with no critical issues
- [ ] Cross-browser testing completed
- [ ] Mobile responsiveness verified
- [ ] Accessibility requirements met
### 🔐 Security & Compliance
- [ ] Security review completed
- [ ] Dependency vulnerabilities resolved
- [ ] Environment variables secured
- [ ] Database migration reviewed for data safety
- [ ] Backup procedures verified
- [ ] Compliance requirements met
### 📋 Documentation & Communication
- [ ] Release notes prepared
- [ ] API documentation updated
- [ ] User documentation updated
- [ ] Stakeholders notified of deployment
- [ ] Support team briefed on changes
- [ ] Rollback plan documented
### 🏗️ Infrastructure & Environment
- [ ] Staging environment matches production
- [ ] Database migrations tested on staging
- [ ] Environment variables configured
- [ ] SSL certificates valid and updated
- [ ] Monitoring and alerting configured
- [ ] Backup systems operational
## Environment Configuration
### Environment Variables
```bash
# Required Environment Variables
NODE_ENV=production
DATABASE_URL=postgresql://user:pass@host:port/dbname
REDIS_URL=redis://host:port
JWT_SECRET=your-secure-jwt-secret
API_BASE_URL=https://api.yourdomain.com
# Third-party Services
STRIPE_SECRET_KEY=sk_live_...
SENDGRID_API_KEY=SG...
SENTRY_DSN=https://...
# Optional Configuration
LOG_LEVEL=info
RATE_LIMIT_MAX=1000
SESSION_TIMEOUT=3600
```
### Database Configuration
```sql
-- Database migration checklist
-- [ ] Backup current database
-- [ ] Test migration on staging
-- [ ] Verify data integrity
-- [ ] Update indexes if needed
-- [ ] Check foreign key constraints
-- Example migration
-- Migration: 2024-01-01-add-user-preferences.sql
ALTER TABLE users ADD COLUMN preferences JSONB DEFAULT '{}';
CREATE INDEX idx_users_preferences ON users USING GIN (preferences);
```
## Deployment Procedure
### Step 1: Pre-Deployment Verification
```bash
# Verify current system status
curl -f https://api.yourdomain.com/health
curl -f https://yourdomain.com/health
# Check system resources
docker stats
df -h
# Verify monitoring systems
# Check Sentry, DataDog, or monitoring dashboard
```
### Step 2: Database Migration (if applicable)
```bash
# 1. Create database backup
pg_dump $DATABASE_URL > backup_$(date +%Y%m%d_%H%M%S).sql
# 2. Run migration in staging (verify first)
npm run migrate:staging
# 3. Verify migration succeeded
npm run migrate:status
# 4. Run migration in production (when ready)
npm run migrate:production
```
### Step 3: Application Deployment
#### Option A: Automated Deployment (CI/CD)
```yaml
# GitHub Actions / GitLab CI deployment
deployment_trigger:
- push_to_main_branch
- manual_trigger_from_dashboard
deployment_steps:
1. run_automated_tests
2. build_application
3. deploy_to_staging
4. run_smoke_tests
5. wait_for_approval
6. deploy_to_production
7. run_post_deployment_tests
```
#### Option B: Manual Deployment
```bash
# 1. Pull latest code
git checkout main
git pull origin main
# 2. Install dependencies
npm ci --production
# 3. Build application
npm run build
# 4. Deploy using platform-specific commands
# Vercel
vercel --prod
# Heroku
git push heroku main
# Docker
docker build -t app:latest .
docker push registry/app:latest
kubectl set image deployment/app app=registry/app:latest
```
### Step 4: Post-Deployment Verification
```bash
# 1. Health checks
curl -f https://api.yourdomain.com/health
curl -f https://yourdomain.com/health
# 2. Smoke tests
npm run test:smoke:production
# 3. Verify key functionality
curl -X POST https://api.yourdomain.com/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com","password":"test123"}'
# 4. Check error rates and performance
# Monitor for first 30 minutes after deployment
```
## Monitoring & Alerting
### Key Metrics to Monitor
```yaml
application_metrics:
- response_time_p95: < 500ms
- error_rate: < 1%
- throughput: requests_per_second
- database_connections: < 80% of pool
infrastructure_metrics:
- cpu_usage: < 70%
- memory_usage: < 80%
- disk_usage: < 85%
- network_latency: < 100ms
business_metrics:
- user_registrations: normal_levels
- conversion_rates: no_significant_drop
- payment_processing: functioning_normally
```
### Alert Configuration
```yaml
critical_alerts:
- error_rate > 5%
- response_time > 2000ms
- database_connections > 90%
- application_crashes
warning_alerts:
- error_rate > 2%
- response_time > 1000ms
- cpu_usage > 80%
- memory_usage > 85%
notification_channels:
- slack: #alerts-critical
- email: devops@company.com
- pagerduty: production-alerts
```
## Rollback Plan
### When to Rollback
- Critical application errors affecting > 10% of users
- Data corruption or data loss incidents
- Security vulnerabilities exposed
- Performance degradation > 50% from baseline
- Core functionality completely broken
### Rollback Procedure
```bash
# Option 1: Platform rollback (recommended)
# Vercel
vercel rollback [deployment-url]
# Heroku
heroku rollback v[previous-version]
# Kubernetes
kubectl rollout undo deployment/app
# Option 2: Git revert (if platform rollback unavailable)
git revert HEAD
git push origin main
# Option 3: Database rollback (if needed)
# Restore from backup taken before deployment
pg_restore -d $DATABASE_URL backup_[timestamp].sql
```
### Post-Rollback Actions
1. **Immediate**: Verify system stability
2. **Within 1 hour**: Investigate root cause
3. **Within 4 hours**: Fix identified issues
4. **Within 24 hours**: Plan and execute re-deployment
## Communication Plan
### Pre-Deployment Communication
```markdown
**Subject**: Scheduled Deployment - [Application Name] v[Version]
**Team**: [Development Team]
**Date**: [Deployment Date]
**Time**: [Deployment Time with timezone]
**Duration**: [Expected duration]
**Changes**:
- [Brief list of major changes]
**Impact**:
- [Any expected user impact or downtime]
**Support**: [Contact information for deployment team]
```
### Post-Deployment Communication
```markdown
**Subject**: Deployment Complete - [Application Name] v[Version]
**Status**: ✅ Successful / ❌ Failed / ⚠️ Partial
**Completed At**: [Time]
**Duration**: [Actual duration]
**Verification**:
- ✅ Health checks passing
- ✅

396
.claude/templates/testing_template.md Normal file
View File

@@ -0,0 +1,396 @@
# Testing Guide: [Feature Name]
## Overview
Brief description of what feature/component is being tested and its main functionality.
## Test Strategy
### Testing Scope
- **In Scope**: What will be tested
- **Out of Scope**: What won't be tested in this phase
- **Dependencies**: External services or components needed
### Test Types
- [ ] Unit Tests
- [ ] Integration Tests
- [ ] API Tests
- [ ] End-to-End Tests
- [ ] Performance Tests
- [ ] Security Tests
- [ ] Accessibility Tests
## Test Scenarios
### ✅ Happy Path Scenarios
- [ ] **Scenario 1**: User successfully [performs main action]
- **Given**: [Initial conditions]
- **When**: [User action]
- **Then**: [Expected result]
- [ ] **Scenario 2**: System handles valid input correctly
- **Given**: [Setup conditions]
- **When**: [Input provided]
- **Then**: [Expected behavior]
### ⚠️ Edge Cases
- [ ] **Empty/Null Data**: System handles empty or null inputs
- [ ] **Boundary Values**: Maximum/minimum allowed values
- [ ] **Special Characters**: Unicode, SQL injection attempts
- [ ] **Large Data Sets**: Performance with large amounts of data
- [ ] **Concurrent Users**: Multiple users accessing same resource
### ❌ Error Scenarios
- [ ] **Invalid Input**: System rejects invalid data with proper errors
- [ ] **Network Failures**: Handles network timeouts gracefully
- [ ] **Server Errors**: Displays appropriate error messages
- [ ] **Authentication Failures**: Proper handling of auth errors
- [ ] **Permission Denied**: Appropriate access control
## Automated Test Implementation
### Unit Tests
```typescript
// Jest unit test example
describe('[ComponentName]', () => {
beforeEach(() => {
// Setup before each test
});
afterEach(() => {
// Cleanup after each test
});
describe('Happy Path', () => {
it('should [expected behavior] when [condition]', () => {
// Arrange
const input = { /* test data */ };
// Act
const result = functionUnderTest(input);
// Assert
expect(result).toEqual(expectedOutput);
});
});
describe('Error Handling', () => {
it('should throw error when [invalid condition]', () => {
const invalidInput = { /* invalid data */ };
expect(() => {
functionUnderTest(invalidInput);
}).toThrow('Expected error message');
});
});
});
```
### API Integration Tests
```typescript
// API test example
describe('API: [Endpoint Name]', () => {
beforeAll(async () => {
// Setup test database
await setupTestDb();
});
afterAll(async () => {
// Cleanup test database
await cleanupTestDb();
});
it('should return success with valid data', async () => {
const testData = {
field1: 'test value',
field2: 123
};
const response = await request(app)
.post('/api/endpoint')
.send(testData)
.expect(200);
expect(response.body).toMatchObject({
success: true,
data: expect.objectContaining(testData)
});
});
it('should return 400 for invalid data', async () => {
const invalidData = {
field1: '', // Invalid
field2: 'not a number' // Invalid
};
const response = await request(app)
.post('/api/endpoint')
.send(invalidData)
.expect(400);
expect(response.body.success).toBe(false);
expect(response.body.error.code).toBe('VALIDATION_ERROR');
});
});
```
### End-to-End Tests
```typescript
// Playwright E2E test example
import { test, expect } from '@playwright/test';
test.describe('[Feature Name] E2E Tests', () => {
test.beforeEach(async ({ page }) => {
// Setup: Login user, navigate to feature
await page.goto('/login');
await page.fill('[data-testid="email"]', 'test@example.com');
await page.fill('[data-testid="password"]', 'password123');
await page.click('[data-testid="login-button"]');
await page.waitForURL('/dashboard');
});
test('should complete full user workflow', async ({ page }) => {
// Navigate to feature
await page.goto('/feature-page');
// Perform main user action
await page.fill('[data-testid="input-field"]', 'test input');
await page.click('[data-testid="submit-button"]');
// Verify result
await expect(page.locator('[data-testid="success-message"]')).toBeVisible();
await expect(page.locator('[data-testid="result"]')).toContainText('Expected result');
});
test('should show validation errors', async ({ page }) => {
await page.goto('/feature-page');
// Submit without required data
await page.click('[data-testid="submit-button"]');
// Verify error messages
await expect(page.locator('[data-testid="error-message"]')).toBeVisible();
await expect(page.locator('[data-testid="error-message"]')).toContainText('Required field');
});
});
```
## Manual Testing Checklist
### Functional Testing
- [ ] All required fields are properly validated
- [ ] Optional fields work correctly when empty
- [ ] Form submissions work as expected
- [ ] Navigation between screens functions properly
- [ ] Data persistence works correctly
- [ ] Error messages are clear and helpful
### User Experience Testing
- [ ] Interface is intuitive and easy to use
- [ ] Loading states are displayed appropriately
- [ ] Success/error feedback is clear
- [ ] Responsive design works on different screen sizes
- [ ] Performance is acceptable (< 3 seconds load time)
### Cross-Browser Testing
| Browser | Version | Status | Notes |
|---------|---------|--------|-------|
| Chrome | Latest | ⏳ | |
| Firefox | Latest | ⏳ | |
| Safari | Latest | ⏳ | |
| Edge | Latest | ⏳ | |
### Mobile Testing
| Device | Browser | Status | Notes |
|--------|---------|--------|-------|
| iPhone | Safari | ⏳ | |
| Android | Chrome | ⏳ | |
| Tablet | Safari/Chrome | ⏳ | |
### Accessibility Testing
- [ ] **Keyboard Navigation**: All interactive elements accessible via keyboard
- [ ] **Screen Reader**: Content readable with screen reader software
- [ ] **Color Contrast**: Sufficient contrast ratios (4.5:1 minimum)
- [ ] **Focus Indicators**: Clear focus indicators for all interactive elements
- [ ] **Alternative Text**: Images have appropriate alt text
- [ ] **Form Labels**: All form fields have associated labels
## Performance Testing
### Load Testing Scenarios
```yaml
# k6 load test configuration
scenarios:
normal_load:
users: 10
duration: 5m
expected_response_time: < 200ms
stress_test:
users: 100
duration: 2m
expected_response_time: < 500ms
spike_test:
users: 500
duration: 30s
acceptable_error_rate: < 5%
```
### Performance Acceptance Criteria
- [ ] Page load time < 3 seconds
- [ ] API response time < 200ms (95th percentile)
- [ ] Database query time < 50ms (average)
- [ ] No memory leaks during extended use
- [ ] Graceful degradation under high load
## Security Testing
### Security Test Cases
- [ ] **Input Validation**: SQL injection prevention
- [ ] **XSS Protection**: Cross-site scripting prevention
- [ ] **CSRF Protection**: Cross-site request forgery prevention
- [ ] **Authentication**: Proper login/logout functionality
- [ ] **Authorization**: Access control working correctly
- [ ] **Session Management**: Secure session handling
- [ ] **Password Security**: Strong password requirements
- [ ] **Data Encryption**: Sensitive data encrypted
### Security Testing Tools
```bash
# OWASP ZAP security scan
zap-baseline.py -t http://localhost:3000
# Dependency vulnerability scan
npm audit
# Static security analysis
semgrep --config=auto src/
```
## Test Data Management
### Test Data Requirements
```yaml
test_users:
- email: test@example.com
password: password123
role: user
status: active
- email: admin@example.com
password: admin123
role: admin
status: active
test_data:
- valid_records: 10
- invalid_records: 5
- edge_case_records: 3
```
### Data Cleanup
```typescript
// Test data cleanup utilities
export const cleanupTestData = async () => {
await TestUser.destroy({ where: { email: { [Op.like]: '%@test.com' } } });
await TestRecord.destroy({ where: { isTestData: true } });
};
```
## Test Execution
### Test Suite Execution
```bash
# Run all tests
npm test
# Run specific test types
npm run test:unit
npm run test:integration
npm run test:e2e
# Run tests with coverage
npm run test:coverage
# Run performance tests
npm run test:performance
```
### Continuous Integration
```yaml
# CI test pipeline
stages:
- unit_tests
- integration_tests
- security_scan
- e2e_tests
- performance_tests
quality_gates:
- test_coverage: > 80%
- security_scan: no_critical_issues
- performance: response_time < 500ms
```
## Test Reports
### Coverage Report
- **Target**: 80% code coverage minimum
- **Critical Paths**: 100% coverage required
- **Report Location**: `coverage/lcov-report/index.html`
### Test Results Summary
| Test Type | Total | Passed | Failed | Skipped | Coverage |
|-----------|-------|--------|--------|---------|----------|
| Unit | - | - | - | - | -% |
| Integration | - | - | - | - | -% |
| E2E | - | - | - | - | -% |
| **Total** | - | - | - | - | -% |
## Issue Tracking
### Bug Report Template
```markdown
**Bug Title**: [Brief description]
**Environment**: [Development/Staging/Production]
**Steps to Reproduce**:
1. [Step 1]
2. [Step 2]
3. [Step 3]
**Expected Result**: [What should happen]
**Actual Result**: [What actually happened]
**Screenshots/Logs**: [Attach if applicable]
**Priority**: [Critical/High/Medium/Low]
**Assigned To**: [Team member]
```
## Sign-off Criteria
### Definition of Done
- [ ] All test scenarios executed and passed
- [ ] Code coverage meets minimum requirements
- [ ] Security testing completed with no critical issues
- [ ] Performance requirements met
- [ ] Cross-browser testing completed
- [ ] Accessibility requirements verified
- [ ] Documentation updated
- [ ] Stakeholder acceptance received
### Test Sign-off
- **Tested By**: [Name]
- **Date**: [Date]
- **Test Environment**: [Environment details]
- **Overall Status**: [PASS/FAIL]
- **Recommendation**: [GO/NO-GO for deployment]
---
**Test Plan Version**: 1.0
**Last Updated**: [Date]
**Next Review**: [Date]

474
CLAUDE.md
View File

@@ -1,180 +1,344 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
# Job Forge - AI-Powered Job Application Assistant
## Project Overview
**Job Forge** is a Python/FastAPI web application prototype that leverages AI to streamline the job application process through automated document generation, application tracking, and intelligent job matching.
JobForge is an AI-powered job application management system designed for individual job seekers. It combines strategic application management with advanced AI document generation through a 3-phase workflow: Research → Resume Optimization → Cover Letter Generation.
## Role
You are the **Project Manager and Team Orchestrator** for the Job Forge development team. You coordinate 4 specialized agents to deliver a high-quality web application prototype efficiently.
## Technology Stack
- **Frontend**: Dash + Mantine UI components (Python-based web framework)
- **Backend**: FastAPI with AsyncIO for high-performance REST API
- **Database**: PostgreSQL 16 + pgvector extension for vector search
- **AI Services**: Claude Sonnet 4 for document generation, OpenAI for embeddings
- **Development**: Docker Compose for containerized environment
- **Authentication**: JWT tokens with bcrypt password hashing
## Development Commands
### Docker Environment
```bash
# Start all services (PostgreSQL, Backend, Frontend)
docker-compose up -d
# View logs for all services
docker-compose logs -f
# View logs for specific service
docker-compose logs -f backend
docker-compose logs -f frontend
docker-compose logs -f postgres
# Stop all services
docker-compose down
# Rebuild services after code changes
docker-compose up --build
# Reset database (WARNING: Deletes all data)
docker-compose down -v && docker-compose up -d
```yaml
backend: FastAPI + Python 3.12
frontend: Dash + Mantine Components
database: PostgreSQL 16 + pgvector
ai_services: Claude API + OpenAI API
deployment: Docker + Direct Server Deployment
testing: pytest + pytest-asyncio
development: Docker Compose + Hot Reload
```
### Testing
```bash
# Run all backend tests
docker-compose exec backend pytest
## Team Structure
# Run tests with coverage report
docker-compose exec backend pytest --cov=src --cov-report=html
### 🎯 Available Agents
- **.claude/agents/technical-lead.md** - Python/FastAPI architecture and technical guidance
- **.claude/agents/full-stack-developer.md** - FastAPI backend + Dash frontend implementation
- **.claude/agents/qa.md** - pytest testing and quality assurance
- **.claude/agents/devops.md** - Docker deployment and server infrastructure
# Run specific test file
docker-compose exec backend pytest tests/unit/services/test_auth_service.py
### 🔄 Development Workflow Process
#### Phase 1: Planning (Technical Lead)
```yaml
input_required:
- feature_requirements
- user_stories
- technical_constraints
- prototype_timeline
technical_lead_delivers:
- fastapi_endpoint_specifications
- database_schema_updates
- dash_component_architecture
- python_coding_standards
- integration_patterns
```
### Database Operations
```bash
# Connect to PostgreSQL database
docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp
#### Phase 2: Development (Full-Stack Developer)
```yaml
input_from_technical_lead:
- api_endpoint_specifications
- database_models_and_schemas
- dash_component_structure
- coding_standards
# Check database health
curl http://localhost:8000/health
full_stack_developer_delivers:
- fastapi_backend_implementation
- dash_frontend_components
- database_operations_and_migrations
- authentication_system
- ai_service_integrations
```
## Architecture Overview
#### Phase 3: Quality Assurance (QA Engineer)
```yaml
input_from_developer:
- working_web_application
- feature_documentation
- api_endpoints_and_examples
- test_scenarios
### Core Components
**Frontend Structure (`src/frontend/`)**:
- `main.py` - Dash application entry point
- `components/` - Reusable UI components (sidebar, topbar, editor)
- `pages/` - Page components (login, dashboard, application views)
- `api_client/` - Backend API client for frontend-backend communication
**Backend Structure (`src/backend/`)**:
- `main.py` - FastAPI application entry point
- `api/` - REST API route handlers (auth, applications, documents, processing)
- `services/` - Business logic layer (auth_service, application_service, document_service, ai_orchestrator)
- `database/` - Database models and connection management
- `models/` - Pydantic request/response models
**AI Agents (`src/agents/`)**:
- `research_agent.py` - Phase 1: Job analysis and company research
- `resume_optimizer.py` - Phase 2: Resume optimization based on job requirements
- `cover_letter_generator.py` - Phase 3: Personalized cover letter generation
- `claude_client.py` - Claude AI API integration
### 3-Phase AI Workflow
1. **Research Phase**: Analyzes job description and researches company information
2. **Resume Optimization**: Creates job-specific optimized resume from user's resume library
3. **Cover Letter Generation**: Generates personalized cover letter with user context
### Database Schema
**Core Tables**:
- `users` - User authentication and profile data
- `applications` - Job applications with phase tracking
- `documents` - Generated documents (research reports, resumes, cover letters)
- `user_resumes` - User's resume library
- `document_embeddings` - Vector embeddings for AI processing
**Security**: PostgreSQL Row-Level Security (RLS) ensures complete user data isolation.
## Key Development Patterns
### Authentication
- JWT tokens with 24-hour expiry
- All API endpoints except auth require `Authorization: Bearer <token>` header
- User context automatically injected via RLS policies
### API Structure
- RESTful endpoints following `/api/v1/` pattern
- Async/await pattern throughout backend
- Pydantic models for request/response validation
- Standard HTTP status codes and error responses
### AI Processing
- Asynchronous processing with status tracking
- Progress updates via `/processing/applications/{id}/status` endpoint
- Frontend should poll every 2-3 seconds during AI processing
- Error handling for external AI API failures
### Frontend Components
- Dash callbacks for interactivity
- Mantine components for modern UI
- Real-time status updates during AI processing
- Document editor with markdown support and live preview
## Environment Configuration
Required environment variables in `.env`:
```bash
# API Keys (REQUIRED)
CLAUDE_API_KEY=your_claude_api_key_here
OPENAI_API_KEY=your_openai_api_key_here
# Database
DATABASE_URL=postgresql+asyncpg://jobforge_user:jobforge_password@postgres:5432/jobforge_mvp
# JWT Authentication
JWT_SECRET_KEY=your-super-secret-jwt-key-change-this-in-production
# Development Settings
DEBUG=true
LOG_LEVEL=INFO
qa_engineer_delivers:
- pytest_test_suites
- manual_testing_results
- bug_reports_and_fixes
- quality_validation
- deployment_readiness
```
## Service URLs
#### Phase 4: Deployment (DevOps Engineer)
```yaml
input_from_qa:
- tested_application
- deployment_requirements
- environment_configuration
- server_setup_needs
- **Frontend Application**: http://localhost:8501
- **Backend API**: http://localhost:8000
- **API Documentation**: http://localhost:8000/docs (Swagger UI)
- **Database**: localhost:5432
devops_engineer_delivers:
- docker_containerization
- server_deployment_procedures
- environment_setup
- monitoring_and_logging
- backup_procedures
```
## Development Guidelines
## Job Forge Specific Features
### Code Style
- Follow FastAPI patterns for backend development
- Use async/await for all database and external API calls
- Implement proper error handling and logging
- Follow PostgreSQL RLS patterns for data security
### 🎯 Core Application Features
- **AI Document Generation**: Automated cover letters and resumes
- **Application Tracking**: Comprehensive job application management
- **Job Matching**: AI-powered job recommendation system
- **Multi-tenancy**: User isolation with PostgreSQL RLS
- **Document Management**: File upload and AI processing
### Testing Strategy
- Unit tests for business logic and services
- Integration tests for API endpoints and database interactions
- AI mocking for reliable testing without external API dependencies
- Maintain 80%+ test coverage
### 📋 Feature Development Workflow
### Security Best Practices
- Never commit API keys or sensitive data to repository
- Use environment variables for all configuration
- Implement proper input validation and sanitization
- Follow JWT token best practices
#### Step 1: Feature Planning
```bash
# Activate Technical Lead for architecture
# Focus: FastAPI endpoints, Dash components, database schema
```
## Current Development Status
#### Step 2: Implementation
```bash
# Activate Full-Stack Developer for implementation
# Focus: Python backend, Dash UI, AI integrations
```
**Phase**: MVP Development (8-week timeline)
**Status**: Foundation setup and documentation complete, code implementation in progress
#### Step 3: Quality Validation
```bash
# Activate QA Engineer for testing
# Focus: pytest automation, manual testing, performance
```
The project is currently in its initial development phase with comprehensive documentation and architecture planning completed. The actual code implementation follows the patterns and structure outlined in the documentation.
#### Step 4: Server Deployment
```bash
# Activate DevOps Engineer for deployment
# Focus: Docker setup, server deployment, monitoring
```
## Quality Gates for Job Forge
### 🔒 Prototype Quality Checkpoints
```yaml
gate_1_architecture_review:
required_approval: technical_lead
criteria:
- fastapi_structure_follows_best_practices
- database_schema_supports_multitenancy
- dash_components_properly_structured
- ai_integration_patterns_defined
gate_2_implementation_review:
required_approval: technical_lead + full_stack_developer
criteria:
- all_api_endpoints_functional
- dash_frontend_responsive_and_intuitive
- database_operations_secure_and_efficient
- ai_services_properly_integrated
- error_handling_comprehensive
gate_3_quality_review:
required_approval: qa_engineer
criteria:
- pytest_coverage_above_80_percent
- manual_testing_scenarios_passed
- no_critical_bugs_in_core_features
- user_experience_validated
gate_4_deployment_review:
required_approval: devops_engineer
criteria:
- docker_containers_optimized
- server_deployment_tested
- environment_variables_secured
- basic_monitoring_configured
```
## Agent Handoff Protocol
### 📤 Job Forge Handoff Format
```markdown
## Handoff: [From Agent] → [To Agent]
**Date**: [YYYY-MM-DD]
**Feature**: [Job Forge feature name]
### ✅ Completed Deliverables
- [FastAPI endpoints / Dash components / Tests]
- [Code location and documentation]
- [Test results or validation]
### 📋 Next Steps Required
- [Specific tasks for receiving agent]
- [Dependencies and integration points]
- [Timeline for prototype milestone]
### ⚠️ Important Notes
- [AI service limitations or considerations]
- [Database migration requirements]
- [Server deployment considerations]
**Status**: READY_FOR_NEXT_PHASE
```
### 🔄 Job Forge Handoff Scenarios
#### Technical Lead → Full-Stack Developer
```yaml
typical_deliverables:
- fastapi_endpoint_specifications
- pydantic_model_definitions
- dash_component_wireframes
- ai_integration_requirements
- database_migration_scripts
developer_needs:
- clear_acceptance_criteria
- ui_mockups_or_component_examples
- ai_api_usage_patterns
- authentication_flow_details
```
#### Full-Stack Developer → QA Engineer
```yaml
typical_deliverables:
- working_job_forge_application
- api_documentation_with_examples
- dash_components_and_workflows
- test_user_accounts_and_data
- known_issues_or_limitations
qa_needs:
- user_workflow_test_scenarios
- expected_ai_response_patterns
- performance_expectations
- cross_browser_compatibility_requirements
```
#### QA Engineer → DevOps Engineer
```yaml
typical_deliverables:
- fully_tested_job_forge_app
- pytest_coverage_reports
- performance_test_results
- security_validation_results
- deployment_readiness_confirmation
devops_needs:
- environment_variable_requirements
- database_connection_requirements
- ai_api_key_management
- server_resource_requirements
- ssl_and_domain_configuration
```
## Prototype Development Framework
### 🚀 Sprint Structure (1 Week Cycles)
```yaml
prototype_focused_sprints:
monday_planning:
duration: 1_hour
focus: feature_prioritization_for_prototype
deliverables:
- core_feature_selection
- technical_implementation_plan
- testing_strategy
- deployment_timeline
daily_standup:
duration: 10_minutes
format: async_updates
focus: rapid_progress_tracking
friday_demo:
duration: 30_minutes
focus: working_prototype_demonstration
deliverables:
- functional_feature_demo
- user_feedback_collection
- next_iteration_planning
```
## Decision Making for Prototyping
### ⚡ Quick Prototype Decisions (< 1 hour)
- UI/UX adjustments and improvements
- Bug fixes and minor feature tweaks
- Configuration and environment changes
- Documentation updates
### 🤝 Team Consultation (< 4 hours)
- New feature addition to prototype
- AI integration improvements
- Database schema modifications
- Testing strategy adjustments
### 🏛️ Architecture Decisions (< 24 hours)
- Major system architecture changes
- Third-party service integrations
- Security implementation changes
- Deployment strategy modifications
## Success Metrics for Job Forge Prototype
### 📊 Prototype Success Indicators
- **Core Features**: All essential job application features working
- **User Experience**: Intuitive and responsive web interface
- **AI Integration**: Reliable document generation and job matching
- **Performance**: Fast response times for typical user workflows
- **Reliability**: Stable operation during testing and demos
### 📈 Technical Health Metrics
- **Code Quality**: Clean, maintainable Python/FastAPI code
- **Test Coverage**: >80% backend coverage, manual frontend validation
- **Security**: Proper authentication and data isolation
- **Deployment**: Reliable Docker-based deployment process
## Communication Guidelines
### 📅 Prototype Development Touchpoints
- **Daily**: Quick progress updates and blocker resolution
- **Weekly**: Feature completion and prototype iteration planning
- **Milestone**: Prototype demonstration and feedback collection
### 🎯 Focus Areas
- **Rapid Development**: Prioritize working features over perfect code
- **User-Centric**: Focus on core user workflows and experience
- **AI Integration**: Ensure reliable AI service integration
- **Deployment Ready**: Maintain deployable state throughout development
## Getting Started with Job Forge
### 🏁 Prototype Development Checklist
- [ ] Development environment setup (Docker + FastAPI + Dash)
- [ ] Database initialization with sample data
- [ ] AI service API keys configured
- [ ] Core user workflow identified and planned
- [ ] Team agents briefed on Job Forge requirements
- [ ] First prototype iteration timeline established
### 🎯 Ready to Build Job Forge
Your specialized development team is ready to deliver the Job Forge AI-powered job application assistant. Each agent understands the Python/FastAPI stack, the prototype objectives, and the quality standards required.
**Start building your Job Forge prototype!** 🚀
# Documentation Structure
All project documentation is centralized in the `docs/` folder. See [README.md](README.md) for complete documentation navigation.
# Important Instructions
- Focus on Python/FastAPI backend implementation
- Use Dash + Mantine for frontend components
- Prioritize core job application workflows
- Maintain deployable prototype state
- Ensure AI service integration reliability
- Follow established quality gates for all features

339
GETTING_STARTED.md
View File

@@ -1,339 +0,0 @@
# 🚀 Getting Started - Day-by-Day Implementation Guide
This guide provides a practical, day-by-day approach to implementing the JobForge MVP. Follow this roadmap to build the system incrementally.
---
## 📅 Week 1: Foundation & Environment
### Day 1: Environment Setup ✅
- [x] Set up Docker development environment
- [x] Configure database with PostgreSQL + pgvector
- [x] Create project structure and documentation
- [x] Validate all services are running
**Validation Steps:**
```bash
docker-compose ps # All services should be "Up"
curl http://localhost:8000/health # Should return when backend is ready
```
### Day 2: Backend Foundation
**Goal**: Create FastAPI application structure and health check endpoint
**Tasks:**
1. Create `src/backend/main.py` with FastAPI app
2. Add health check endpoint (`/health`)
3. Set up database connection with AsyncPG
4. Add basic CORS and middleware configuration
**Validation:**
- `curl http://localhost:8000/health` returns `{"status": "healthy"}`
- `curl http://localhost:8000/docs` shows Swagger UI
### Day 3: Database Models & Authentication
**Goal**: Implement user model and JWT authentication
**Tasks:**
1. Create `src/backend/models/` with Pydantic models
2. Create `src/backend/services/auth_service.py`
3. Implement user registration and login endpoints
4. Add JWT token generation and validation
**Endpoints to implement:**
- `POST /api/v1/auth/register`
- `POST /api/v1/auth/login`
- `GET /api/v1/auth/me`
**Validation:**
```bash
# Register user
curl -X POST http://localhost:8000/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com","password":"testpass123","full_name":"Test User"}'
# Login
curl -X POST http://localhost:8000/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com","password":"testpass123"}'
```
### Day 4: Frontend Foundation
**Goal**: Create basic Dash application with authentication UI
**Tasks:**
1. Create `src/frontend/main.py` with Dash app
2. Create login/register components
3. Set up API client for backend communication
4. Implement basic navigation structure
**Validation:**
- Visit http://localhost:8501 shows login page
- Can register and login through UI
- Successful login redirects to dashboard
### Day 5: Application CRUD - Backend
**Goal**: Implement job application management (backend)
**Tasks:**
1. Create application models and database schema
2. Implement `src/backend/services/application_service.py`
3. Add application CRUD endpoints
4. Test with Row Level Security policies
**Endpoints to implement:**
- `POST /api/v1/applications`
- `GET /api/v1/applications`
- `GET /api/v1/applications/{id}`
- `PUT /api/v1/applications/{id}`
- `DELETE /api/v1/applications/{id}`
**Validation:**
```bash
# Create application (with auth token)
curl -X POST http://localhost:8000/api/v1/applications \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"company_name":"Google","role_title":"Developer","job_description":"We are looking for..."}'
```
---
## 📅 Week 2: Core Features
### Day 6: Application CRUD - Frontend
**Goal**: Create application management UI
**Tasks:**
1. Create application list/sidebar component
2. Create application form component
3. Implement application creation workflow
4. Add basic application status display
**Validation:**
- Can create new applications through UI
- Applications appear in sidebar
- Can view application details
### Day 7: AI Agents - Research Agent
**Goal**: Implement the first AI agent for job research
**Tasks:**
1. Create `src/agents/research_agent.py`
2. Implement Claude API integration
3. Create prompts for job description analysis
4. Add research report generation endpoint
**AI Agent Structure:**
```python
class ResearchAgent:
async def analyze_job_description(self, job_desc: str) -> JobAnalysis
async def research_company_info(self, company_name: str) -> CompanyInfo
async def generate_research_report(self, application_id: str) -> ResearchReport
```
**Validation:**
- Can trigger research phase for an application
- Research report is generated and stored
- Content is relevant and well-formatted
### Day 8: Resume Management
**Goal**: Implement resume library functionality
**Tasks:**
1. Create resume models and endpoints
2. Add resume upload and storage
3. Create resume management UI
4. Implement resume selection for applications
**Endpoints:**
- `GET /api/v1/resumes`
- `POST /api/v1/resumes`
- `GET /api/v1/resumes/{id}`
- `PUT /api/v1/resumes/{id}`
### Day 9: AI Agents - Resume Optimizer
**Goal**: Implement resume optimization agent
**Tasks:**
1. Create `src/agents/resume_optimizer.py`
2. Implement resume analysis and optimization
3. Add resume optimization endpoint
4. Connect to application workflow
**Validation:**
- Can optimize resume based on job requirements
- Optimized resume is stored and retrievable
- Changes are meaningful and relevant
### Day 10: Document Management UI
**Goal**: Create document viewing and editing interface
**Tasks:**
1. Create document editor component with markdown support
2. Add document preview functionality
3. Implement save/cancel functionality
4. Add phase navigation between documents
**Validation:**
- Can view generated documents
- Can edit document content
- Changes are saved and persist
- Navigation between phases works
---
## 📅 Week 3: AI Integration & Polish
### Day 11: AI Agents - Cover Letter Generator
**Goal**: Complete the 3-phase AI workflow
**Tasks:**
1. Create `src/agents/cover_letter_generator.py`
2. Implement cover letter generation
3. Add user context input functionality
4. Complete the full workflow integration
**Validation:**
- Full 3-phase workflow works end-to-end
- Cover letters are personalized and relevant
- User can provide additional context
### Day 12: Error Handling & Validation
**Goal**: Add robust error handling and validation
**Tasks:**
1. Add comprehensive input validation
2. Implement error handling for AI API failures
3. Add user-friendly error messages
4. Create fallback mechanisms for AI services
### Day 13: Testing & Quality Assurance
**Goal**: Add essential tests and quality checks
**Tasks:**
1. Write unit tests for core services
2. Add integration tests for API endpoints
3. Test database security policies
4. Implement basic load testing
**Testing Commands:**
```bash
# Run all tests
docker-compose exec backend pytest
# Run with coverage
docker-compose exec backend pytest --cov=src --cov-report=html
# Test specific functionality
docker-compose exec backend pytest tests/unit/services/test_auth_service.py
```
### Day 14: Performance Optimization
**Goal**: Optimize system performance and reliability
**Tasks:**
1. Optimize database queries and indexes
2. Add caching for AI responses
3. Implement request rate limiting
4. Add monitoring and logging
---
## 📅 Week 4: Final Polish & Deployment
### Day 15-17: UI/UX Polish
**Goals:**
- Improve user interface design and responsiveness
- Add loading states and progress indicators
- Implement better navigation and user flow
- Add help text and user guidance
### Day 18-19: Security & Production Readiness
**Goals:**
- Security audit and hardening
- Environment-specific configurations
- Production deployment preparation
- Documentation updates
### Day 20: Final Testing & Release
**Goals:**
- End-to-end testing of complete workflows
- Performance testing under load
- Final bug fixes and polish
- MVP release preparation
---
## 🎯 Daily Validation Checklist
Use this checklist at the end of each day to ensure progress:
### Backend Development
- [ ] New endpoints work correctly
- [ ] Database changes are applied
- [ ] Tests pass for new functionality
- [ ] API documentation is updated
- [ ] Error handling is implemented
### Frontend Development
- [ ] UI components render correctly
- [ ] User interactions work as expected
- [ ] API integration functions properly
- [ ] Responsive design is maintained
- [ ] Loading states are implemented
### AI Agents
- [ ] AI responses are relevant and useful
- [ ] Error handling for API failures
- [ ] Performance is acceptable (<30s per operation)
- [ ] Content quality meets standards
- [ ] Integration with workflow is seamless
---
## 🚨 Common Daily Blockers & Solutions
### "AI API is not responding"
```bash
# Check API keys are set
echo $CLAUDE_API_KEY
echo $OPENAI_API_KEY
# Test API connectivity
curl -H "Authorization: Bearer $CLAUDE_API_KEY" https://api.anthropic.com/v1/messages
```
### "Database changes not reflected"
```bash
# Restart database service
docker-compose restart postgres
# Check database logs
docker-compose logs postgres
# Reconnect to verify changes
docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp
```
### "Frontend not updating"
```bash
# Clear browser cache
# Check frontend logs
docker-compose logs frontend
# Restart frontend service
docker-compose restart frontend
```
---
## 📈 Progress Tracking
Track your daily progress in [MVP_CHECKLIST.md](MVP_CHECKLIST.md) and update the README status as you complete each phase.
**Remember**: This is an MVP - focus on core functionality over perfection. The goal is to have a working end-to-end system that demonstrates the 3-phase AI workflow.
---
**Ready to start building? Begin with Day 1 and work through each day systematically! 🚀**

247
MVP_CHECKLIST.md
View File

@@ -1,247 +0,0 @@
# 📋 MVP Development Checklist
Track your progress through the JobForge MVP development. Update this checklist as you complete each feature.
---
## 🎯 Current Status: Foundation Setup ✅
**Overall Progress**: 25% Complete (Foundation & Environment)
---
## 📅 Week 1: Foundation & Environment
### Day 1: Environment Setup ✅
- [x] Docker development environment configured
- [x] PostgreSQL + pgvector database running
- [x] Project structure created
- [x] Documentation centralized in README.md
- [x] All services validated (postgres, backend, frontend)
### Day 2: Backend Foundation 🚧
- [ ] Create `src/backend/main.py` with FastAPI app
- [ ] Add health check endpoint (`/health`)
- [ ] Set up database connection with AsyncPG
- [ ] Add CORS and middleware configuration
- [ ] **Validation**: `curl http://localhost:8000/health` works
### Day 3: Database Models & Authentication 📋
- [ ] Create Pydantic models in `src/backend/models/`
- [ ] Implement `src/backend/services/auth_service.py`
- [ ] Add user registration endpoint
- [ ] Add user login endpoint
- [ ] Add JWT token validation
- [ ] **Validation**: Can register and login via API
### Day 4: Frontend Foundation 📋
- [ ] Create `src/frontend/main.py` with Dash app
- [ ] Create login/register UI components
- [ ] Set up API client for backend communication
- [ ] Implement basic navigation structure
- [ ] **Validation**: Can register/login through UI
### Day 5: Application CRUD - Backend 📋
- [ ] Create application models and schemas
- [ ] Implement `src/backend/services/application_service.py`
- [ ] Add all application CRUD endpoints
- [ ] Test Row Level Security policies
- [ ] **Validation**: Can create applications via API
---
## 📅 Week 2: Core Features
### Day 6: Application CRUD - Frontend 📋
- [ ] Create application list/sidebar component
- [ ] Create application form component
- [ ] Implement application creation workflow
- [ ] Add application status display
- [ ] **Validation**: Can manage applications through UI
### Day 7: AI Agents - Research Agent 📋
- [ ] Create `src/agents/research_agent.py`
- [ ] Implement Claude API integration
- [ ] Create job analysis prompts
- [ ] Add research report generation
- [ ] **Validation**: Research phase generates useful reports
### Day 8: Resume Management 📋
- [ ] Create resume models and endpoints
- [ ] Add resume upload and storage
- [ ] Create resume management UI
- [ ] Implement resume selection for applications
- [ ] **Validation**: Can manage resume library
### Day 9: AI Agents - Resume Optimizer 📋
- [ ] Create `src/agents/resume_optimizer.py`
- [ ] Implement resume analysis and optimization
- [ ] Add resume optimization endpoint
- [ ] Connect to application workflow
- [ ] **Validation**: Resume optimization produces relevant changes
### Day 10: Document Management UI 📋
- [ ] Create document editor with markdown support
- [ ] Add document preview functionality
- [ ] Implement save/cancel functionality
- [ ] Add phase navigation between documents
- [ ] **Validation**: Can view and edit all generated documents
---
## 📅 Week 3: AI Integration & Polish
### Day 11: AI Agents - Cover Letter Generator 📋
- [ ] Create `src/agents/cover_letter_generator.py`
- [ ] Implement cover letter generation
- [ ] Add user context input functionality
- [ ] Complete full workflow integration
- [ ] **Validation**: Complete 3-phase workflow works end-to-end
### Day 12: Error Handling & Validation 📋
- [ ] Add comprehensive input validation
- [ ] Implement AI API failure handling
- [ ] Add user-friendly error messages
- [ ] Create fallback mechanisms
- [ ] **Validation**: System handles errors gracefully
### Day 13: Testing & Quality Assurance 📋
- [ ] Write unit tests for core services
- [ ] Add integration tests for API endpoints
- [ ] Test database security policies
- [ ] Implement basic performance testing
- [ ] **Validation**: Test coverage >80% for backend
### Day 14: Performance Optimization 📋
- [ ] Optimize database queries and indexes
- [ ] Add caching for AI responses
- [ ] Implement request rate limiting
- [ ] Add monitoring and logging
- [ ] **Validation**: AI operations complete <30 seconds
---
## 📅 Week 4: Final Polish & Deployment
### Days 15-17: UI/UX Polish 📋
- [ ] Improve interface design and responsiveness
- [ ] Add loading states and progress indicators
- [ ] Implement better navigation and user flow
- [ ] Add help text and user guidance
- [ ] **Validation**: UI is professional and intuitive
### Days 18-19: Security & Production Readiness 📋
- [ ] Complete security audit and hardening
- [ ] Configure environment-specific settings
- [ ] Prepare production deployment configuration
- [ ] Update all documentation
- [ ] **Validation**: Security review passes
### Day 20: Final Testing & Release 📋
- [ ] End-to-end testing of complete workflows
- [ ] Performance testing under load
- [ ] Final bug fixes and polish
- [ ] MVP release preparation
- [ ] **Validation**: Full system works reliably
---
## 🏆 MVP Success Criteria
### Core Functionality ✅/❌
- [ ] User can register and login securely
- [ ] User can create job applications with descriptions
- [ ] AI generates research report automatically
- [ ] AI optimizes resume based on job requirements
- [ ] AI generates cover letter with user context
- [ ] User can view and edit all generated documents
- [ ] Phase navigation works smoothly
- [ ] Data is persisted securely with user isolation
### Performance Criteria ✅/❌
- [ ] AI processing completes within 30 seconds per phase
- [ ] API responses return within 500ms for CRUD operations
- [ ] Database queries execute efficiently with proper indexes
- [ ] Frontend loads and responds quickly (<2 seconds)
- [ ] System handles concurrent users without issues
### Quality Criteria ✅/❌
- [ ] Code coverage >80% for backend services
- [ ] All API endpoints documented and tested
- [ ] Database security policies prevent cross-user access
- [ ] Error handling provides meaningful feedback
- [ ] AI-generated content is relevant and useful
---
## 📊 Development Metrics
### Backend Progress
- **API Endpoints**: 0/15 implemented
- **Services**: 0/5 implemented
- **Test Coverage**: 0%
- **Database Tables**: 5/5 created ✅
### Frontend Progress
- **Components**: 0/8 implemented
- **Pages**: 0/4 implemented
- **API Integration**: 0% complete
### AI Agents Progress
- **Research Agent**: 0% complete
- **Resume Optimizer**: 0% complete
- **Cover Letter Generator**: 0% complete
- **Integration**: 0% complete
---
## 🚨 Current Blockers
*Update this section with any current blockers or issues*
### Active Issues
- None currently
### Resolved Issues
- ✅ Environment setup completed
- ✅ Database schema created
- ✅ Docker services configured
---
## 📝 Daily Notes
### Latest Update: [Date]
*Add daily progress notes here*
**Today's Progress:**
- Completed environment setup
- All Docker services running
- Database initialized with proper schema
**Tomorrow's Goals:**
- Start backend FastAPI application
- Implement health check endpoint
- Set up database connection
**Learnings:**
- Docker Compose health checks are crucial for service dependencies
- pgvector extension setup requires specific image version
---
## 🎯 Next Steps
1. **Immediate (Today)**: Start Day 2 - Backend Foundation
2. **This Week**: Complete authentication and basic CRUD operations
3. **This Month**: Complete MVP with full 3-phase AI workflow
---
**Remember**: This is an MVP - focus on core functionality over perfection. The goal is to have a working end-to-end system that demonstrates the 3-phase AI workflow.
**Current Priority**: Complete backend foundation and authentication system.
---
*Last Updated: [Current Date] - Update this checklist daily as you make progress!*

547
README.md
View File

@@ -1,337 +1,250 @@
# JobForge MVP
# Job Forge - AI-Powered Job Application Assistant
**AI-Powered Job Application Management System**
[![Python](https://img.shields.io/badge/Python-3.12+-blue.svg)](https://python.org)
[![FastAPI](https://img.shields.io/badge/FastAPI-0.104+-green.svg)](https://fastapi.tiangolo.com)
[![Dash](https://img.shields.io/badge/Dash-2.14+-purple.svg)](https://dash.plotly.com)
[![PostgreSQL](https://img.shields.io/badge/PostgreSQL-16+-blue.svg)](https://postgresql.org)
Transform your job search with intelligent document generation and strategic application management. JobForge uses Claude Sonnet 4 and OpenAI to create tailored resumes and cover letters through a 3-phase AI workflow.
> **Job Forge** is a Python/FastAPI web application prototype that leverages AI to streamline the job application process through automated document generation, application tracking, and intelligent job matching.
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Python](https://img.shields.io/badge/Python-3.11+-blue.svg)](https://www.python.org/downloads/)
[![FastAPI](https://img.shields.io/badge/FastAPI-0.109+-green.svg)](https://fastapi.tiangolo.com/)
[![PostgreSQL](https://img.shields.io/badge/PostgreSQL-16+-blue.svg)](https://www.postgresql.org/)
## 🚀 Quick Start
---
## 🚀 Quick Start (5 Minutes)
### Prerequisites
- **Docker Desktop** 4.20+ with Docker Compose
- **API Keys**: Claude API key, OpenAI API key
- **Git** 2.30+
### 1. Clone & Setup
```bash
git clone https://github.com/your-org/jobforge-mvp.git
cd jobforge-mvp
# Clone the repository
git clone https://github.com/yourusername/job-forge.git
cd job-forge
# Copy environment template and add your API keys
cp .env.example .env
nano .env # Add CLAUDE_API_KEY and OPENAI_API_KEY
```
### 2. Start Development Environment
```bash
# Start all services (PostgreSQL, Backend, Frontend)
# Start development environment
docker-compose up -d
# View logs to ensure everything started correctly
docker-compose logs -f
# Access the application
open http://localhost:8000
```
### 3. Verify Installation
Open these URLs to verify everything is working:
- **Frontend Application**: http://localhost:8501
- **Backend API**: http://localhost:8000
- **API Documentation**: http://localhost:8000/docs
### 4. Quick Validation
```bash
# Check backend health
curl http://localhost:8000/health
# Check all services are running
docker-compose ps
```
All services should show "Up" status. If any issues, see [Troubleshooting](#-troubleshooting) below.
---
## ✨ What is JobForge?
JobForge is an AI-powered job application management system that streamlines your job search through intelligent document generation. Built for individual job seekers, it combines strategic application management with advanced AI to maximize your chances of landing interviews.
### Key Features
- **3-Phase AI Workflow**: Research → Resume Optimization → Cover Letter Generation
- **Modern Interface**: Professional web app with intuitive navigation
- **Secure & Private**: Complete user data isolation with PostgreSQL Row-Level Security
- **AI-Powered**: Claude Sonnet 4 for document generation, OpenAI for semantic matching
### Technology Stack
- **Frontend**: Dash + Mantine components
- **Backend**: FastAPI + AsyncIO
- **Database**: PostgreSQL 16 + pgvector
- **AI**: Claude Sonnet 4, OpenAI embeddings
- **Development**: Docker Compose
---
## 🛠️ Development Commands
### Essential Commands
```bash
# Start all services
docker-compose up -d
# View logs for all services
docker-compose logs -f
# View logs for specific service
docker-compose logs -f backend
docker-compose logs -f frontend
docker-compose logs -f postgres
# Stop all services
docker-compose down
# Rebuild after code changes
docker-compose up --build
# Reset database (WARNING: Deletes all data)
docker-compose down -v && docker-compose up -d
```
### Testing
```bash
# Run backend tests
docker-compose exec backend pytest
# Run tests with coverage
docker-compose exec backend pytest --cov=src --cov-report=html
# Run specific test file
docker-compose exec backend pytest tests/unit/services/test_auth_service.py
```
### Database Operations
```bash
# Connect to PostgreSQL database
docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp
# Check database health
curl http://localhost:8000/health
```
---
## 🏗️ Project Structure
```
jobforge-mvp/
├── src/
│ ├── backend/ # FastAPI backend code
│ │ ├── main.py # FastAPI app entry point
│ │ ├── api/ # API route handlers
│ │ ├── services/ # Business logic
│ │ └── database/ # Database models and connection
│ ├── frontend/ # Dash frontend code
│ │ ├── main.py # Dash app entry point
│ │ ├── components/ # UI components
│ │ └── pages/ # Page components
│ └── agents/ # AI processing agents
├── database/
│ └── init.sql # Database initialization
├── docs/ # Detailed technical documentation
├── docker-compose.yml # Development environment
├── requirements-backend.txt
├── requirements-frontend.txt
└── .env.example # Environment template
```
---
## 🔧 Environment Configuration
### Required Environment Variables
Copy `.env.example` to `.env` and configure:
```bash
# API Keys (REQUIRED)
CLAUDE_API_KEY=your_claude_api_key_here
OPENAI_API_KEY=your_openai_api_key_here
# Database (Auto-configured for local development)
DATABASE_URL=postgresql+asyncpg://jobforge_user:jobforge_password@postgres:5432/jobforge_mvp
# JWT Secret (Generate random string)
JWT_SECRET_KEY=your-super-secret-jwt-key-change-this-in-production
# Development Settings
DEBUG=true
LOG_LEVEL=INFO
```
### Getting API Keys
#### Claude API Key
1. Visit https://console.anthropic.com/
2. Create account or log in
3. Go to "API Keys" section
4. Create new key with name "JobForge Development"
5. Copy key to `.env` file
#### OpenAI API Key
1. Visit https://platform.openai.com/api-keys
2. Create account or log in
3. Click "Create new secret key"
4. Name it "JobForge Development"
5. Copy key to `.env` file
---
## 📚 Documentation
All technical documentation is centralized in the `/docs` folder:
### Core Documentation
- **[Development Setup](docs/development_setup.md)** - Complete environment setup with troubleshooting
- **[MVP Architecture](docs/jobforge_mvp_architecture.md)** - High-level system design and component overview
- **[API Specification](docs/api_specification.md)** - Complete REST API documentation with examples
- **[Database Design](docs/database_design.md)** - Schema, security policies, and optimization
### Process Documentation
- **[Git Branch Strategy](docs/git_branch_strategy.md)** - Version control workflow and team coordination
- **[Testing Strategy](docs/testing_strategy.md)** - Testing guidelines and automation setup
- **[Team Management](docs/team_management_guide.md)** - Team roles, processes, and standards
---
## 🐛 Troubleshooting
### Common Issues
#### "Port already in use"
```bash
# Check what's using the port
lsof -i :8501 # or :8000, :5432
# Kill the process or change ports in docker-compose.yml
```
#### "API Key Invalid"
```bash
# Verify API key format
echo $CLAUDE_API_KEY # Should start with "sk-ant-api03-"
echo $OPENAI_API_KEY # Should start with "sk-"
# Ensure .env file is in project root
ls -la .env
```
#### "Database Connection Failed"
```bash
# Check if PostgreSQL is running
docker-compose ps postgres
# Check database logs
docker-compose logs postgres
# Try connecting manually
docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp
```
#### "Frontend Won't Load"
```bash
# Check frontend logs
docker-compose logs frontend
# Common issue: Backend not ready
curl http://localhost:8000/health
# Restart frontend
docker-compose restart frontend
```
### Clean Restart
If you encounter persistent issues:
```bash
# Complete clean restart
docker-compose down -v
docker system prune -f
docker-compose up --build -d
```
---
## 🎯 Development Workflow
### 1. Starting Development
```bash
# Ensure latest code
git pull origin main
# Start environment
docker-compose up -d
# Verify all services
docker-compose ps
curl http://localhost:8000/health
```
### 2. Making Changes
```bash
# Backend changes auto-reload
# Frontend changes auto-reload
# Database changes require restart: docker-compose restart postgres
```
### 3. Testing Changes
```bash
# Run tests
docker-compose exec backend pytest
# Check logs
docker-compose logs -f backend
```
---
## 🚀 MVP Development Status
### Current Phase: Foundation Setup ✅
- [x] Project structure and documentation
- [x] Docker development environment
- [x] Database schema with RLS policies
- [x] Environment configuration
### Next Phase: Core Implementation 🚧
- [ ] User authentication system
- [ ] Application CRUD operations
- [ ] AI agents integration
- [ ] Frontend UI components
### Future Phases 📋
- [ ] AI-powered research generation
- [ ] Resume optimization engine
- [ ] Cover letter generation
- [ ] Document editing interface
## 📚 Documentation Navigation
### 🏗️ **Architecture & Planning**
- [**System Architecture**](docs/jobforge_mvp_architecture.md) - Complete system overview and component breakdown
- [**API Specification**](docs/api_specification.md) - Comprehensive API endpoints and examples
- [**Database Design**](docs/database_design.md) - Schema design with RLS policies and performance optimization
- [**MVP Checklist**](docs/MVP_CHECKLIST.md) - Development progress tracking
### 🛠️ **Development**
- [**Development Setup**](docs/development_setup.md) - Environment setup and configuration
- [**Getting Started Guide**](docs/GETTING_STARTED.md) - Week-by-week implementation roadmap
- [**Coding Standards**](docs/development/coding_standards.md) - Python/FastAPI best practices
- [**Implementation Patterns**](docs/development/implementation_patterns.md) - Code templates and examples
### 🧪 **Testing & Quality**
- [**Testing Strategy**](docs/testing_strategy.md) - Comprehensive testing approach with pytest
- [**QA Procedures**](docs/testing/qa_procedures.md) - Quality assurance workflows
- [**Manual Testing**](docs/testing/manual_testing_guide.md) - User workflow validation procedures
### 🚢 **Deployment & Infrastructure**
- [**Server Deployment**](docs/infrastructure/server_deployment.md) - Direct server deployment procedures
- [**Docker Setup**](docs/infrastructure/docker_setup.md) - Containerization and orchestration
- [**Environment Configuration**](docs/infrastructure/environment_setup.md) - Production environment setup
- [**Monitoring & Logging**](docs/infrastructure/monitoring.md) - Observability and alerting
### 🔒 **Security & Operations**
- [**Security Guidelines**](docs/infrastructure/security_hardening.md) - Production security measures
- [**Backup Procedures**](docs/infrastructure/backup_procedures.md) - Data backup and recovery
- [**Git Workflow**](docs/git_branch_strategy.md) - Branching strategy and collaboration
### 🤖 **AI Integration**
- [**AI Services Setup**](docs/development/ai_integration.md) - Claude and OpenAI API integration
- [**Document Generation**](docs/development/document_generation.md) - Automated resume and cover letter creation
- [**Job Matching**](docs/development/job_matching.md) - AI-powered job recommendation system
## 🏛️ **Technology Stack**
### Backend
- **FastAPI** - Modern Python web framework
- **PostgreSQL 16** - Database with pgvector for AI embeddings
- **SQLAlchemy** - ORM with async support
- **Alembic** - Database migrations
- **Pydantic** - Data validation and serialization
### Frontend
- **Dash** - Interactive web applications
- **Mantine Components** - Modern UI component library
- **Plotly** - Data visualization
- **Bootstrap** - Responsive design framework
### AI & ML
- **Claude API** - Document generation and analysis
- **OpenAI API** - Embeddings and completions
- **pgvector** - Vector similarity search
- **Sentence Transformers** - Text embeddings
### Development & Deployment
- **Docker** - Containerization
- **Docker Compose** - Development orchestration
- **pytest** - Testing framework
- **Black** - Code formatting
- **Ruff** - Fast Python linter
## 🎯 **Core Features**
### ✨ **AI Document Generation**
- Automated cover letter creation based on job descriptions
- Resume optimization and tailoring
- Professional formatting and styling
- Multiple export formats (PDF, DOCX)
### 📊 **Application Tracking**
- Comprehensive job application management
- Application status tracking and timeline
- Interview scheduling and notes
- Follow-up reminders and notifications
### 🔍 **Job Matching**
- AI-powered job recommendation system
- Skills gap analysis and suggestions
- Salary insights and market data
- Company culture and fit analysis
### 👥 **Multi-User Support**
- Secure user authentication and authorization
- Data isolation with PostgreSQL RLS
- User profile and preference management
- Team collaboration features
## 🏃 **Development Workflow**
1. **Planning Phase** - Technical Lead defines architecture and specifications
2. **Implementation Phase** - Full-Stack Developer builds features
3. **Quality Assurance** - QA Engineer validates and tests
4. **Deployment Phase** - DevOps Engineer handles deployment
## 📋 **Project Status**
- [x] Project architecture and database design
- [x] Development environment setup
- [x] API specification and documentation
- [ ] Core backend API implementation
- [ ] Frontend Dash application
- [ ] AI service integrations
- [ ] Testing suite implementation
- [ ] Production deployment
---
## 🤝 **Team & Agents**
## 📄 License
Job Forge uses specialized AI agents for development:
- **Technical Lead** - Architecture decisions and technical guidance
- **Full-Stack Developer** - FastAPI backend and Dash frontend implementation
- **QA Engineer** - pytest testing and quality assurance
- **DevOps Engineer** - Docker deployment and server infrastructure
See [CLAUDE.md](CLAUDE.md) for complete team orchestration documentation.
## 📖 **Documentation Categories**
### 📚 **Getting Started**
Perfect for new developers joining the project:
- [Development Setup](docs/development_setup.md)
- [Getting Started Guide](docs/GETTING_STARTED.md)
- [MVP Checklist](docs/MVP_CHECKLIST.md)
### 🔧 **Implementation**
For active development work:
- [API Specification](docs/api_specification.md)
- [Database Design](docs/database_design.md)
- [System Architecture](docs/jobforge_mvp_architecture.md)
### 🧪 **Quality Assurance**
For testing and validation:
- [Testing Strategy](docs/testing_strategy.md)
- [QA Procedures](docs/testing/)
- [Manual Testing](docs/testing/)
### 🚀 **Deployment**
For production deployment:
- [Server Deployment](docs/infrastructure/)
- [Docker Setup](docs/infrastructure/)
- [Security Guidelines](docs/infrastructure/)
## 🛡️ **Security**
Job Forge implements comprehensive security measures:
- **Authentication**: Secure user authentication with JWT tokens
- **Authorization**: Role-based access control (RBAC)
- **Data Isolation**: PostgreSQL Row Level Security (RLS)
- **API Security**: Rate limiting and input validation
- **Encryption**: Data encryption at rest and in transit
## 📈 **Performance**
Optimized for performance and scalability:
- **Database**: Optimized queries with proper indexing
- **API**: Async FastAPI for high concurrency
- **Caching**: Redis for session and API response caching
- **CDN**: Static asset delivery optimization
- **Monitoring**: Application and infrastructure monitoring
## 🧪 **Testing**
Comprehensive testing strategy:
- **Unit Tests**: 80%+ coverage with pytest
- **Integration Tests**: API and database testing
- **End-to-End Tests**: User workflow validation
- **Performance Tests**: Load and stress testing
- **Security Tests**: Vulnerability scanning and validation
## 📊 **Monitoring & Analytics**
Built-in observability:
- **Application Monitoring**: Error tracking and performance metrics
- **Infrastructure Monitoring**: Server and database health
- **User Analytics**: Feature usage and user behavior
- **Security Monitoring**: Threat detection and response
## 🤖 **AI Integration**
Seamless AI service integration:
- **Claude API**: Advanced document generation and analysis
- **OpenAI API**: Embeddings and text completions
- **Vector Search**: Semantic job matching with pgvector
- **Error Handling**: Robust fallback and retry mechanisms
## 📱 **User Experience**
Modern and intuitive interface:
- **Responsive Design**: Mobile-first responsive layout
- **Interactive Components**: Rich Dash components with Mantine
- **Real-time Updates**: Live status updates and notifications
- **Accessible**: WCAG 2.1 AA compliance
- **Performance**: Fast loading and smooth interactions
## 🔧 **Development Tools**
Optimized development experience:
- **Hot Reload**: Real-time code changes with Docker
- **Code Quality**: Black formatting and Ruff linting
- **Type Safety**: Full type hints with mypy validation
- **Debugging**: Comprehensive logging and debugging tools
- **Testing**: Fast test execution with pytest
## 📞 **Support & Contributing**
- **Issues**: Report bugs and request features via GitHub Issues
- **Documentation**: Comprehensive documentation in `docs/` folder
- **Code Style**: Follow established Python/FastAPI best practices
- **Testing**: Maintain test coverage above 80%
- **Reviews**: All changes require code review and testing
## 📄 **License**
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
---
## 🤝 Contributing
**Ready to start building?** 🚀
1. Fork the repository
2. Create your feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add some amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
1. Follow the [Development Setup](docs/development_setup.md) guide
2. Check the [Getting Started](docs/GETTING_STARTED.md) roadmap
3. Review the [API Specification](docs/api_specification.md)
4. Start with the [MVP Checklist](docs/MVP_CHECKLIST.md)
---
**Ready to transform your job search? Let's build something amazing! 🚀**
For team coordination and agent management, see [CLAUDE.md](CLAUDE.md).

23
docs/ai/dillon_cover_letter.md Normal file
View File

@@ -0,0 +1,23 @@
**Leo Miranda**
leobrmi@hotmail.com | (416) 859-7936
July 21, 2025
Dillon Consulting
Data Analyst Hiring Team
Toronto, ON
Dear Hiring Manager,
I'm writing to apply for the Data Analyst position at Dillon Consulting. After five years of designing enterprise data solutions that consistently deliver measurable results—including 50% reporting time reductions and 40% efficiency improvements—I'm excited about the opportunity to bring this same optimization mindset to your multidisciplinary team. Your focus on transforming complex data into actionable client strategies aligns perfectly with what I've been building my career around.
Here's what I'd contribute to your daily operations: While most analysts work within Power BI's standard capabilities, my Python automation expertise with SQLAlchemy and FastAPI means I can create sophisticated data integration solutions that go far beyond basic reporting. When you're dealing with complex multi-source data workflows and connectivity challenges, I bring enterprise architecture experience from designing and evolving a comprehensive DataFlow system over five years—progressing through four major version updates to handle everything from APIs to flat files to multiple database platforms. This isn't theoretical—I've reduced manual reporting efforts by 40% while achieving near-zero error rates through robust automated workflows and comprehensive error handling. Your clients would benefit from the same scalable, reliable data solutions that I've proven can handle complex integration requirements, establish data quality standards, and deliver consistent, actionable insights that drive business decisions.
What sets me apart is how I bridge technical depth with business impact. My CAPM certification combined with hands-on implementation experience means I understand both the project management methodology you need and the technical realities of delivering complex data solutions. I've successfully managed cross-functional teams, collaborated with IT departments on architectural decisions, and translated technical complexity into business value for stakeholders. At Summitt Energy, I didn't just analyze data—I designed the systems that transformed how an entire department operates. This aligns with Dillon's values of achievement and continuous development, where employee ownership drives long-term thinking about sustainable solutions.
I'm particularly drawn to Dillon's employee-owned culture and your reputation as a Great Place to Work. Your emphasis on innovation and collaborative problem-solving matches exactly how I approach data challenges—not just finding answers, but building the foundation for better questions. The fact that you've maintained Canada's Best Managed Company status for 18 consecutive years tells me you value the kind of long-term, sustainable solutions I specialize in creating. I'd welcome the opportunity to discuss how my enterprise data experience and proven optimization results can contribute to your client success and your continued growth in the data-driven consulting space.
Thank you for your consideration. I'm available for an interview at your convenience and look forward to hearing from you.
Sincerely,
Leo Miranda

407
docs/ai/dillon_research_report.md Normal file
View File

@@ -0,0 +1,407 @@
# Job Application Research Report
## Executive Summary
**Candidate:** Leo Miranda
**Target Role:** Data Analyst
**Company:** Dillon Consulting
**Analysis Date:** July 21, 2025
**Overall Fit Score:** 9/10
**Recommendation:** Proceed - Excellent Fit
**Key Takeaways:**
- **Primary Strength:** 5+ years data analysis experience with proven dashboard/Power BI expertise perfectly aligns with requirements
- **Unique Value Proposition:** Rare combination of technical depth (Python, SQL) + project management + consulting mindset + client-facing experience
- **Strategic Focus:** Position as senior technical leader who can drive full project lifecycle and stakeholder collaboration
- **Potential Challenge:** Limited formal GIS experience, but strong technical foundation enables rapid skill transfer
---
## Source Documentation
### Variable 1: `original-job-description`
*Original job description with formatting improvements only - NO content changes*
```
📋 **Data Analyst**
🏢 **Dillon Consulting**
⭐ **3.5 out of 5 stars**
📍 **Toronto, ON • Hybrid work**
💼 **Benefits:**
• Employee assistance program
• Flexible schedule
📋 **Overview**
Are you a skilled Data Analyst passionate about leading the implementation and management of impactful data-driven solutions? Do you excel at collaborating with diverse stakeholders to understand organizational needs, and then designing and developing customized data models and interactive dashboards using tools like Power BI? Are you experienced in integrating spatial data and GIS solutions to unlock deeper insights?
If you enjoy managing the full project lifecycle, from initial assessment to final deployment and user training, and are committed to driving process improvement by automating reporting and enhancing the accuracy of insights, this opportunity is for you! As someone with a blend of technical expertise, project management acumen, and strong communication skills, you will thrive in our fast-paced, collaborative, and innovative environment dedicated to fostering a data-driven culture.
🎯 **Your Opportunity**
Dillon's is looking for a Data Analyst to join our multidisciplinary team of professionals. You will have the opportunity to lead exciting projects, transforming complex data into actionable strategies and providing our clients with fully integrated and superior data solutions.
At Dillon, we operate as one team. The successful candidate can be based at any one of our offices across Canada.
We offer flexible work hours to help balance the competing demands of work and personal life.
🔧 **Responsibilities**
**What Your Day Will Look Like**
**Client Enablement & Stakeholder Collaboration**
• Collaborate closely with a wide range of stakeholders, including senior leadership, IT departments, data scientists, and client teams, to assess organizational needs and define project scope.
• Implement effective change management strategies, including comprehensive user training and ongoing support, to empower client teams and foster a data-driven culture.
• Facilitate working groups and workshops to promote knowledge transfer and ensure solutions meet evolving client requirements.
• Clearly communicate complex data concepts and project progress to both technical and non-technical audiences.
**Project Leadership & Solution Delivery**
• Lead the implementation and management of data-driven solutions for clients, overseeing the full project lifecycle from initial assessment and requirements gathering to deployment, user training, and ongoing support.
• Design and develop customized, relational data models and interactive, visually appealing dashboards using tools such as Power BI, ensuring they are user-friendly and provide actionable insights aligned with KPIs.
• Integrate spatial data and GIS solutions to enhance analytical capabilities and reporting.
• Ensure seamless data integration from multiple, diverse sources, adhering to data management best practices and establishing organizational data standards.
• Drive process improvement by identifying opportunities for automating reporting, reducing manual efforts, and enhancing the accuracy and timeliness of insights.
• Address and resolve challenges related to data connectivity, data quality, and visualization.
**Learning and Development**
• Commit to self-development and ongoing learning and professional development
• Contribute to Dillon's corporate profile through active participation in professional associations and committees
🎯 **Qualifications**
**What You Will Need To Succeed**
• A degree in Data Science, Computer Science, Information Management, Statistics, Mathematics, Engineering, Business Analytics, or a related field.
• A minimum of 5-7+ years of professional experience in a data analyst role, preferably with experience in a consulting or client-facing environment.
• Proven project management acumen with experience managing projects involving multiple data sources, diverse stakeholder groups, and complex reporting requirements.
• Relevant certifications in Power BI, other BI tools, data analytics, or project management (e.g., PMP) are highly desirable.
🔧 **Experience**
• Proven experience in designing, developing, and implementing customized relational data models and interactive dashboards using Power BI (or similar BI tools like Tableau, Qlik).
• Demonstrated ability in managing the full project lifecycle for data analytics initiatives, including requirements gathering, solution design, development, testing, deployment, and user training.
• Experience with data integration from various sources (databases, APIs, flat files) and establishing data quality and data governance practices.
• Proficiency in SQL and experience with data manipulation and analysis using Python or R is a strong asset.
• Experience with integrating and visualizing spatial data using GIS tools (e.g., ArcGIS, QGIS) and techniques.
• Strong understanding of KPI development and aligning data solutions to meet strategic business objectives.
• Demonstrated ability to automate reporting processes and improve data accuracy.
• Exceptional analytical, problem-solving, and critical-thinking skills.
• Excellent verbal and written communication skills, with the ability to present complex information clearly and persuasively to diverse audiences.
• Proven experience in facilitating workshops, leading training sessions, and managing change within organizations.
🏢 **Why Choose Dillon**
Dillon is powered by people who are technically proficient, passionate about socially important projects, and motivated to deliver superior, tangible results. We strive to remain at the forefront of technology and innovation, and are empowered to continually grow and develop.
**We live our core values:**
• **Reliability:** words result in actions that build trust;
• **Achievement:** do the work to hit the target;
• **Continuous development:** always learning; always adapting; always growing;
• **Creativity:** discover new possibilities;
• **Courage:** do the things that matter, especially when it's hard;
• **Inclusiveness:** enabling belonging to draw strength from our differences.
Dillon is a certified Great Place to Work. This recognition underscores our commitment to fostering an outstanding employee experience and cultivating an exceptional workplace culture. At Dillon, we believe that our people are our greatest asset. This designation reflects our ongoing efforts to ensure that our workplace is not just a place of work, but a community where everyone can thrive.
💰 **In addition, we offer:**
• Employee share purchase plan - Dillon is 100% employee owned and share ownership is open to all employees.
• A competitive compensation package
• Comprehensive health benefits
• Generous retirement savings plan
• Student loan repayment assistance with matching employer contributions
• Flexible work hours and hybrid working options
• Learning and Development opportunities
• Focus on Innovation
• Employee and Family Assistance program
• Goodlife Fitness Corporate Membership
• Wellness Subsidy
📋 **About Dillon**
Dillon is a proudly Canadian, employee-owned, professional consulting firm specializing in planning, engineering, environmental science, and management. We partner with clients to provide committed, collaborative, and inventive solutions to complex, multi-faceted projects. With over 20 offices and more than 1000 employees across Canada, Dillon offers a wide range of services related to building and improving facilities and infrastructure, protecting the environment, and developing communities.
Now operating for over 75 years, we continue to strive for excellence in everything we do. Dillon has been listed as one of Canada's Best Managed Companies for the past 18 years and has the distinction of having achieved Platinum Club member status in this program.
🌟 **Employment Equity, Diversity & Inclusion at Dillon**
Dillon is committed to the principles of employment equity, inclusiveness, and diversity within our organization. We strive to achieve a workplace where opportunities are based on skills and abilities and that respects and values differences.
Inclusion is more than a word to us, it is the way we choose to run our business. We encourage you to contact us if you require accommodation during the interview process. We would love to hear from you!
```
### Variable 2: `research-final-version`
*Processed and categorized information for analysis*
**Extracted Core Elements:**
- **Company Profile:** 75-year-old Canadian consulting firm, employee-owned, 1000+ employees, Great Place to Work certified
- **Role Level:** Senior individual contributor with project leadership responsibilities
- **Technical Stack:** Power BI (primary), SQL, Python/R, GIS tools (ArcGIS, QGIS), data integration tools
- **Soft Skills:** Stakeholder collaboration, change management, training/workshops, cross-functional communication
- **Experience Level:** 5-7+ years minimum, consulting/client-facing preferred
- **Team Context:** Multidisciplinary team, reports to senior leadership, collaborates with IT and data scientists
---
## 1. Job Description Analysis
### Company & Role Profile
**Company:** Dillon Consulting - 75-year-old Canadian consulting firm
**Department:** Data Analytics/Multidisciplinary team
**Industry:** Engineering/Environmental consulting with strong data focus
**Role Level:** Senior individual contributor with project leadership
**Team Size:** Large organization (1000+ employees)
**Reporting Structure:** Multidisciplinary team structure
### Company Intelligence
**Recent Developments:**
- Certified Great Place to Work recognition
- 18 consecutive years as Canada's Best Managed Company
- Platinum Club member status
- Strong focus on innovation and technology advancement
- Employee ownership structure (100% employee-owned)
**Company Culture Indicators:**
- Collaborative "one team" approach
- Values-driven (reliability, achievement, continuous development, creativity, courage, inclusiveness)
- Focus on work-life balance with flexible/hybrid options
- Strong learning and development culture
- Innovation-focused environment
**Industry Context:**
- Infrastructure and environmental consulting market
- Growing demand for data-driven solutions in consulting
- Emphasis on spatial data and GIS integration
- Client-facing technical roles in high demand
---
## 2. Requirements Analysis
### Technical Skills Assessment
| Required Skill | Skill Type | Explicitly Met? | Evidence Location | Strength Level | Strategic Notes |
|---|---|---|---|---|---|
| Power BI | Technical | Yes | Skills Summary + CS Portal project | Strong | Direct experience with dashboard development |
| SQL | Technical | Yes | Skills Summary + Summitt Energy role | Strong | Multiple database platforms (MSSQL, MySQL, PostgreSQL) |
| Python | Technical | Yes | Skills Summary + DataFlow projects | Strong | Advanced usage with Pandas, NumPy, SQLAlchemy |
| Data Modeling | Technical | Yes | DataFlow Development project | Strong | 5-year evolution of relational data models |
| Dashboard Development | Technical | Yes | CS Data Portal + DataFlow | Strong | Interactive dashboards with real-time insights |
| Data Integration | Technical | Yes | Multiple database workflows | Strong | APIs, flat files, multiple source integration |
| Project Management | Technical | Yes | CAPM certification + project experience | Strong | PMI standards, multiple complex projects |
| KPI Development | Technical | Yes | Customer Service KPIs project | Strong | 30% improvement in abandon rate |
| Process Automation | Technical | Yes | DataFlow automation + Python scripts | Strong | 40% efficiency improvements |
| GIS Tools | Technical | No | Not mentioned in resume | Developing | No direct experience, but strong technical foundation |
| Training/Workshops | Soft | Yes | Retention team management | Moderate | Led team of 4, conducted implementations |
| Stakeholder Collaboration | Soft | Yes | Cross-departmental work | Strong | IT collaboration, executive reporting |
| Change Management | Soft | Partial | Genesys Cloud migration | Moderate | Technical implementation focus |
### Soft Skills Assessment
| Required Skill | Met? | Evidence Location | Demonstration Method |
|---|---|---|---|
| Communication (Technical/Non-technical) | Yes | Executive dashboards + IT collaboration | Cross-functional technical communication |
| Workshop Facilitation | Partial | Retention team implementation | Team management and training |
| Project Leadership | Yes | Multiple large projects | End-to-end project ownership |
| Problem-solving | Yes | Error handling + optimization | Complex technical problem resolution |
### Experience Requirements
| Requirement | Leo's Background | Gap Analysis | Positioning Strategy |
|---|---|---|---|
| 5-7+ years Data Analyst | 5+ years at Summitt Energy | Meets minimum requirement | Emphasize depth and progression |
| Consulting/Client-facing | Internal consulting + PMI experience | Partial external consulting | Highlight internal stakeholder management |
| Degree in relevant field | Business Administration + certifications | Non-technical degree | Emphasize certifications and practical experience |
---
## 3. Responsibilities Matching & Performance Analysis
| Job Responsibility | Direct Experience | Related Experience | Performance Capability (1-5) | Implementation Approach |
|---|---|---|---|---|
| Lead data-driven solution implementation | Yes - DataFlow system | 5-year major system evolution | 5 | Leverage proven experience building enterprise data solutions from scratch |
| Design customized relational data models | Yes - SQLAlchemy implementation | OOP architecture with declarative tables | 5 | Apply advanced SQLAlchemy expertise to create scalable, maintainable models |
| Develop Power BI dashboards | Yes - Multiple dashboard projects | Customer Service Portal + reporting | 4 | Combine Power BI experience with Python automation for enhanced functionality |
| Manage full project lifecycle | Yes - Multiple complex projects | DataFlow, Retention Team, CMDB | 5 | Apply CAPM training and proven track record across 4+ major implementations |
| Stakeholder collaboration | Yes - Cross-departmental work | IT teams, executives, specialists | 4 | Leverage experience translating technical concepts for diverse audiences |
| Data integration from multiple sources | Yes - Complex data workflows | APIs, databases, flat files | 5 | Apply expertise with SQLAlchemy, FastAPI, and multiple database platforms |
| Automate reporting processes | Yes - Extensive automation | Python scripts, batch uploads, CLI | 5 | Use proven automation framework that achieved 40%+ efficiency gains |
| Establish data quality practices | Yes - Error handling systems | Comprehensive logging, validation | 4 | Implement robust error handling and data validation methodologies |
| GIS data integration | No direct experience | Strong technical foundation | 3 | Apply Python spatial libraries and database skills to rapidly acquire GIS expertise |
| User training and support | Partial - Team training | Retention team management | 3 | Expand team leadership experience to client training scenarios |
| Change management strategies | Partial - Migration projects | Genesys Cloud implementation | 3 | Build on technical change management to include organizational aspects |
**Performance Capability Legend:**
- 5: Expert level, immediate impact
- 4: Proficient, minimal ramp-up
- 3: Competent, moderate learning
- 2: Developing, significant growth needed
- 1: Beginner, extensive training required
---
## 4. Strategic Skill Transferability Analysis
### Hidden Value Opportunities
**Advanced Automation Capabilities:**
- Job mentions: "automate reporting processes and improve data accuracy"
- Leo's advantage: Python expertise with SQLAlchemy, FastAPI, and CLI development enables sophisticated automation solutions beyond standard BI tools. Can create enterprise-grade data pipelines with robust error handling.
**Technical Infrastructure Perspective:**
- Job mentions: "data integration from multiple sources"
- Leo's advantage: Experience with Azure DevOps, multiple database platforms, and API development provides infrastructure perspective often missing in traditional data analyst roles.
**Performance Optimization Mindset:**
- Job mentions: "enhance accuracy and timeliness of insights"
- Leo's advantage: Proven track record of 50% reporting time reduction and 40% efficiency improvements demonstrates optimization expertise that goes beyond basic reporting.
### Cross-Domain Value Creation
| Job Area | Standard Approach | Leo's Enhanced Approach | Competitive Advantage |
|---|---|---|---|
| Data Modeling | Basic Power BI models | SQLAlchemy declarative architecture + OOP design | Scalable, maintainable enterprise solutions |
| Dashboard Development | Static BI dashboards | Interactive dashboards + Python automation + APIs | Real-time, automated insights with advanced functionality |
| Project Management | Traditional PM tools | CAPM methodology + technical implementation | Bridge between business requirements and technical delivery |
| Data Quality | Manual validation | Automated error handling + comprehensive logging | Proactive quality assurance with detailed audit trails |
---
## 5. Keywords & Messaging Strategy
### Primary Keywords (Must Include)
- Power BI, SQL, Python, data modeling, dashboard development
- Project lifecycle management, stakeholder collaboration, data integration
- Process automation, KPI development, data quality, reporting optimization
- Cross-functional communication, requirements gathering, solution deployment
### Secondary Keywords (Should Include)
- SQLAlchemy, FastAPI, Azure DevOps, change management, user training
- Data governance, business intelligence, analytical solutions, performance optimization
- Multidisciplinary teams, client-facing, consulting environment
### Leo's Unique Keywords (Differentiators)
- Enterprise data architecture, OOP data modeling, API development
- Batch processing optimization, automated data workflows, CLI development
- Cross-platform database integration, technical project leadership
### Messaging Themes
1. **Primary Theme:** Senior technical leader with proven ability to design and implement enterprise-scale data solutions
2. **Supporting Themes:**
- Bridge between technical complexity and business value
- Optimization expert with quantifiable efficiency improvements
- Full-stack data professional combining analysis, automation, and architecture
3. **Proof Points:** 5-year DataFlow evolution, 50% reporting time reduction, 40% efficiency improvements
---
## 6. Competitive Positioning
### Leo's Unique Advantages
1. **Enterprise Architecture Experience:** Unlike typical data analysts, Leo has designed and evolved enterprise-scale data systems over 5 years, demonstrating rare combination of analytical and architectural skills
2. **Proven Optimization Results:** Quantifiable improvements (50% reporting reduction, 40% efficiency gains) demonstrate ability to deliver measurable business value
3. **Technical Depth + Business Acumen:** Combination of advanced programming skills (SQLAlchemy, FastAPI, CLI) with business process optimization and stakeholder management
### Potential Differentiators
- **Technical Depth:** Advanced Python automation and database architecture skills exceed typical Power BI analyst requirements
- **Cross-Functional Value:** Project management certification combined with hands-on technical implementation
- **Scalability Focus:** Experience building systems that evolved over 5 years shows long-term thinking and maintainable design
### Gap Mitigation Strategies
| Identified Gap | Mitigation Approach | Supporting Evidence |
|---|---|---|---|
| Formal GIS experience | Emphasize rapid technical learning ability | Mastered complex tech stack including multiple databases, APIs, automation |
| External consulting experience | Highlight internal consulting and PMI background | Project Management Institute experience + cross-departmental collaboration |
| Formal data science degree | Emphasize practical results and ongoing certification | Ryerson Big Data certification + IBM Data Science (ongoing) + 5+ years proven results |
---
## 7. Application Strategy Recommendations
### Resume Optimization Priorities
1. **Lead with:** Data analysis expertise with enterprise system design and 5+ years progressive experience
2. **Quantify:** 50% reporting time reduction, 40% efficiency improvements, 30% process optimization, zero-error achievement
3. **Technical Focus:** Power BI + Python automation + SQL + project management combination
4. **Experience Narrative:** Evolution from analyst to technical leader driving enterprise solutions
### Cover Letter Strategy
1. **Opening Hook:** "5+ years transforming data challenges into scalable enterprise solutions"
2. **Core Message:** Unique combination of analytical expertise, technical architecture, and proven optimization results
3. **Supporting Examples:**
- DataFlow 5-year evolution demonstrating long-term system thinking
- Quantifiable efficiency improvements aligning with Dillon's achievement values
- Cross-functional collaboration matching their "one team" approach
4. **Company Connection:** Align with Dillon's values of continuous development, achievement, and innovation
### Potential Red Flags to Address
- **Non-technical degree:** Proactively emphasize practical certifications, ongoing learning, and 5+ years of proven technical results
- **Limited external consulting:** Position internal cross-departmental work as equivalent stakeholder management experience
---
## 8. Phase 2 Handoff Information
### Resume Content Priorities (High to Low)
1. **Summitt Energy Data Analyst role** - Emphasize Power BI, Python, SQL, dashboard development, project leadership
2. **DataFlow Development project** - Highlight enterprise architecture, 5-year evolution, OOP design, automation
3. **Customer Service KPIs project** - Showcase quantifiable business improvements and stakeholder collaboration
4. **Technical skills summary** - Focus on Power BI, Python, SQL, project management combination
5. **Education and certifications** - Emphasize relevant certifications and ongoing learning
### Key Messages for Integration
- **Primary Value Prop:** Senior data analyst with enterprise architecture experience and proven optimization results
- **Technical Emphasis:** Power BI + Python automation + SQL + project management
- **Achievement Focus:** 50% reporting reduction, 40% efficiency improvements, 30% process optimization
### Style Guidance
- **Tone:** Technical leadership with business impact focus
- **Emphasis:** Scalable solutions, quantifiable results, cross-functional collaboration
- **Keywords:** Enterprise data solutions, process optimization, stakeholder collaboration, technical leadership
---
## 9. Research Quality Metrics
**Analysis Completeness:**
- Job requirements coverage: 95%
- Skills assessment depth: Comprehensive
- Company research depth: Comprehensive
- Strategic insights quality: High
**Evidence Base:**
- All assessments tied to resume evidence: ✅ Yes
- Transferability analysis completed: ✅ Yes
- Competitive advantages identified: 6 major advantages found
**Source Documentation Quality:**
- Original job description preserved intact: ✅ Yes
- Formatting improvements applied appropriately: ✅ Yes
- Research version comprehensively categorized: ✅ Yes
- Cross-reference accuracy verified: ✅ Yes
**Readiness for Phase 2:**
- Clear content priorities established: ✅ Yes
- Strategic direction defined: ✅ Yes
- All handoff information complete: ✅ Yes
- Original source material available for reference: ✅ Yes
---
## 10. Final Validation Against Original Source
**Cross-Reference Check:**
- ✅ All analyzed requirements traced back to `original-job-description`
- ✅ No requirements missed or misinterpreted
- ✅ Analysis accurately reflects original posting intent
- ✅ Strategic recommendations align with actual job needs
**Original Source Integrity:**
-`original-job-description` contains exact text as provided
- ✅ Only formatting/organization improvements applied
- ✅ No content modifications or interpretations added
- ✅ Serves as reliable reference for future phases
---
**Phase 1 Status:** ✅ Complete
**Next Phase:** Resume Optimization
**Analyst:** Job Application Research Agent
**Review Required:** No - proceeding to Phase 2
**Documentation Archive:**
-`original-job-description` preserved and formatted
-`research-final-version` created and analyzed
- ✅ Strategic analysis completed
- ✅ Ready for Phase 2 handoff

49
docs/ai/optimized_resume_dillon.md Normal file
View File

@@ -0,0 +1,49 @@
# **Leo Miranda**
**leobrmi@hotmail.com | (416) 859-7936**
## **Professional Summary**
Senior Data Analyst with 5+ years of enterprise data system design and implementation experience. Proven track record of delivering measurable business impact through advanced dashboard development, process automation, and stakeholder collaboration. Expert in Power BI, Python, and SQL with demonstrated ability to reduce reporting times by 50% and improve operational efficiency by 40% through innovative data solutions.
## **Core Competencies**
**Technical Expertise:** Power BI • SQL (Microsoft SQL, MySQL, PostgreSQL) • Python (Pandas, NumPy, SQLAlchemy) • Data Modeling • Dashboard Development • Process Automation • FastAPI • Azure DevOps
**Business Intelligence:** KPI Development • Data Integration • Reporting Optimization • Data Quality Management • Business Process Analysis • Performance Analytics
**Project Leadership:** Full Lifecycle Management • Stakeholder Collaboration • Change Management • Cross-Functional Communication • Requirements Gathering • User Training
## **Professional Experience**
### **Data and Reporting Analyst | Summitt Energy | 2020-Present**
**Enterprise Data Solutions & Architecture**
• Designed and evolved comprehensive DataFlow system over 5 years through 4 major version updates, establishing foundational reporting infrastructure for Customer Service department
• Implemented Object-Oriented Programming architecture with SQLAlchemy declarative table definitions, creating scalable enterprise data models
• Developed high-performance batch upload methods for seamless CSV-to-MSSQL data ingestion and optimized CRUD operations
**Dashboard Development & Business Intelligence**
• Created interactive dashboards using Power BI, Plotly-Dash, and advanced visualization tools, providing real-time insights into business operations and partner performance
• Reduced reporting times by 50% through automated data workflows and enhanced decision-making capabilities
• Developed Customer Service Data Portal ensuring 100% accessibility with role-based access controls
**Process Optimization & Automation**
• Engineered Python automation scripts improving department reporting efficiency by 40% with near-zero error rates
• Implemented comprehensive KPI tracking resulting in 30% improvement in abandon rate and 50% increase in Average Speed Answer
• Established robust error handling mechanisms with comprehensive logging, drastically improving system reliability and maintainability
**Project Leadership & Stakeholder Collaboration**
• Led end-to-end implementation of retention team, managing 4 specialists and executing technical configurations for multi-state campaigns
• Collaborated with IT department on architectural design and implementation of inbound and outbound workflows
• Orchestrated Genesys Cloud migration, focusing on tool configuration, data architecture design, and workflow optimization
• Implemented Azure DevOps for centralized project repository management with Agile-based boards
### **Commercial Sales Admin | Summitt Energy | 2017-2020**
• Developed Commercial Drop Manager tool achieving 100% accuracy and reducing task completion time by 75%
• Created data visualization tools for commercial volume forecasting, enhancing accuracy by 25% and promoting data-driven decision-making
• Monitored sales team performance leading to 15% increase in sales efficiency through weekly reporting and analysis
## **Education & Certifications**
**Ryerson University:** Big Data and Analytics Certification (2021)
**IBM Data Science Professional Certificate** (Ongoing, Expected 2024)
**CAPM Certification** (Project Management Institute)
**Bachelor's Degree in Business Administration** - UCAM (Rio de Janeiro/Brazil)
• **ITIL V3 Foundation Certification**

37
docs/ai/phase1_template.md Normal file
View File

@@ -0,0 +1,37 @@
# Job Application Research Phase
## Job Description Analysis
**Company:** [Company Name]
**Role:** [Position Title]
**Link/Source:** [URL or "Pasted Content"]
### Company/Department Details
- [Company mission, culture, values]
- [Department structure and team dynamics]
- [Key stakeholders and reporting structure]
### Qualification Requirements Analysis
| Required Skill | Type | Met Requirement? | Location in Resume | Priority Level |
|---|---|---|---|---|
| [Skill 1] | Technical/Soft | Yes/No | [Section] | High/Medium/Low |
### Role Responsibilities Matching
| Responsibility | Past Experience Met | Corresponding Experience | Reference (Role/Company) | Strength of Match |
|---|---|---|---|---|
| [Responsibility 1] | Yes/No | [Description] | [Role - Company] | Strong/Moderate/Weak |
### Keywords & Themes
**Primary Keywords:** [List]
**Secondary Keywords:** [List]
**Underlying Themes:** [Company values, desired traits]
### Phase 1 Summary & Recommendations
- **Alignment Score:** [X/10]
- **Key Strengths:** [Top 3 matching areas]
- **Potential Gaps:** [Areas needing emphasis]
- **Adaptation Strategy:** [High-level approach]
---
**Handoff to Phase 2:** ✅ Ready for Resume Optimization

190
docs/ai/phase2_resume_prompt.md Normal file
View File

@@ -0,0 +1,190 @@
# Phase 2: Resume Optimization Agent
You are an expert Resume Optimization Agent, specialized in transforming comprehensive professional backgrounds into targeted, high-impact resumes. You will adapt Leo Miranda's complete resume to maximize alignment with specific job opportunities using strategic insights from Phase 1 research.
## Core Mission
Create a compelling, strategically-optimized resume that positions Leo as the ideal candidate while maintaining 100% accuracy to his actual experience and staying within a strict 600-word limit.
## Required Inputs & Resources
- **Phase 1 Research Report**: Complete strategic analysis with competitive advantages, keyword priorities, and positioning recommendations
- **`complete_resume`**: Leo's comprehensive professional background (access via google_drive_search)
- **Target Word Count**: Maximum 600 words total
- **Output Format**: Markdown for easy copy/paste
## Resume Optimization Workflow
### Step 1: Load Strategic Direction
**Action**: Review Phase 1 Research Report thoroughly to extract:
- **Primary positioning strategy** and messaging themes
- **Content prioritization order** (High/Medium/Low priority experiences)
- **Keywords integration list** (primary and secondary)
- **Competitive advantages** to emphasize
- **Gap mitigation strategies** to implement
- **Quantifiable achievements** to highlight
### Step 2: Access Complete Resume
**Action**: Use google_drive_search to locate and access Leo's `complete_resume` document
- Extract ALL content and experiences available
- Catalog all skills, projects, achievements, and quantifiable results
- Note all technical proficiencies and soft skills demonstrated
### Step 3: Strategic Content Selection
**Action**: Based on Phase 1 priorities, categorize resume content:
**MUST INCLUDE (High Priority):**
- Experiences directly matching job requirements
- Projects demonstrating key capabilities
- Quantifiable achievements supporting competitive advantages
- Skills explicitly requested in job description
**SHOULD INCLUDE (Medium Priority):**
- Supporting experiences that reinforce primary themes
- Additional technical skills enhancing value proposition
- Relevant certifications and education
**COULD INCLUDE (Low Priority):**
- Supplementary experiences if word count allows
- Additional context for career progression
### Step 4: Content Optimization & Adaptation
**Action**: Transform selected content to maximize impact:
**Achievement Amplification:**
- Lead with quantifiable results and business impact
- Use action verbs that align with job responsibilities
- Frame experiences in terms of value delivered
**Keyword Integration:**
- Naturally incorporate primary keywords from Phase 1
- Ensure technical terms match job description language
- Maintain readability while optimizing for ATS systems
**Strategic Positioning:**
- Present Leo according to Phase 1 positioning strategy
- Emphasize unique competitive advantages identified
- Address potential gaps proactively through framing
### Step 5: Structure & Formatting
**Action**: Organize optimized content using professional resume structure:
```markdown
# **Leo Miranda**
[Contact Information]
## **Professional Summary**
[2-3 lines capturing value proposition and primary strengths]
## **Core Competencies**
[Strategic skill groupings based on job requirements]
## **Professional Experience**
[Prioritized positions with optimized bullet points]
## **Key Projects** (if space allows)
[High-impact projects demonstrating capabilities]
## **Education & Certifications**
[Relevant credentials supporting positioning]
```
### Step 6: Word Count Management
**Action**: Achieve 600-word target through strategic editing:
**Prioritization Approach:**
1. Preserve all high-priority content
2. Condense medium-priority content effectively
3. Remove low-priority content if necessary
4. Optimize language for conciseness without losing impact
**Quality Standards:**
- Every word must add value
- Maintain professional tone and readability
- Preserve all quantifiable achievements
- Ensure technical accuracy
### Step 7: Keyword Validation
**Action**: Cross-reference final resume against Phase 1 keyword list:
- Verify primary keywords are naturally integrated
- Confirm secondary keywords are included where appropriate
- Ensure technical terms match job description language
- Validate ATS optimization without keyword stuffing
### Step 8: Strategic Alignment Review
**Action**: Validate resume against Phase 1 strategic recommendations:
- Confirm positioning strategy is effectively implemented
- Verify competitive advantages are prominently featured
- Ensure gap mitigation strategies are reflected
- Check that messaging themes are consistently reinforced
### Step 9: Quality Assurance
**Action**: Comprehensive resume validation:
**Accuracy Check:**
- All content must be verifiable against original resume
- No fabrication or exaggeration of experiences
- Dates, companies, and roles must be accurate
- Technical skills must reflect actual proficiency
**Impact Assessment:**
- Quantifiable achievements prominently featured
- Value propositions clearly articulated
- Career progression logically presented
- Unique strengths effectively highlighted
**Professional Standards:**
- Consistent formatting and structure
- Error-free grammar and spelling
- Professional language and tone
- Appropriate level of detail for space constraints
## Output Requirements
### Deliverable 1: Strategic Resume (Markdown Format)
Present the optimized resume in clean markdown format ready for copy/paste, including:
- Professional header with contact information
- Strategic summary aligned with Phase 1 positioning
- Prioritized experience section with optimized bullet points
- Technical skills emphasizing job-relevant competencies
- Education and certifications supporting candidacy
### Deliverable 2: Optimization Summary
Provide brief analysis including:
- **Content decisions made** and rationale
- **Keywords successfully integrated** from Phase 1 list
- **Competitive advantages emphasized** in final version
- **Word count breakdown** by section
- **Strategic positioning implementation** summary
### Deliverable 3: User Review Points
Present specific areas for Leo's feedback:
- Content prioritization decisions
- Technical skill emphasis choices
- Achievement quantification accuracy
- Any content that required significant condensation
## Quality Standards & Constraints
### Mandatory Requirements:
- **600-word maximum** (strict limit)
- **100% factual accuracy** to original resume
- **Strategic alignment** with Phase 1 recommendations
- **Professional markdown formatting**
- **ATS optimization** without sacrificing readability
### Success Metrics:
- High-impact content within word constraints
- Strategic positioning clearly implemented
- Primary keywords naturally integrated
- Competitive advantages prominently featured
- Ready for immediate job application submission
## Operational Rules
1. **Evidence-Based Only**: Every statement must be verifiable against original resume
2. **No Fabrication**: Never invent experiences, skills, or achievements
3. **Strategic Focus**: Prioritize content supporting Phase 1 positioning strategy
4. **Word Discipline**: Respect 600-word limit through strategic editing, not content reduction
5. **Quality Priority**: Maintain professional standards while optimizing for impact
6. **User Collaboration**: Present clear review points for Leo's validation
7. **Phase Integration**: Seamlessly implement Phase 1 strategic recommendations
**Success Definition**: A compelling, strategically-optimized resume that positions Leo as the ideal candidate while maintaining complete accuracy and staying within word constraints, ready for immediate submission and Phase 3 handoff.

230
docs/ai/phase3_cover_letter_prompt.md Normal file
View File

@@ -0,0 +1,230 @@
# Phase 3: Cover Letter Generation Agent
You are an expert Cover Letter Generation Agent, specialized in creating compelling, authentic, and strategically-targeted cover letters that cut through generic application noise. You will craft Leo Miranda's cover letter using strategic insights from Phase 1 research and the optimized resume from Phase 2, focusing on genuine value proposition and direct impact.
## Core Mission
Create a persuasive, personal, and authentic cover letter that demonstrates exactly how Leo's skills will contribute to the daily operations of the target role, while maintaining a professional yet direct tone that eliminates corporate fluff.
## Required Inputs & Resources
- **Phase 1 Research Report**: Complete strategic analysis with transferability insights and competitive advantages
- **Phase 2 Optimized Resume**: Tailored resume content and positioning strategy
- **Leo's Style Reference**: File `Leonardo-Miranda_20250715_summitt-ops.docx` for authentic voice training
- **Leo's Background Context**: Neurodivergent data scientist, Toronto-based, self-taught expertise
- **Target Tone**: Personal, convincing, authentic - using Leo's proven successful voice
- **Output Format**: Complete cover letter in markdown, ready for submission
## Cover Letter Generation Workflow
### Step 1: Extract Strategic Intelligence
**Action**: Review Phase 1 Research Report to identify:
- **Daily Operations Impact**: Specific ways Leo's skills enhance day-to-day role performance
- **Transferability Opportunities**: How Leo's technical skills solve problems beyond basic requirements
- **Competitive Advantages**: Unique value propositions that differentiate Leo
- **Company Intelligence**: Culture, values, and specific organizational needs
- **Gap Mitigation**: Strategies to address any experience gaps authentically
### Step 2: Learn Leo's Authentic Writing Style
**Action**: Access and analyze `Leonardo-Miranda_20250715_summitt-ops.docx` via google_drive_search to extract:
**Leo's Voice Characteristics:**
- **Warmth & Genuine Enthusiasm**: Uses phrases like "genuine excitement," "I've developed a deep appreciation," "truly draws me to"
- **Natural Flow**: Longer, connected sentences that feel conversational rather than corporate
- **Humble Confidence**: Acknowledges learning opportunities while demonstrating expertise ("it's an area where I know I have much to learn, but...")
- **Specific Knowledge**: References actual work context and business challenges with insider understanding
- **Personal Connection**: Shows genuine interest in the work itself, not just career advancement
- **Natural Time References**: "Having spent the past five years," "I've spent these past years" instead of generic time markers
**Sentence Structure Patterns:**
- Uses connecting phrases to create flowing paragraphs
- Balances technical specificity with business impact
- Expresses learning curiosity while highlighting relevant experience
- Maintains professional warmth throughout
**Authentic Language Markers:**
- "I've had the privilege of developing..."
- "The most rewarding part has been watching..."
- "What genuinely excites me about this opportunity..."
- "I'm eager to bring my problem-solving mindset..."
- References to learning from the target team's expertise
### Step 2: Analyze Target Role Daily Realities
**Action**: Based on research, identify the actual daily challenges of the position:
- **Technical Problems**: Data connectivity, quality issues, complex integrations
- **Stakeholder Challenges**: Cross-functional communication, requirement gathering
- **Process Inefficiencies**: Manual reporting, time-consuming workflows
- **Business Needs**: KPI development, performance optimization, strategic insights
### Step 3: Map Leo's Solutions to Daily Operations
**Action**: Create specific connections between Leo's experience and daily role requirements:
**Technical Contributions:**
- How Leo's Python automation solves their process improvement needs
- How Leo's enterprise data architecture experience handles their complex integration challenges
- How Leo's proven optimization results (40% efficiency gains) directly apply to their workflow enhancement goals
**Business Impact Contributions:**
- How Leo's stakeholder collaboration experience supports their client-facing requirements
- How Leo's project management expertise enables their full lifecycle delivery needs
- How Leo's proven track record delivers measurable results they're seeking
### Step 4: Gather Company-Specific Intelligence
**Action**: Extract from Phase 1 research:
- **Company Values**: How Leo's approach aligns with Dillon's stated values
- **Cultural Fit**: Connections between Leo's work style and their collaborative environment
- **Strategic Initiatives**: How Leo contributes to their innovation and technology advancement goals
- **Employee Ownership**: How Leo's long-term thinking aligns with their ownership culture
### Step 5: Structure Using Leo's Proven Framework
**Action**: Organize content using Leo's successful cover letter structure:
```markdown
[Date]
[Company Information]
**Opening Paragraph: Personal Connection + Genuine Enthusiasm**
- Start with "I'm writing to you today with genuine excitement about..."
- Express specific appreciation for the company's work/reputation
- Create personal connection to the role/industry
- Preview unique qualifications naturally
**Body Paragraph 1: Deep Contextual Knowledge + Specific Examples**
- "Having spent the past [X] years immersed in..." or "I've spent these past years working with..."
- Demonstrate specific understanding of relevant business challenges
- Reference actual projects (like DataFlow) with natural evolution story
- Show impact through specific, relatable examples
**Body Paragraph 2: Learning Excitement + Value Contribution**
- "What genuinely excites me about this opportunity..."
- Express humble confidence: acknowledge learning opportunities while highlighting transferable expertise
- Connect Leo's skills to company's specific needs
- Show enthusiasm for contributing to their team's success
**Closing Paragraph: Genuine Forward-Looking Appreciation**
- "I'm genuinely looking forward to the possibility of discussing..."
- Express authentic appreciation for consideration
- Professional but warm sign-off
```
### Step 6: Craft Authentic Content Using Leo's Voice
**Action**: Write each section channeling Leo's proven successful style:
**Tone Guidelines:**
- **Warm Professional Enthusiasm**: Genuine excitement about the work, not just the opportunity
- **Natural Conversational Flow**: Longer, connected sentences that feel organic
- **Humble Confidence**: Show expertise while expressing genuine learning curiosity
- **Specific and Contextual**: Reference actual work challenges and business understanding
- **Personal Connection**: Demonstrate authentic interest in the company's mission and work
**Leo's Authentic Language Patterns:**
- **Opening**: "I'm writing to you today with genuine excitement about..."
- **Experience Framing**: "Having spent the past [X] years immersed in..." / "I've spent these past years working with..."
- **Project Descriptions**: "I've had the privilege of developing..." / "The most rewarding part has been watching..."
- **Learning Mindset**: "it's an area where I know I have much to learn, but my experience with... has taught me..."
- **Enthusiasm**: "What genuinely excites me about this opportunity..." / "I'm eager to bring my problem-solving mindset..."
- **Closing**: "I'm genuinely looking forward to the possibility of discussing..."
**Content Principles:**
- Use Leo's natural flowing sentence structure from reference document
- Express genuine curiosity about learning from the target team
- Balance technical expertise with humble learning attitude
- Show specific understanding of business challenges
- Maintain warm professionalism throughout
- Reference actual project names and specific accomplishments naturally
### Step 7: Integration of Research Insights
**Action**: Weave Phase 1 strategic findings throughout:
- **Competitive Advantages**: Naturally integrate identified differentiators
- **Transferability Examples**: Include specific skill applications
- **Company Alignment**: Reference their values and culture appropriately
- **Gap Addressing**: Proactively handle any experience gaps with confidence
### Step 8: Optimize for Impact and Authenticity
**Action**: Ensure cover letter achieves maximum impact:
**Impact Optimization:**
- Lead with strongest value propositions
- Use active voice and strong action verbs
- Include specific, quantifiable achievements
- Connect Leo's experience to their business needs
**Authenticity Checks:**
- Eliminate corporate jargon and buzzwords
- Use conversational but professional language
- Reflect Leo's genuine enthusiasm and approach
- Maintain consistency with resume positioning
### Step 9: Final Quality Assurance
**Action**: Comprehensive validation of final cover letter:
**Accuracy Verification:**
- All claims must be verifiable against resume and research
- Technical details must be accurate
- Company information must be correct
- Quantifiable results must match source materials
**Professional Standards:**
- Error-free grammar, spelling, and formatting
- Appropriate length (typically 3-4 paragraphs, 350-450 words)
- Professional formatting ready for submission
- Clear, scannable structure
## Output Requirements
### Deliverable: Complete Cover Letter (Markdown Format)
Present the final cover letter including:
```markdown
**Leo Miranda**
leobrmi@hotmail.com | (416) 859-7936
[Date]
[Hiring Manager/Dillon Consulting]
[Address if available]
Dear Hiring Manager,
[Complete cover letter content with proper paragraph structure]
Sincerely,
Leo Miranda
```
### Content Standards:
- **Length**: 350-450 words optimal
- **Structure**: Conventional 3-4 paragraph format
- **Tone**: Personal, direct, authentic - no corporate fluff
- **Focus**: Daily operations impact and specific value delivery
- **Evidence**: Quantifiable results and concrete examples
- **Alignment**: Clear connection to company culture and values
## Quality Standards & Success Metrics
### Mandatory Requirements:
- **Authentic Voice**: Reflects Leo's genuine enthusiasm and approach
- **Specific Value**: Clear daily operations contributions identified
- **Evidence-Based**: All claims supported by resume and research
- **Direct Communication**: Eliminates unnecessary corporate language
- **Complete Format**: Ready for immediate submission
### Success Metrics:
- Captures Leo's authentic voice and writing style from reference document
- Demonstrates clear understanding of role daily realities
- Shows specific ways Leo's skills solve their actual problems
- Reflects genuine interest in company and position using Leo's natural enthusiasm
- Positions Leo as ideal candidate through authentic differentiation
- Creates compelling case for interview invitation using proven successful approach
- Maintains Leo's characteristic warmth while staying professional
- Uses Leo's natural sentence flow and language patterns
## Operational Rules
1. **Authentic Voice Priority**: Must sound exactly like Leo based on reference document analysis
2. **Style Training Required**: Always access and analyze `Leonardo-Miranda_20250715_summitt-ops.docx` first
3. **Evidence-Based Claims**: Every statement must be verifiable against resume and research
4. **Natural Flow**: Use Leo's flowing, connected sentence structure
5. **Humble Confidence**: Balance expertise demonstration with genuine learning curiosity
6. **Strategic Integration**: Seamlessly incorporate Phase 1 and Phase 2 insights using Leo's voice
7. **Warm Professionalism**: Maintain Leo's characteristic warmth while staying professional
8. **Submission Ready**: Deliver complete, formatted document requiring no additional editing
**Success Definition**: A compelling, authentically Leo-voiced cover letter that demonstrates specific value contribution to daily operations while expressing genuine enthusiasm for learning and collaboration, written in Leo's proven successful style that has generated positive responses.

280
docs/ai/research_output_report.md Normal file
View File

@@ -0,0 +1,280 @@
# Job Application Research Report
## Executive Summary
**Candidate:** Leo Miranda
**Target Role:** [Position Title]
**Company:** [Company Name]
**Analysis Date:** [Date]
**Overall Fit Score:** [X/10]
**Recommendation:** [Proceed/Proceed with Caution/Reconsider]
**Key Takeaways:**
- **Primary Strength:** [Top competitive advantage]
- **Unique Value Proposition:** [What sets Leo apart]
- **Strategic Focus:** [Main positioning theme]
- **Potential Challenge:** [Primary gap to address]
---
## Source Documentation
### Variable 1: `original-job-description`
*Original job description with formatting improvements only - NO content changes*
```
[EXACT job description text as provided by user]
[Only formatting applied: bullet points, icons, spacing, headers for organization]
[NO words, phrases, or meaning altered]
📋 **Role Title:** [As stated in original]
🏢 **Company:** [As stated in original]
📍 **Location:** [As stated in original]
🔧 **Key Responsibilities:**
• [Original responsibility 1]
• [Original responsibility 2]
• [Original responsibility 3]
🎯 **Required Qualifications:**
• [Original qualification 1]
• [Original qualification 2]
• [Original qualification 3]
⭐ **Preferred Qualifications:**
• [Original preferred 1]
• [Original preferred 2]
💼 **Company Information:**
[Any company description as provided in original]
📝 **Additional Details:**
[Any other information from original posting]
```
### Variable 2: `research-final-version`
*Processed and categorized information for analysis*
**Extracted Core Elements:**
- **Company Profile:** [Analytical summary]
- **Role Level:** [Analyzed level and scope]
- **Technical Stack:** [Identified technologies]
- **Soft Skills:** [Communication, leadership requirements]
- **Experience Level:** [Years, background needed]
- **Team Context:** [Reporting structure, collaboration needs]
---
## 1. Job Description Analysis
### Company & Role Profile
**Company:** [Name and brief description]
**Department:** [Team/Division]
**Industry:** [Sector and market position]
**Role Level:** [Junior/Mid/Senior/Lead]
**Team Size:** [If specified]
**Reporting Structure:** [Manager title/department]
### Company Intelligence
**Recent Developments:**
- [Key news, funding, acquisitions, strategic initiatives]
**Company Culture Indicators:**
- [Values, work style, team dynamics from job posting and research]
**Industry Context:**
- [Market trends, competitive landscape, growth areas]
---
## 2. Requirements Analysis
### Technical Skills Assessment
| Required Skill | Skill Type | Explicitly Met? | Evidence Location | Strength Level | Strategic Notes |
|---|---|---|---|---|---|
| [Example: Python] | Technical | Yes | Data Science Projects | Strong | Core expertise, multiple implementations |
| [Example: SQL] | Technical | Yes | Summitt Energy role | Strong | Production database experience |
| [Example: Machine Learning] | Technical | Partial | Self-taught projects | Moderate | Strong foundation, can emphasize growth trajectory |
### Soft Skills Assessment
| Required Skill | Met? | Evidence Location | Demonstration Method |
|---|---|---|---|
| [Example: Leadership] | Yes | Startup Founder experience | Team building and project management |
| [Example: Communication] | Yes | Cross-departmental collaboration | Stakeholder presentation experience |
### Experience Requirements
| Requirement | Leo's Background | Gap Analysis | Positioning Strategy |
|---|---|---|---|
| [Example: 3+ years Data Science] | 2+ years practical experience | 1 year formal gap | Emphasize depth over duration, self-taught dedication |
---
## 3. Responsibilities Matching & Performance Analysis
| Job Responsibility | Direct Experience | Related Experience | Performance Capability (1-5) | Implementation Approach |
|---|---|---|---|---|
| [Example: Build ML models] | Yes - customer segmentation | Multiple personal projects | 4 | Leverage scikit-learn, pandas expertise for rapid prototyping |
| [Example: Database optimization] | Partial - query optimization | VPS performance tuning | 4 | Apply DevOps optimization mindset to database performance |
| [Example: Stakeholder reporting] | Yes - executive dashboards | Cross-departmental communication | 3 | Combine technical depth with business communication skills |
**Performance Capability Legend:**
- 5: Expert level, immediate impact
- 4: Proficient, minimal ramp-up
- 3: Competent, moderate learning
- 2: Developing, significant growth needed
- 1: Beginner, extensive training required
---
## 4. Strategic Skill Transferability Analysis
### Hidden Value Opportunities
**Automation Capabilities:**
- Job mentions: [Example: "streamline reporting processes"]
- Leo's advantage: Python automation, VBA scripting, and DevOps practices enable sophisticated solutions beyond standard tools
**Technical Infrastructure:**
- Job mentions: [Example: "manage data systems"]
- Leo's advantage: VPS/DevOps background provides infrastructure perspective often missing in pure data science roles
**Innovation Potential:**
- Job mentions: [Example: "improve data accuracy"]
- Leo's advantage: AI/ML expertise can introduce predictive validation and anomaly detection beyond traditional QA methods
### Cross-Domain Value Creation
| Job Area | Standard Approach | Leo's Enhanced Approach | Competitive Advantage |
|---|---|---|---|
| [Example: Data Analysis] | Excel/BI tools | Python automation + statistical modeling | Deeper insights, scalable solutions |
| [Example: System Integration] | Manual processes | DevOps automation + API development | Efficiency gains, reduced errors |
---
## 5. Keywords & Messaging Strategy
### Primary Keywords (Must Include)
- [List of critical terms from job description]
### Secondary Keywords (Should Include)
- [Supporting terms and industry language]
### Leo's Unique Keywords (Differentiators)
- [Technical terms that showcase Leo's unique skill combination]
### Messaging Themes
1. **Primary Theme:** [Main positioning message]
2. **Supporting Themes:** [2-3 additional value propositions]
3. **Proof Points:** [Specific achievements that support themes]
---
## 6. Competitive Positioning
### Leo's Unique Advantages
1. **[Advantage 1]:** [Description and impact]
2. **[Advantage 2]:** [Description and impact]
3. **[Advantage 3]:** [Description and impact]
### Potential Differentiators
- **Technical Depth:** [How Leo's technical skills exceed typical requirements]
- **Cross-Functional Value:** [How multiple skill areas create synergy]
- **Growth Trajectory:** [Self-taught journey demonstrates adaptability]
### Gap Mitigation Strategies
| Identified Gap | Mitigation Approach | Supporting Evidence |
|---|---|---|
| [Example: Formal ML education] | Emphasize practical application and continuous learning | Project portfolio, certifications, results achieved |
---
## 7. Application Strategy Recommendations
### Resume Optimization Priorities
1. **Lead with:** [Primary skill/experience to emphasize]
2. **Quantify:** [Specific achievements to highlight with metrics]
3. **Technical Focus:** [Key technologies to prominently feature]
4. **Experience Narrative:** [How to frame career progression]
### Cover Letter Strategy
1. **Opening Hook:** [Compelling way to start]
2. **Core Message:** [Central value proposition]
3. **Supporting Examples:** [2-3 specific achievements to highlight]
4. **Company Connection:** [How to demonstrate company-specific interest]
### Potential Red Flags to Address
- [Any concerns from gap analysis and how to proactively address them]
---
## 8. Phase 2 Handoff Information
### Resume Content Priorities (High to Low)
1. [Most important experiences/skills to feature prominently]
2. [Secondary content to include]
3. [Supporting content if space allows]
### Key Messages for Integration
- **Primary Value Prop:** [Main selling point]
- **Technical Emphasis:** [Technologies to highlight]
- **Achievement Focus:** [Quantifiable results to feature]
### Style Guidance
- **Tone:** [Professional, technical, innovative, etc.]
- **Emphasis:** [What aspects of background to stress]
- **Keywords:** [Critical terms for ATS optimization]
---
## 9. Research Quality Metrics
**Analysis Completeness:**
- Job requirements coverage: [X%]
- Skills assessment depth: [Comprehensive/Moderate/Basic]
- Company research depth: [Comprehensive/Moderate/Basic]
- Strategic insights quality: [High/Medium/Low]
**Evidence Base:**
- All assessments tied to resume evidence: [Yes/No]
- Transferability analysis completed: [Yes/No]
- Competitive advantages identified: [X advantages found]
**Source Documentation Quality:**
- Original job description preserved intact: [✅/❌]
- Formatting improvements applied appropriately: [✅/❌]
- Research version comprehensively categorized: [✅/❌]
- Cross-reference accuracy verified: [✅/❌]
**Readiness for Phase 2:**
- Clear content priorities established: [Yes/No]
- Strategic direction defined: [Yes/No]
- All handoff information complete: [Yes/No]
- Original source material available for reference: [✅/❌]
---
## 10. Final Validation Against Original Source
**Cross-Reference Check:**
- [ ] All analyzed requirements traced back to `original-job-description`
- [ ] No requirements missed or misinterpreted
- [ ] Analysis accurately reflects original posting intent
- [ ] Strategic recommendations align with actual job needs
**Original Source Integrity:**
- [ ] `original-job-description` contains exact text as provided
- [ ] Only formatting/organization improvements applied
- [ ] No content modifications or interpretations added
- [ ] Serves as reliable reference for future phases
---
**Phase 1 Status:** ✅ Complete
**Next Phase:** Resume Optimization
**Analyst:** Job Application Research Agent
**Review Required:** [Yes/No - pending user feedback]
**Documentation Archive:**
-`original-job-description` preserved and formatted
-`research-final-version` created and analyzed
- ✅ Strategic analysis completed
- ✅ Ready for Phase 2 handoff

172
docs/ai/research_prompt.md Normal file
View File

@@ -0,0 +1,172 @@
# Phase 1: Job Application Research Agent
You are an expert Job Application Research Agent, specialized in deep analysis of job descriptions and comprehensive candidate-role matching. You will conduct thorough research for Leo Miranda's job applications, leveraging his complete professional background and proven application strategies.
## Core Mission
Perform comprehensive research and analysis to understand job requirements, assess candidate fit, and identify strategic positioning opportunities for the application process.
## Available Resources
- **'complete_resume'**: Leo's comprehensive professional experience document
- **Files starting with 'Leonardo-Miranda'**: Past successful job applications for style and approach analysis
- **Web search capabilities**: For company research and job posting analysis
- **Leo's professional context**: Neurodivergent data scientist, Toronto-based, expertise in VPS/DevOps/AI web apps, Raspberry Pi enthusiast
## Research Workflow
### Step 1: Job Description Processing & Variable Creation
**CRITICAL FIRST STEP - Create Two Required Variables:**
**Variable 1: `original-job-description`**
- Capture the EXACT job description text as provided by the user
- Make NO content changes whatsoever - preserve every word, phrase, and detail
- ONLY apply formatting improvements:
- Clean up spacing and line breaks
- Add bullet points for better readability
- Add relevant icons (📋 for responsibilities, 🔧 for technical skills, etc.)
- Organize sections with headers if structure is unclear
- Fix obvious formatting issues (missing line breaks, inconsistent spacing)
- **RULE: Original meaning and text must remain 100% intact**
**Variable 2: `research-final-version`**
- This will contain your analytical processing and categorization
- Extract and organize information for analysis purposes
- This is where you apply your analytical framework
**Job Description Acquisition:**
**If URL provided:**
1. Use web_search to access and analyze the job posting
2. If link is inaccessible or insufficient, request full content from Leo
3. Create both variables from the acquired content
**If content provided directly:**
1. Create `original-job-description` with formatting-only improvements
2. Create `research-final-version` with analytical processing
3. Confirm completeness and request missing sections if needed
**Analysis Framework for `research-final-version`:**
- **Company/Department Profile**: Mission, culture, team structure, recent news
- **Role Definition**: Title, level, reporting structure, team dynamics
- **Core Responsibilities**: Primary duties, expected outcomes, project types
- **Technical Requirements**: Hard skills, tools, technologies, methodologies
- **Soft Skills**: Communication, leadership, collaboration requirements
- **Experience Criteria**: Years, industries, specific background preferences
- **Keywords Extraction**: Critical terms, buzzwords, industry language
- **Implicit Requirements**: Underlying expectations, cultural fit indicators
### Step 2: Comprehensive Skills Assessment
**Action:** Access 'complete_resume' via google_drive_search
Create detailed skills assessment table:
| Required Skill | Skill Type | Explicitly Met? | Evidence Location | Strength Level | Transferability Notes |
|---|---|---|---|---|---|
| [Skill] | Technical/Soft/Domain | Yes/Partial/No | [Resume Section] | Strong/Moderate/Developing | [How related skills apply] |
**Assessment Criteria:**
- **Explicitly Met**: Direct match found in resume
- **Partial**: Related experience that could transfer
- **Transferability Notes**: How Leo's adjacent skills could fulfill this requirement
### Step 3: Responsibilities Matching & Performance Analysis
Create comprehensive responsibilities analysis:
| Job Responsibility | Direct Experience | Related Experience | Performance Capability | Implementation Approach |
|---|---|---|---|---|
| [Responsibility] | Yes/No | [Description] | [1-5 scale] | [How Leo would execute this] |
**Performance Capability Scale:**
- 5: Expert level, immediate impact
- 4: Proficient, minimal ramp-up time
- 3: Competent, moderate learning curve
- 2: Developing, significant growth needed
- 1: Beginner, extensive training required
**Implementation Approach Examples:**
- "Could leverage Python automation skills for manual process optimization"
- "VPS/DevOps background enables infrastructure scaling responsibilities"
- "Data science expertise translates to business intelligence requirements"
### Step 4: Strategic Skill Transferability Analysis
**NEW REQUIREMENT**: Analyze how Leo's unique skill combination can address job requirements creatively:
**Hidden Value Opportunities:**
- Identify responsibilities that don't specify technical approaches
- Map Leo's technical skills to unspecified implementation methods
- Highlight cross-functional capabilities that exceed basic requirements
**Example Analysis:**
```
Job Requirement: "Automate reporting processes"
Leo's Advantage: "While job doesn't specify programming languages, Leo's Python expertise with pandas, SQL integration, and VBA skills enable sophisticated automation solutions beyond basic tools"
```
### Step 5: Company Intelligence Gathering
**Action:** Use web_search for company research
- Recent company news and developments
- Industry position and competitive landscape
- Company culture indicators from public content
- Leadership team background
- Recent initiatives or strategic directions
### Step 6: Competitive Positioning Analysis
**Determine Leo's unique value proposition:**
- Skill combinations that differentiate from typical candidates
- Experience intersections that solve multiple job requirements
- Technical depth that enables innovation beyond standard approaches
- Cross-domain expertise advantages
### Step 7: Application Strategy Recommendations
**Based on complete analysis:**
- Primary positioning strategy (how to present Leo's candidacy)
- Key messaging themes for resume and cover letter
- Specific achievements to emphasize
- Potential concerns to address proactively
- Unique value propositions to highlight
## Quality Standards
- **Accuracy**: All assessments must be evidence-based from resume content
- **Depth**: Go beyond surface-level matching to find strategic advantages
- **Specificity**: Provide concrete examples and implementation approaches
- **Honesty**: Acknowledge gaps while highlighting transferable strengths
- **Strategic**: Focus on positioning for maximum competitive advantage
## Output Requirements
Generate comprehensive research report using the standardized output format, ensuring:
**MANDATORY Variable Inclusion:**
1. **`original-job-description`**: Must be included in "Source Documentation" section
- Preserve 100% of original text content
- Apply ONLY formatting improvements (bullets, icons, spacing, headers)
- Serve as reference point for all analysis
2. **`research-final-version`**: Include in "Source Documentation" section
- Show your analytical processing and categorization
- Extract key elements for systematic analysis
- Cross-reference with original to ensure nothing is missed
**Documentation Standards:**
- Both variables must be clearly labeled and separated
- Original text integrity is paramount - any modifications beyond formatting are strictly prohibited
- Final report should seamlessly reference both versions
- All analysis must be traceable back to original source material
All other analysis documented for seamless handoff to Phase 2 (Resume Optimization).
## Operational Rules
1. **Evidence-Based**: Every assessment must reference specific resume content
2. **No Fabrication**: Never invent experiences or capabilities
3. **Original Preservation**: `original-job-description` must remain content-identical to user input
4. **Strategic Focus**: Emphasize competitive advantages and unique value
5. **Transferability**: Actively look for skill applications beyond obvious matches
6. **Completeness**: Address every significant job requirement
7. **Dual Documentation**: Always maintain both original and processed versions
8. **User Feedback**: Present findings for Leo's review and input before finalizing
**Success Metrics:**
- Complete coverage of all job requirements
- Strategic positioning identified
- Transferable skills mapped effectively
- Original job description perfectly preserved
- Clear handoff documentation for Phase 2
- Actionable insights for application strategy

100
docs/api_specification.md
View File

@@ -1,9 +1,9 @@
# JobForge MVP - API Specification
# Job Forge - FastAPI Web Application API Specification
**Version:** 1.0.0 MVP
**Base URL:** `http://localhost:8000`
**Target Audience:** Backend Developers
**Last Updated:** July 2025
**Version:** 1.0.0 Prototype
**Base URL:** `http://localhost:8000` (Development), `https://yourdomain.com` (Production)
**Target Audience:** Full-Stack Developers and API Consumers
**Last Updated:** August 2025
---
@@ -11,9 +11,10 @@
### Overview
- **Method:** JWT Bearer tokens
- **Token Expiry:** 24 hours
- **Refresh:** Not implemented in MVP (re-login required)
- **Token Expiry:** 24 hours (configurable)
- **Refresh:** Token refresh endpoint available
- **Header Format:** `Authorization: Bearer <jwt_token>`
- **Security:** HTTPS required in production
### Authentication Endpoints
@@ -25,18 +26,25 @@ Register new user account.
{
"email": "user@example.com",
"password": "SecurePass123!",
"full_name": "John Doe"
"first_name": "John",
"last_name": "Doe"
}
```
**Response (201):**
```json
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"email": "user@example.com",
"full_name": "John Doe",
"user": {
"id": "123e4567-e89b-12d3-a456-426614174000",
"email": "user@example.com",
"first_name": "John",
"last_name": "Doe",
"is_active": true,
"created_at": "2025-08-02T10:00:00Z"
},
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
"token_type": "bearer",
"expires_in": 86400
}
```
@@ -58,11 +66,17 @@ Authenticate user and return JWT token.
**Response (200):**
```json
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"email": "user@example.com",
"full_name": "John Doe",
"user": {
"id": "123e4567-e89b-12d3-a456-426614174000",
"email": "user@example.com",
"first_name": "John",
"last_name": "Doe",
"is_active": true,
"created_at": "2025-08-02T10:00:00Z"
},
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
"token_type": "bearer",
"expires_in": 86400
}
```
@@ -80,8 +94,28 @@ Get current user profile (requires authentication).
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"email": "user@example.com",
"full_name": "John Doe",
"created_at": "2025-07-01T10:00:00Z"
"first_name": "John",
"last_name": "Doe",
"is_active": true,
"created_at": "2025-08-02T10:00:00Z",
"updated_at": "2025-08-02T10:00:00Z"
}
```
**Errors:**
- `401` - Invalid or expired token
#### POST /api/v1/auth/refresh
Refresh JWT access token.
**Headers:** `Authorization: Bearer <token>`
**Response (200):**
```json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 86400
}
```
@@ -572,26 +606,46 @@ Delete resume from library.
## 🔧 Development Notes
### Rate Limiting (Future)
- Not implemented in MVP
- Will be added in Phase 2 for SaaS
### Environment Configuration
- Development: `http://localhost:8000`
- Production: HTTPS required with proper SSL certificates
- Environment variables for API keys and database connections
### Rate Limiting
- Implemented for AI endpoints to prevent abuse
- Authentication endpoints have basic rate limiting
- Configurable limits based on deployment environment
### Pagination
- Default limit: 50
- Maximum limit: 100
- Use `offset` for pagination
- Consider cursor-based pagination for future versions
### Content Validation
- Job description: 50-10000 characters
- Resume content: 100-50000 characters
- Names: 1-255 characters
- URLs: Valid HTTP/HTTPS format
- Email: RFC 5322 compliant
### Background Processing
- AI operations run asynchronously
- AI operations run asynchronously via background tasks
- Use `/processing/applications/{id}/status` to check progress
- Frontend should poll every 2-3 seconds during processing
- Proper error handling and retry mechanisms implemented
### Security Considerations
- JWT tokens signed with secure secret keys
- Row Level Security (RLS) enforced at database level
- Input validation and sanitization on all endpoints
- CORS properly configured for web application
### Monitoring and Logging
- Structured logging with request IDs
- Performance monitoring for AI service calls
- Error tracking and alerting configured
---
*This API specification covers all endpoints required for MVP implementation. Use the OpenAPI documentation at `/docs` for interactive testing during development.*
*This API specification covers all endpoints for the Job Forge web application. Interactive API documentation is available at `/docs` (Swagger UI) and `/redoc` (ReDoc) for development and testing.*

159
docs/database_design.md
View File

@@ -1,9 +1,9 @@
# JobForge MVP - Database Design & Schema
# Job Forge - Database Design & Schema
**Version:** 1.0.0 MVP
**Version:** 1.0.0 Prototype
**Database:** PostgreSQL 16 with pgvector
**Target Audience:** Backend Developers
**Last Updated:** July 2025
**Target Audience:** Full-Stack Developers
**Last Updated:** August 2025
---
@@ -11,17 +11,18 @@
### Technology Stack
- **Database:** PostgreSQL 16
- **Extensions:** pgvector (for AI embeddings)
- **Security:** Row Level Security (RLS) for multi-tenancy
- **Connection:** AsyncPG with SQLAlchemy 2.0
- **Migrations:** Direct SQL for MVP (Alembic in Phase 2)
- **Extensions:** pgvector (for AI embeddings), uuid-ossp (for UUID generation)
- **Security:** Row Level Security (RLS) for multi-tenant architecture
- **Connection:** AsyncPG with SQLAlchemy 2.0 async ORM
- **Migrations:** Alembic for database schema versioning
### Design Principles
- **User Isolation:** Complete data separation between users
- **Data Integrity:** Foreign key constraints and validation
- **Performance:** Optimized indexes for common queries
- **Security:** RLS policies prevent cross-user data access
- **Scalability:** Schema designed for future SaaS features
- **Multi-Tenancy:** Complete data isolation between users via RLS
- **Data Integrity:** Foreign key constraints and comprehensive validation
- **Performance:** Strategic indexes for query optimization
- **Security:** Defense-in-depth with RLS policies and input validation
- **Scalability:** Schema designed for horizontal scaling and future features
- **Maintainability:** Clear naming conventions and well-documented structure
---
@@ -38,27 +39,24 @@ erDiagram
uuid id PK
varchar email UK
varchar password_hash
varchar full_name
timestamp created_at
timestamp updated_at
varchar first_name
varchar last_name
boolean is_active
timestamptz created_at
timestamptz updated_at
}
APPLICATIONS {
uuid id PK
uuid user_id FK
varchar name
varchar company_name
varchar role_title
text job_url
text job_description
text job_url
varchar location
varchar priority_level
varchar status
boolean research_completed
boolean resume_optimized
boolean cover_letter_generated
timestamp created_at
timestamp updated_at
timestamptz created_at
timestamptz updated_at
}
DOCUMENTS {
@@ -66,8 +64,8 @@ erDiagram
uuid application_id FK
varchar document_type
text content
timestamp created_at
timestamp updated_at
timestamptz created_at
timestamptz updated_at
}
USER_RESUMES {
@@ -77,15 +75,15 @@ erDiagram
text content
varchar focus_area
boolean is_primary
timestamp created_at
timestamp updated_at
timestamptz created_at
timestamptz updated_at
}
DOCUMENT_EMBEDDINGS {
uuid id PK
uuid document_id FK
vector embedding
timestamp created_at
vector_1536 embedding
timestamptz created_at
}
```
@@ -100,12 +98,12 @@ CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE EXTENSION IF NOT EXISTS vector;
-- Create custom types
CREATE TYPE priority_level_type AS ENUM ('low', 'medium', 'high');
CREATE TYPE application_status_type AS ENUM (
'draft',
'research_complete',
'resume_ready',
'cover_letter_ready'
'applied',
'interview',
'rejected',
'offer'
);
CREATE TYPE document_type_enum AS ENUM (
'research_report',
@@ -129,17 +127,21 @@ CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR(255) UNIQUE NOT NULL,
password_hash VARCHAR(255) NOT NULL,
full_name VARCHAR(255) NOT NULL,
first_name VARCHAR(100) NOT NULL,
last_name VARCHAR(100) NOT NULL,
is_active BOOLEAN DEFAULT TRUE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
-- Constraints
CONSTRAINT email_format CHECK (email ~* '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$'),
CONSTRAINT name_not_empty CHECK (LENGTH(TRIM(full_name)) > 0)
CONSTRAINT first_name_not_empty CHECK (LENGTH(TRIM(first_name)) > 0),
CONSTRAINT last_name_not_empty CHECK (LENGTH(TRIM(last_name)) > 0)
);
-- Indexes
CREATE INDEX idx_users_email ON users(email);
CREATE INDEX idx_users_active ON users(is_active);
CREATE INDEX idx_users_created_at ON users(created_at);
-- Row Level Security
@@ -156,20 +158,13 @@ CREATE POLICY users_own_data ON users
CREATE TABLE applications (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
name VARCHAR(255) NOT NULL,
company_name VARCHAR(255) NOT NULL,
role_title VARCHAR(255) NOT NULL,
job_url TEXT,
job_description TEXT NOT NULL,
job_url TEXT,
location VARCHAR(255),
priority_level priority_level_type DEFAULT 'medium',
status application_status_type DEFAULT 'draft',
-- Phase tracking
research_completed BOOLEAN DEFAULT FALSE,
resume_optimized BOOLEAN DEFAULT FALSE,
cover_letter_generated BOOLEAN DEFAULT FALSE,
-- Timestamps
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
@@ -181,21 +176,12 @@ CREATE TABLE applications (
CONSTRAINT valid_job_url CHECK (
job_url IS NULL OR
job_url ~* '^https?://[^\s/$.?#].[^\s]*$'
),
-- Business logic constraints
CONSTRAINT resume_requires_research CHECK (
NOT resume_optimized OR research_completed
),
CONSTRAINT cover_letter_requires_resume CHECK (
NOT cover_letter_generated OR resume_optimized
)
);
-- Indexes
CREATE INDEX idx_applications_user_id ON applications(user_id);
CREATE INDEX idx_applications_status ON applications(status);
CREATE INDEX idx_applications_priority ON applications(priority_level);
CREATE INDEX idx_applications_created_at ON applications(created_at);
CREATE INDEX idx_applications_company_name ON applications(company_name);
@@ -420,48 +406,26 @@ BEGIN
END;
$$ LANGUAGE plpgsql;
-- Update application phases trigger
CREATE OR REPLACE FUNCTION update_application_phases()
-- Application status validation function
CREATE OR REPLACE FUNCTION validate_application_status()
RETURNS TRIGGER AS $$
BEGIN
-- Auto-update phase completion based on document existence
IF TG_OP = 'INSERT' OR TG_OP = 'UPDATE' THEN
UPDATE applications SET
research_completed = EXISTS (
SELECT 1 FROM documents
WHERE application_id = NEW.application_id
AND document_type = 'research_report'
),
resume_optimized = EXISTS (
SELECT 1 FROM documents
WHERE application_id = NEW.application_id
AND document_type = 'optimized_resume'
),
cover_letter_generated = EXISTS (
SELECT 1 FROM documents
WHERE application_id = NEW.application_id
AND document_type = 'cover_letter'
)
WHERE id = NEW.application_id;
-- Update status based on completion
UPDATE applications SET
status = CASE
WHEN cover_letter_generated THEN 'cover_letter_ready'
WHEN resume_optimized THEN 'resume_ready'
WHEN research_completed THEN 'research_complete'
ELSE 'draft'
END
WHERE id = NEW.application_id;
-- Ensure status transitions are logical
IF NEW.status = OLD.status THEN
RETURN NEW;
END IF;
RETURN COALESCE(NEW, OLD);
-- Log status changes for audit purposes
RAISE NOTICE 'Application % status changed from % to %',
NEW.id, OLD.status, NEW.status;
RETURN NEW;
END;
$$ LANGUAGE plpgsql;
CREATE TRIGGER documents_update_phases
AFTER INSERT OR UPDATE OR DELETE ON documents
FOR EACH ROW EXECUTE FUNCTION update_application_phases();
CREATE TRIGGER validate_application_status_trigger
BEFORE UPDATE ON applications
FOR EACH ROW EXECUTE FUNCTION validate_application_status();
```
---
@@ -518,11 +482,13 @@ engine = create_async_engine(
### Development Seed Data
```sql
-- Insert test user (password: "testpass123")
INSERT INTO users (id, email, password_hash, full_name) VALUES (
INSERT INTO users (id, email, password_hash, first_name, last_name, is_active) VALUES (
'123e4567-e89b-12d3-a456-426614174000',
'test@example.com',
'$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewgdyN8yF5V4M2kq',
'Test User'
'Test',
'User',
true
);
-- Insert test resume
@@ -536,16 +502,15 @@ INSERT INTO user_resumes (user_id, name, content, focus_area, is_primary) VALUES
-- Insert test application
INSERT INTO applications (
user_id, name, company_name, role_title,
job_description, status, research_completed
user_id, company_name, role_title,
job_description, job_url, status
) VALUES (
'123e4567-e89b-12d3-a456-426614174000',
'google_senior_developer_2025_07_01',
'Google',
'Senior Developer',
'We are seeking an experienced software developer to join our team...',
'research_complete',
true
'We are seeking an experienced software developer to join our team building cutting-edge applications. You will work with Python, FastAPI, and modern web technologies.',
'https://careers.google.com/jobs/results/123456789/',
'draft'
);
```
@@ -648,4 +613,4 @@ GROUP BY state;
---
*This database design provides a solid foundation for the MVP while being prepared for future SaaS features. The RLS policies ensure complete user data isolation, and the schema is optimized for the expected query patterns.*
*This database design provides a robust foundation for the Job Forge web application with strong security, performance optimization, and scalability. The RLS policies ensure complete multi-tenant data isolation, while the schema supports efficient AI-powered document generation workflows.*

894
docs/development/coding_standards.md Normal file
View File

@@ -0,0 +1,894 @@
# Coding Standards - Job Forge
## Overview
This document outlines the coding standards and best practices for the Job Forge Python/FastAPI web application. Following these standards ensures code consistency, maintainability, and quality across the project.
## Python Code Style
### 1. PEP 8 Compliance
Job Forge follows [PEP 8](https://pep8.org/) with the following tools:
- **Black** for code formatting
- **Ruff** for linting and import sorting
- **mypy** for type checking
### 2. Code Formatting with Black
```bash
# Install black
pip install black
# Format all Python files
black .
# Check formatting without making changes
black --check .
# Format specific file
black app/main.py
```
#### Black Configuration (.pyproject.toml)
```toml
[tool.black]
line-length = 88
target-version = ['py312']
include = '\.pyi?$'
extend-exclude = '''
/(
# directories
\.eggs
| \.git
| \.hg
| \.mypy_cache
| \.tox
| \.venv
| build
| dist
)/
'''
```
### 3. Linting with Ruff
```bash
# Install ruff
pip install ruff
# Lint all files
ruff check .
# Fix auto-fixable issues
ruff check --fix .
# Check specific file
ruff check app/main.py
```
#### Ruff Configuration (.pyproject.toml)
```toml
[tool.ruff]
target-version = "py312"
line-length = 88
select = [
"E", # pycodestyle errors
"W", # pycodestyle warnings
"F", # pyflakes
"I", # isort
"B", # flake8-bugbear
"C4", # flake8-comprehensions
"UP", # pyupgrade
]
ignore = [
"E501", # line too long, handled by black
"B008", # do not perform function calls in argument defaults
"C901", # too complex
]
exclude = [
".bzr",
".direnv",
".eggs",
".git",
".hg",
".mypy_cache",
".nox",
".pants.d",
".pytype",
".ruff_cache",
".svn",
".tox",
".venv",
"__pypackages__",
"_build",
"buck-out",
"build",
"dist",
"node_modules",
"venv",
]
[tool.ruff.mccabe]
max-complexity = 10
[tool.ruff.isort]
known-first-party = ["app"]
```
### 4. Type Checking with mypy
```bash
# Install mypy
pip install mypy
# Check types
mypy app/
# Check specific file
mypy app/main.py
```
#### mypy Configuration (mypy.ini)
```ini
[mypy]
python_version = 3.12
warn_return_any = True
warn_unused_configs = True
disallow_untyped_defs = True
disallow_incomplete_defs = True
check_untyped_defs = True
disallow_untyped_decorators = True
no_implicit_optional = True
warn_redundant_casts = True
warn_unused_ignores = True
warn_no_return = True
warn_unreachable = True
strict_equality = True
[mypy-tests.*]
disallow_untyped_defs = False
disallow_incomplete_defs = False
[mypy-alembic.*]
ignore_errors = True
```
## FastAPI Coding Standards
### 1. API Endpoint Structure
```python
# Good: Clear, consistent endpoint structure
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.ext.asyncio import AsyncSession
from typing import List
from app.core.database import get_db
from app.core.security import get_current_user
from app.models.user import User
from app.schemas.application import ApplicationCreate, ApplicationResponse
from app.crud.application import create_application, get_user_applications
router = APIRouter(prefix="/api/v1/applications", tags=["applications"])
@router.post("/", response_model=ApplicationResponse, status_code=status.HTTP_201_CREATED)
async def create_job_application(
application_data: ApplicationCreate,
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db),
) -> ApplicationResponse:
"""
Create a new job application with AI-generated cover letter.
Args:
application_data: Application creation data
current_user: Authenticated user from JWT token
db: Database session
Returns:
Created application with generated content
Raises:
HTTPException: If application creation fails
"""
try:
application = await create_application(db, application_data, current_user.id)
return ApplicationResponse.from_orm(application)
except Exception as e:
logger.error(f"Failed to create application: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to create application"
)
@router.get("/", response_model=List[ApplicationResponse])
async def get_applications(
skip: int = 0,
limit: int = 100,
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db),
) -> List[ApplicationResponse]:
"""Get user's job applications with pagination."""
applications = await get_user_applications(
db, user_id=current_user.id, skip=skip, limit=limit
)
return [ApplicationResponse.from_orm(app) for app in applications]
```
### 2. Error Handling Standards
```python
# Good: Consistent error handling
from app.core.exceptions import JobForgeException
class ApplicationNotFoundError(JobForgeException):
"""Raised when application is not found."""
pass
class ApplicationAccessDeniedError(JobForgeException):
"""Raised when user doesn't have access to application."""
pass
@router.get("/{application_id}", response_model=ApplicationResponse)
async def get_application(
application_id: str,
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db),
) -> ApplicationResponse:
"""Get specific job application by ID."""
try:
application = await get_application_by_id(db, application_id, current_user.id)
if not application:
raise ApplicationNotFoundError(f"Application {application_id} not found")
return ApplicationResponse.from_orm(application)
except ApplicationNotFoundError:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="Application not found"
)
except Exception as e:
logger.error(f"Error retrieving application {application_id}: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Internal server error"
)
```
### 3. Dependency Injection
```python
# Good: Proper dependency injection
from app.services.ai.claude_service import ClaudeService
from app.services.ai.openai_service import OpenAIService
async def get_claude_service() -> ClaudeService:
"""Dependency for Claude AI service."""
return ClaudeService()
async def get_openai_service() -> OpenAIService:
"""Dependency for OpenAI service."""
return OpenAIService()
@router.post("/{application_id}/generate-cover-letter")
async def generate_cover_letter(
application_id: str,
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db),
claude_service: ClaudeService = Depends(get_claude_service),
) -> dict:
"""Generate AI cover letter for application."""
application = await get_application_by_id(db, application_id, current_user.id)
if not application:
raise HTTPException(status_code=404, detail="Application not found")
cover_letter = await claude_service.generate_cover_letter(
user_profile=current_user.profile,
job_description=application.job_description
)
application.cover_letter = cover_letter
await db.commit()
return {"cover_letter": cover_letter}
```
## Pydantic Model Standards
### 1. Schema Definitions
```python
# Good: Clear schema definitions with validation
from pydantic import BaseModel, Field, EmailStr, validator
from typing import Optional, List
from datetime import datetime
from enum import Enum
class ApplicationStatus(str, Enum):
"""Application status enumeration."""
DRAFT = "draft"
APPLIED = "applied"
INTERVIEW = "interview"
REJECTED = "rejected"
OFFER = "offer"
class ApplicationBase(BaseModel):
"""Base application schema."""
company_name: str = Field(..., min_length=1, max_length=255, description="Company name")
role_title: str = Field(..., min_length=1, max_length=255, description="Job role title")
job_description: Optional[str] = Field(None, max_length=5000, description="Job description")
status: ApplicationStatus = Field(ApplicationStatus.DRAFT, description="Application status")
class ApplicationCreate(ApplicationBase):
"""Schema for creating applications."""
@validator('company_name')
def validate_company_name(cls, v):
if not v.strip():
raise ValueError('Company name cannot be empty')
return v.strip()
@validator('role_title')
def validate_role_title(cls, v):
if not v.strip():
raise ValueError('Role title cannot be empty')
return v.strip()
class ApplicationUpdate(BaseModel):
"""Schema for updating applications."""
company_name: Optional[str] = Field(None, min_length=1, max_length=255)
role_title: Optional[str] = Field(None, min_length=1, max_length=255)
job_description: Optional[str] = Field(None, max_length=5000)
status: Optional[ApplicationStatus] = None
class ApplicationResponse(ApplicationBase):
"""Schema for application responses."""
id: str = Field(..., description="Application ID")
user_id: str = Field(..., description="User ID")
cover_letter: Optional[str] = Field(None, description="Generated cover letter")
created_at: datetime = Field(..., description="Creation timestamp")
updated_at: datetime = Field(..., description="Last update timestamp")
class Config:
from_attributes = True # For SQLAlchemy model conversion
```
### 2. Model Validation
```python
# Good: Custom validation methods
from pydantic import BaseModel, validator, root_validator
import re
class UserCreate(BaseModel):
"""User creation schema with validation."""
email: EmailStr
password: str = Field(..., min_length=8, max_length=128)
first_name: str = Field(..., min_length=1, max_length=50)
last_name: str = Field(..., min_length=1, max_length=50)
@validator('password')
def validate_password_strength(cls, v):
"""Validate password strength."""
if len(v) < 8:
raise ValueError('Password must be at least 8 characters long')
if not re.search(r'[A-Z]', v):
raise ValueError('Password must contain at least one uppercase letter')
if not re.search(r'[a-z]', v):
raise ValueError('Password must contain at least one lowercase letter')
if not re.search(r'\d', v):
raise ValueError('Password must contain at least one digit')
return v
@validator('first_name', 'last_name')
def validate_names(cls, v):
"""Validate name fields."""
if not v.strip():
raise ValueError('Name cannot be empty')
if not re.match(r'^[a-zA-Z\s\'-]+$', v):
raise ValueError('Name contains invalid characters')
return v.strip().title()
```
## Database Model Standards
### 1. SQLAlchemy Models
```python
# Good: Well-structured SQLAlchemy models
from sqlalchemy import Column, String, Text, DateTime, ForeignKey, Enum
from sqlalchemy.dialects.postgresql import UUID
from sqlalchemy.orm import relationship
from sqlalchemy.sql import func
import uuid
from app.core.database import Base
from app.models.application import ApplicationStatus
class User(Base):
"""User model with proper relationships and constraints."""
__tablename__ = "users"
id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4, index=True)
email = Column(String(255), unique=True, nullable=False, index=True)
password_hash = Column(String(255), nullable=False)
first_name = Column(String(100), nullable=False)
last_name = Column(String(100), nullable=False)
is_active = Column(Boolean, default=True, nullable=False)
created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False)
updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
# Relationships
applications = relationship("Application", back_populates="user", cascade="all, delete-orphan")
def __repr__(self) -> str:
return f"<User(id={self.id}, email={self.email})>"
class Application(Base):
"""Application model with RLS and proper indexing."""
__tablename__ = "applications"
id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4, index=True)
user_id = Column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=False, index=True)
company_name = Column(String(255), nullable=False, index=True)
role_title = Column(String(255), nullable=False)
job_description = Column(Text)
cover_letter = Column(Text)
status = Column(Enum(ApplicationStatus), default=ApplicationStatus.DRAFT, nullable=False, index=True)
created_at = Column(DateTime(timezone=True), server_default=func.now(), nullable=False, index=True)
updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False)
# Relationships
user = relationship("User", back_populates="applications")
def __repr__(self) -> str:
return f"<Application(id={self.id}, company={self.company_name}, status={self.status})>"
```
### 2. Database Operations (CRUD)
```python
# Good: Async database operations with proper error handling
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select, update, delete
from sqlalchemy.orm import selectinload
from typing import Optional, List
from app.models.application import Application
from app.schemas.application import ApplicationCreate, ApplicationUpdate
async def create_application(
db: AsyncSession,
application_data: ApplicationCreate,
user_id: str
) -> Application:
"""Create a new job application."""
application = Application(
user_id=user_id,
**application_data.dict()
)
db.add(application)
await db.commit()
await db.refresh(application)
return application
async def get_application_by_id(
db: AsyncSession,
application_id: str,
user_id: str
) -> Optional[Application]:
"""Get application by ID with user validation."""
query = select(Application).where(
Application.id == application_id,
Application.user_id == user_id
)
result = await db.execute(query)
return result.scalar_one_or_none()
async def get_user_applications(
db: AsyncSession,
user_id: str,
skip: int = 0,
limit: int = 100,
status_filter: Optional[ApplicationStatus] = None
) -> List[Application]:
"""Get user applications with filtering and pagination."""
query = select(Application).where(Application.user_id == user_id)
if status_filter:
query = query.where(Application.status == status_filter)
query = query.offset(skip).limit(limit).order_by(Application.created_at.desc())
result = await db.execute(query)
return list(result.scalars().all())
async def update_application(
db: AsyncSession,
application_id: str,
application_data: ApplicationUpdate,
user_id: str
) -> Optional[Application]:
"""Update application with user validation."""
# Update only provided fields
update_data = application_data.dict(exclude_unset=True)
if not update_data:
return None
query = (
update(Application)
.where(Application.id == application_id, Application.user_id == user_id)
.values(**update_data)
.returning(Application)
)
result = await db.execute(query)
await db.commit()
return result.scalar_one_or_none()
```
## Async Programming Standards
### 1. Async/Await Usage
```python
# Good: Proper async/await usage
import asyncio
from typing import List, Optional
async def process_multiple_applications(
applications: List[Application],
ai_service: ClaudeService
) -> List[str]:
"""Process multiple applications concurrently."""
async def process_single_application(app: Application) -> str:
"""Process a single application."""
if not app.job_description:
return ""
return await ai_service.generate_cover_letter(
user_profile=app.user.profile,
job_description=app.job_description
)
# Process applications concurrently
tasks = [process_single_application(app) for app in applications]
results = await asyncio.gather(*tasks, return_exceptions=True)
# Handle exceptions
cover_letters = []
for i, result in enumerate(results):
if isinstance(result, Exception):
logger.error(f"Failed to process application {applications[i].id}: {result}")
cover_letters.append("")
else:
cover_letters.append(result)
return cover_letters
```
### 2. Context Managers
```python
# Good: Proper async context manager usage
from contextlib import asynccontextmanager
from typing import AsyncGenerator
@asynccontextmanager
async def get_ai_service_with_retry(
max_retries: int = 3
) -> AsyncGenerator[ClaudeService, None]:
"""Context manager for AI service with retry logic."""
service = ClaudeService()
retries = 0
try:
while retries < max_retries:
try:
await service.test_connection()
yield service
break
except Exception as e:
retries += 1
if retries >= max_retries:
raise e
await asyncio.sleep(2 ** retries) # Exponential backoff
finally:
await service.close()
# Usage
async def generate_with_retry(job_description: str) -> str:
async with get_ai_service_with_retry() as ai_service:
return await ai_service.generate_cover_letter(
user_profile={},
job_description=job_description
)
```
## Testing Standards
### 1. Test Structure
```python
# Good: Well-structured tests
import pytest
from httpx import AsyncClient
from unittest.mock import AsyncMock, patch
class TestApplicationAPI:
"""Test suite for application API endpoints."""
@pytest.mark.asyncio
async def test_create_application_success(
self,
async_client: AsyncClient,
test_user_token: str
):
"""Test successful application creation."""
# Arrange
application_data = {
"company_name": "Test Corp",
"role_title": "Software Developer",
"job_description": "Python developer position",
"status": "draft"
}
headers = {"Authorization": f"Bearer {test_user_token}"}
# Act
response = await async_client.post(
"/api/v1/applications/",
json=application_data,
headers=headers
)
# Assert
assert response.status_code == 201
data = response.json()
assert data["company_name"] == "Test Corp"
assert data["role_title"] == "Software Developer"
assert data["status"] == "draft"
assert "id" in data
assert "created_at" in data
@pytest.mark.asyncio
async def test_create_application_with_ai_generation(
self,
async_client: AsyncClient,
test_user_token: str,
mock_claude_service: AsyncMock
):
"""Test application creation with AI cover letter generation."""
# Arrange
mock_claude_service.generate_cover_letter.return_value = "Mock cover letter"
application_data = {
"company_name": "AI Corp",
"role_title": "ML Engineer",
"job_description": "Machine learning position with Python",
"status": "draft"
}
headers = {"Authorization": f"Bearer {test_user_token}"}
# Act
with patch('app.services.ai.claude_service.ClaudeService', return_value=mock_claude_service):
response = await async_client.post(
"/api/v1/applications/",
json=application_data,
headers=headers
)
# Assert
assert response.status_code == 201
data = response.json()
assert data["cover_letter"] == "Mock cover letter"
mock_claude_service.generate_cover_letter.assert_called_once()
```
### 2. Test Fixtures
```python
# Good: Reusable test fixtures
import pytest
from typing import AsyncGenerator
from httpx import AsyncClient
from fastapi.testclient import TestClient
@pytest.fixture
async def test_application(
test_db: AsyncSession,
test_user: User
) -> Application:
"""Create a test application."""
from app.crud.application import create_application
from app.schemas.application import ApplicationCreate
app_data = ApplicationCreate(
company_name="Test Company",
role_title="Test Role",
job_description="Test job description",
status="draft"
)
application = await create_application(test_db, app_data, test_user.id)
await test_db.commit()
return application
@pytest.fixture
def mock_ai_services():
"""Mock all AI services."""
with patch('app.services.ai.claude_service.ClaudeService') as mock_claude, \
patch('app.services.ai.openai_service.OpenAIService') as mock_openai:
mock_claude.return_value.generate_cover_letter = AsyncMock(
return_value="Mock cover letter"
)
mock_openai.return_value.create_embedding = AsyncMock(
return_value=[0.1] * 1536
)
yield {
'claude': mock_claude.return_value,
'openai': mock_openai.return_value
}
```
## Documentation Standards
### 1. Docstring Format
```python
# Good: Comprehensive docstrings
def calculate_job_match_score(
user_skills: List[str],
job_requirements: List[str],
experience_years: int
) -> float:
"""
Calculate job match score based on skills and experience.
Args:
user_skills: List of user's skills
job_requirements: List of job requirements
experience_years: Years of relevant experience
Returns:
Match score between 0.0 and 1.0
Raises:
ValueError: If experience_years is negative
Example:
>>> calculate_job_match_score(
... ["Python", "FastAPI"],
... ["Python", "Django"],
... 3
... )
0.75
"""
if experience_years < 0:
raise ValueError("Experience years cannot be negative")
# Implementation...
return 0.75
```
### 2. API Documentation
```python
# Good: Comprehensive API documentation
@router.post(
"/",
response_model=ApplicationResponse,
status_code=status.HTTP_201_CREATED,
summary="Create job application",
description="Create a new job application with optional AI-generated cover letter",
responses={
201: {"description": "Application created successfully"},
400: {"description": "Invalid application data"},
401: {"description": "Authentication required"},
422: {"description": "Validation error"},
500: {"description": "Internal server error"}
}
)
async def create_job_application(
application_data: ApplicationCreate = Body(
...,
example={
"company_name": "Google",
"role_title": "Senior Python Developer",
"job_description": "We are looking for an experienced Python developer...",
"status": "draft"
}
),
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db),
) -> ApplicationResponse:
"""Create a new job application."""
# Implementation...
```
## Performance Standards
### 1. Database Query Optimization
```python
# Good: Optimized database queries
async def get_applications_with_stats(
db: AsyncSession,
user_id: str
) -> dict:
"""Get applications with statistics in a single query."""
from sqlalchemy import func, case
query = select(
func.count(Application.id).label('total_applications'),
func.count(case((Application.status == 'applied', 1))).label('applied_count'),
func.count(case((Application.status == 'interview', 1))).label('interview_count'),
func.count(case((Application.status == 'offer', 1))).label('offer_count'),
func.avg(
case((Application.created_at.isnot(None),
func.extract('epoch', func.now() - Application.created_at)))
).label('avg_age_days')
).where(Application.user_id == user_id)
result = await db.execute(query)
row = result.first()
return {
'total_applications': row.total_applications or 0,
'applied_count': row.applied_count or 0,
'interview_count': row.interview_count or 0,
'offer_count': row.offer_count or 0,
'avg_age_days': round((row.avg_age_days or 0) / 86400, 1) # Convert to days
}
```
### 2. Caching Strategies
```python
# Good: Implement caching for expensive operations
from functools import lru_cache
from typing import Dict, Any
import asyncio
@lru_cache(maxsize=128)
def get_job_keywords(job_description: str) -> List[str]:
"""Extract keywords from job description (cached)."""
# Expensive NLP processing here
return extract_keywords(job_description)
class CachedAIService:
"""AI service with caching."""
def __init__(self):
self._cache: Dict[str, Any] = {}
self._cache_ttl = 3600 # 1 hour
async def generate_cover_letter_cached(
self,
user_profile: dict,
job_description: str
) -> str:
"""Generate cover letter with caching."""
cache_key = f"{hash(str(user_profile))}_{hash(job_description)}"
if cache_key in self._cache:
cached_result, timestamp = self._cache[cache_key]
if time.time() - timestamp < self._cache_ttl:
return cached_result
# Generate new cover letter
result = await self.generate_cover_letter(user_profile, job_description)
# Cache result
self._cache[cache_key] = (result, time.time())
return result
```
These coding standards ensure that Job Forge maintains high code quality, consistency, and performance across all components of the application.

446
docs/development_setup.md
View File

@@ -1,446 +0,0 @@
# JobForge MVP - Development Setup Guide
**Version:** 1.0.0 MVP
**Target Audience:** Developers
**Last Updated:** July 2025
---
## 🎯 Prerequisites
### Required Software
- **Docker Desktop** 4.20+ with Docker Compose
- **Git** 2.30+
- **Text Editor** (VS Code recommended)
- **API Keys** (Claude, OpenAI)
### System Requirements
- **RAM:** 8GB minimum (Docker containers + database)
- **Storage:** 10GB free space
- **OS:** Windows 10+, macOS 12+, or Linux
---
## 🚀 Quick Start (5 Minutes)
### 1. Clone Repository
```bash
git clone https://github.com/your-org/jobforge-mvp.git
cd jobforge-mvp
```
### 2. Environment Configuration
```bash
# Copy environment template
cp .env.example .env
# Edit .env file with your API keys
nano .env # or use your preferred editor
```
**Required Environment Variables:**
```bash
# API Keys (REQUIRED)
CLAUDE_API_KEY=your_claude_api_key_here
OPENAI_API_KEY=your_openai_api_key_here
# Database (Auto-configured for local development)
DATABASE_URL=postgresql+asyncpg://jobforge_user:jobforge_password@postgres:5432/jobforge_mvp
# JWT Secret (Generate random string)
JWT_SECRET_KEY=your-super-secret-jwt-key-change-this-in-production
# Development Settings
DEBUG=true
LOG_LEVEL=INFO
```
### 3. Start Development Environment
```bash
# Start all services (PostgreSQL, Backend, Frontend)
docker-compose up -d
# View logs to ensure everything started correctly
docker-compose logs -f
```
### 4. Verify Installation
- **Frontend:** http://localhost:8501
- **Backend API:** http://localhost:8000
- **API Documentation:** http://localhost:8000/docs
- **Database:** localhost:5432
---
## 🔧 Detailed Setup Instructions
### Getting API Keys
#### Claude API Key
1. Visit https://console.anthropic.com/
2. Create account or log in
3. Go to "API Keys" section
4. Create new key with name "JobForge Development"
5. Copy key to `.env` file
#### OpenAI API Key
1. Visit https://platform.openai.com/api-keys
2. Create account or log in
3. Click "Create new secret key"
4. Name it "JobForge Development"
5. Copy key to `.env` file
### Environment File Setup
```bash
# .env file (copy from .env.example)
# =============================================================================
# API KEYS - REQUIRED FOR DEVELOPMENT
# =============================================================================
CLAUDE_API_KEY=sk-ant-api03-xxx...
OPENAI_API_KEY=sk-xxx...
# =============================================================================
# DATABASE CONFIGURATION
# =============================================================================
DATABASE_URL=postgresql+asyncpg://jobforge_user:jobforge_password@postgres:5432/jobforge_mvp
POSTGRES_DB=jobforge_mvp
POSTGRES_USER=jobforge_user
POSTGRES_PASSWORD=jobforge_password
# =============================================================================
# AUTHENTICATION
# =============================================================================
JWT_SECRET_KEY=super-secret-jwt-key-minimum-32-characters-long
JWT_ALGORITHM=HS256
JWT_EXPIRE_HOURS=24
# =============================================================================
# APPLICATION SETTINGS
# =============================================================================
DEBUG=true
LOG_LEVEL=INFO
BACKEND_URL=http://backend:8000
# =============================================================================
# AI PROCESSING SETTINGS
# =============================================================================
CLAUDE_MODEL=claude-sonnet-4-20250514
OPENAI_EMBEDDING_MODEL=text-embedding-3-large
MAX_PROCESSING_TIME_SECONDS=120
```
---
## 🐳 Docker Setup
### Docker Compose Configuration
The `docker-compose.yml` file configures three main services:
#### PostgreSQL Database
- **Port:** 5432
- **Database:** jobforge_mvp
- **Extensions:** pgvector for AI embeddings
- **Data:** Persisted in Docker volume
#### Backend API (FastAPI)
- **Port:** 8000
- **Auto-reload:** Enabled for development
- **API Docs:** http://localhost:8000/docs
#### Frontend App (Dash)
- **Port:** 8501
- **Auto-reload:** Enabled for development
### Docker Commands
#### Start Services
```bash
# Start all services in background
docker-compose up -d
# Start with logs visible
docker-compose up
# Start specific service
docker-compose up backend
```
#### View Logs
```bash
# All services logs
docker-compose logs -f
# Specific service logs
docker-compose logs -f backend
docker-compose logs -f frontend
docker-compose logs -f postgres
```
#### Stop Services
```bash
# Stop all services
docker-compose down
# Stop and remove volumes (WARNING: Deletes database data)
docker-compose down -v
```
#### Rebuild Services
```bash
# Rebuild after code changes
docker-compose build
# Rebuild specific service
docker-compose build backend
# Rebuild and restart
docker-compose up --build
```
---
## 🗄️ Database Setup
### Automatic Database Initialization
The database is automatically set up when you first run `docker-compose up`:
1. **PostgreSQL starts** with pgvector extension
2. **Database created** with name `jobforge_mvp`
3. **Tables created** from `database/init.sql`
4. **Row Level Security** policies applied
5. **Sample data** inserted (optional)
### Manual Database Operations
#### Connect to Database
```bash
# Connect via Docker
docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp
# Connect from host (if PostgreSQL client installed)
psql -h localhost -p 5432 -U jobforge_user -d jobforge_mvp
```
#### Reset Database
```bash
# WARNING: This deletes all data
docker-compose down -v
docker-compose up -d postgres
```
#### Database Migrations (Future)
```bash
# When Alembic is added
docker-compose exec backend alembic upgrade head
```
### Database Schema Verification
After startup, verify tables exist:
```sql
-- Connect to database and run:
\dt
-- Expected tables:
-- users
-- applications
-- documents
-- user_resumes
-- document_embeddings
```
---
## 🔍 Development Workflow
### Code Organization
```
src/
├── backend/ # FastAPI backend code
│ ├── main.py # FastAPI app entry point
│ ├── api/ # API route handlers
│ ├── services/ # Business logic
│ ├── database/ # Database models and connection
│ └── models/ # Pydantic request/response models
├── frontend/ # Dash frontend code
│ ├── main.py # Dash app entry point
│ ├── components/ # Reusable UI components
│ ├── pages/ # Page components
│ └── api_client/ # Backend API client
├── agents/ # AI processing agents
└── helpers/ # Shared utilities
```
### Making Code Changes
#### Backend Changes
1. **Modify code** in `src/backend/`
2. **FastAPI auto-reloads** automatically
3. **Test changes** at http://localhost:8000/docs
#### Frontend Changes
1. **Modify code** in `src/frontend/`
2. **Dash auto-reloads** automatically
3. **Test changes** at http://localhost:8501
#### Database Changes
1. **Modify** `database/init.sql`
2. **Reset database:** `docker-compose down -v && docker-compose up -d`
### Testing Your Setup
#### 1. Backend Health Check
```bash
curl http://localhost:8000/health
# Expected: {"status": "healthy", "service": "jobforge-backend"}
```
#### 2. Database Connection
```bash
curl http://localhost:8000/api/v1/auth/me
# Expected: {"detail": "Not authenticated"} (this is correct - no token)
```
#### 3. Frontend Access
Visit http://localhost:8501 - should see login page
#### 4. API Documentation
Visit http://localhost:8000/docs - should see Swagger UI
---
## 🐛 Troubleshooting
### Common Issues
#### "Port already in use"
```bash
# Check what's using the port
lsof -i :8501 # or :8000, :5432
# Kill the process or change ports in docker-compose.yml
```
#### "API Key Invalid"
```bash
# Verify API key format
echo $CLAUDE_API_KEY # Should start with "sk-ant-api03-"
echo $OPENAI_API_KEY # Should start with "sk-"
# Test API key manually
curl -H "Authorization: Bearer $CLAUDE_API_KEY" https://api.anthropic.com/v1/messages
```
#### "Database Connection Failed"
```bash
# Check if PostgreSQL is running
docker-compose ps postgres
# Check database logs
docker-compose logs postgres
# Try connecting manually
docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp
```
#### "Frontend Won't Load"
```bash
# Check frontend logs
docker-compose logs frontend
# Common issue: Backend not ready
curl http://localhost:8000/health
# Restart frontend
docker-compose restart frontend
```
#### "AI Processing Fails"
```bash
# Check backend logs for API errors
docker-compose logs backend | grep -i error
# Verify API keys are loaded
docker-compose exec backend env | grep API_KEY
```
### Development Tips
#### Hot Reloading
- Both backend and frontend support hot reloading
- Database schema changes require full restart
- Environment variable changes require restart
#### Debugging
```bash
# Backend debugging with detailed logs
DEBUG=true LOG_LEVEL=DEBUG docker-compose up backend
# Frontend debugging
docker-compose exec frontend python src/frontend/main.py --debug
```
#### Performance Monitoring
```bash
# View container resource usage
docker stats
# View database performance
docker-compose exec postgres pg_stat_activity
```
---
## 📊 Development Tools
### Recommended VS Code Extensions
- **Python** (Microsoft)
- **Docker** (Microsoft)
- **PostgreSQL** (Chris Kolkman)
- **REST Client** (Huachao Mao)
- **GitLens** (GitKraken)
### API Testing Tools
- **Built-in Swagger UI:** http://localhost:8000/docs
- **curl commands** (see API specification)
- **Postman** (import OpenAPI spec from `/openapi.json`)
### Database Tools
- **pgAdmin** (web-based PostgreSQL admin)
- **DBeaver** (database IDE)
- **psql** (command line client)
---
## 🚀 Next Steps
Once your environment is running:
1. **Create test account** at http://localhost:8501
2. **Review API documentation** at http://localhost:8000/docs
3. **Follow Database Design** document for schema details
4. **Check Testing Strategy** document for testing approach
5. **Start development** following the 8-week roadmap
---
## 📞 Getting Help
### Development Issues
- Check this troubleshooting section first
- Review Docker logs: `docker-compose logs`
- Verify environment variables: `docker-compose exec backend env`
### API Issues
- Use Swagger UI for interactive testing
- Check API specification document
- Verify authentication headers
### Database Issues
- Connect directly: `docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp`
- Check database logs: `docker-compose logs postgres`
- Review database design document
---
*This setup guide should get you from zero to a working development environment in under 10 minutes. If you encounter issues not covered here, please update this document for future developers.*

631
docs/git_branch_strategy.md
View File

@@ -1,631 +0,0 @@
# JobForge MVP - Git Branch Management Strategy
**Version:** 1.0.0 MVP
**Repository:** Single monorepo approach
**Platform:** Gitea
**Target Audience:** Development Team
**Last Updated:** July 2025
---
## 🎯 Branching Strategy Overview
### Repository Structure
**Single Monorepo** containing:
- Frontend (Dash + Mantine)
- Backend (FastAPI)
- Database schemas and migrations
- Docker configuration
- Documentation
- Tests
### Core Branching Model
```
main (production-ready)
├── develop (integration branch)
│ ├── feature/user-authentication
│ ├── feature/job-application-crud
│ ├── feature/ai-research-agent
│ ├── feature/resume-optimization
│ └── feature/cover-letter-generator
├── hotfix/critical-security-patch
└── release/v1.0.0-mvp
```
---
## 🌿 Branch Types & Purposes
### 1. **main** (Production Branch)
- **Purpose:** Production-ready code only
- **Protection:** Fully protected, requires PR approval
- **Deployment:** Auto-deploys to production environment
- **Merge Strategy:** Squash and merge from release branches only
**Rules:**
- No direct commits allowed
- All changes via Pull Request from `develop` or `hotfix/*`
- Must pass all CI/CD checks
- Requires at least 1 code review approval
- Must be deployable at any time
### 2. **develop** (Integration Branch)
- **Purpose:** Integration of completed features
- **Protection:** Protected, requires PR approval
- **Deployment:** Auto-deploys to staging environment
- **Merge Strategy:** Merge commits to preserve feature history
**Rules:**
- All feature branches merge here first
- Continuous integration testing
- Regular merges to `main` for releases
- Should be stable enough for testing
### 3. **feature/** (Feature Development)
- **Purpose:** Individual feature development
- **Naming:** `feature/[component]-[description]`
- **Lifecycle:** Created from `develop`, merged back to `develop`
- **Protection:** Optional, team discretion
**Examples:**
```
feature/backend-user-authentication
feature/frontend-application-sidebar
feature/ai-claude-integration
feature/database-rls-policies
feature/docker-development-setup
```
### 4. **hotfix/** (Emergency Fixes)
- **Purpose:** Critical production issues
- **Naming:** `hotfix/[issue-description]`
- **Lifecycle:** Created from `main`, merged to both `main` and `develop`
- **Priority:** Highest priority, fast-track review
### 5. **release/** (Release Preparation)
- **Purpose:** Prepare releases, final testing
- **Naming:** `release/v[version]`
- **Lifecycle:** Created from `develop`, merged to `main` when ready
- **Activities:** Bug fixes, documentation updates, version bumps
---
## 🔄 Development Workflow
### Standard Feature Development Flow
#### 1. Start New Feature
```bash
# Ensure develop is up to date
git checkout develop
git pull origin develop
# Create feature branch
git checkout -b feature/backend-application-service
git push -u origin feature/backend-application-service
```
#### 2. Development Cycle
```bash
# Regular commits with descriptive messages
git add .
git commit -m "feat(backend): implement application creation endpoint
- Add POST /api/v1/applications endpoint
- Implement application validation
- Add database integration
- Include unit tests
Closes #23"
# Push regularly to backup work
git push origin feature/backend-application-service
```
#### 3. Feature Completion
```bash
# Update with latest develop changes
git checkout develop
git pull origin develop
git checkout feature/backend-application-service
git rebase develop
# Push updated branch
git push origin feature/backend-application-service --force-with-lease
# Create Pull Request via Gitea UI
```
#### 4. Code Review & Merge
- **Create PR** from feature branch to `develop`
- **Code review** by at least 1 team member
- **CI/CD checks** must pass (tests, linting, etc.)
- **Merge** using "Merge commit" strategy
- **Delete** feature branch after merge
---
## 📋 Pull Request Guidelines
### PR Title Format
```
[type](scope): brief description
Examples:
feat(backend): add user authentication endpoints
fix(frontend): resolve sidebar navigation bug
docs(api): update endpoint documentation
test(database): add RLS policy tests
```
### PR Description Template
```markdown
## 🎯 Purpose
Brief description of what this PR accomplishes.
## 🔧 Changes Made
- [ ] Add new API endpoint for application creation
- [ ] Implement database integration
- [ ] Add unit tests with 90% coverage
- [ ] Update API documentation
## 🧪 Testing
- [ ] Unit tests pass
- [ ] Integration tests pass
- [ ] Manual testing completed
- [ ] Database migrations tested
## 📚 Documentation
- [ ] API documentation updated
- [ ] README updated if needed
- [ ] Code comments added for complex logic
## 🔍 Review Checklist
- [ ] Code follows project style guidelines
- [ ] No hardcoded secrets or credentials
- [ ] Error handling implemented
- [ ] Security considerations addressed
## 🔗 Related Issues
Closes #123
Relates to #456
```
### Review Criteria
**Mandatory Checks:**
- [ ] All CI/CD pipeline checks pass
- [ ] No merge conflicts with target branch
- [ ] At least 1 peer code review approval
- [ ] Tests cover new functionality
- [ ] Documentation updated
**Code Quality Checks:**
- [ ] Follows established coding standards
- [ ] No security vulnerabilities introduced
- [ ] Performance considerations addressed
- [ ] Error handling implemented properly
---
## 🚀 Release Management
### MVP Release Strategy
#### Phase 1 Releases (Weeks 1-8)
```
v0.1.0 - Week 2: Basic infrastructure
v0.2.0 - Week 4: User auth + application CRUD
v0.3.0 - Week 6: AI agents integration
v1.0.0 - Week 8: Complete MVP
```
#### Release Process
1. **Create Release Branch**
```bash
git checkout develop
git pull origin develop
git checkout -b release/v1.0.0-mvp
git push -u origin release/v1.0.0-mvp
```
2. **Prepare Release**
- Update version numbers in package files
- Update CHANGELOG.md
- Final testing and bug fixes
- Documentation review
3. **Release to Production**
```bash
# Create PR: release/v1.0.0-mvp → main
# After approval and merge:
git checkout main
git pull origin main
git tag -a v1.0.0 -m "MVP Release v1.0.0"
git push origin v1.0.0
```
4. **Post-Release Cleanup**
```bash
# Merge changes back to develop
git checkout develop
git merge main
git push origin develop
# Delete release branch
git branch -d release/v1.0.0-mvp
git push origin --delete release/v1.0.0-mvp
```
---
## 🔒 Branch Protection Rules
### main Branch Protection
```yaml
Protection Rules:
- Require pull request reviews: true
- Required approving reviews: 1
- Dismiss stale reviews: true
- Require review from code owners: true
- Restrict pushes to admins only: true
- Require status checks: true
- Required status checks:
- ci/backend-tests
- ci/frontend-tests
- ci/integration-tests
- ci/security-scan
- Require branches to be up to date: true
- Include administrators: true
```
### develop Branch Protection
```yaml
Protection Rules:
- Require pull request reviews: true
- Required approving reviews: 1
- Require status checks: true
- Required status checks:
- ci/backend-tests
- ci/frontend-tests
- ci/lint-check
- Require branches to be up to date: true
```
---
## 🤖 CI/CD Integration
### Automated Workflows by Branch
#### feature/* branches
```yaml
# .gitea/workflows/feature.yml
on:
push:
branches:
- 'feature/*'
pull_request:
branches:
- develop
jobs:
- lint-and-format
- unit-tests
- security-scan
- build-check
```
#### develop branch
```yaml
# .gitea/workflows/develop.yml
on:
push:
branches:
- develop
jobs:
- lint-and-format
- unit-tests
- integration-tests
- security-scan
- build-and-deploy-staging
```
#### main branch
```yaml
# .gitea/workflows/production.yml
on:
push:
branches:
- main
tags:
- 'v*'
jobs:
- full-test-suite
- security-scan
- build-and-deploy-production
- create-release-notes
```
---
## 📊 Development Team Workflow
### Team Roles & Responsibilities
#### **Backend Developer**
```bash
# Typical feature branches:
feature/backend-auth-service
feature/backend-application-api
feature/backend-ai-integration
feature/database-schema-updates
```
#### **Frontend Developer**
```bash
# Typical feature branches:
feature/frontend-auth-components
feature/frontend-application-dashboard
feature/frontend-document-editor
feature/ui-component-library
```
#### **Full-Stack Developer**
```bash
# End-to-end feature branches:
feature/complete-user-registration
feature/complete-application-workflow
feature/complete-document-management
```
#### **DevOps/Infrastructure**
```bash
# Infrastructure branches:
feature/docker-optimization
feature/ci-cd-pipeline
feature/monitoring-setup
feature/deployment-automation
```
### Daily Development Routine
#### Morning Sync
```bash
# Start each day with latest changes
git checkout develop
git pull origin develop
# Update feature branch
git checkout feature/your-current-feature
git rebase develop
# Resolve any conflicts and continue work
```
#### End of Day
```bash
# Commit and push daily progress
git add .
git commit -m "wip: progress on application service implementation"
git push origin feature/your-current-feature
```
---
## 🐛 Handling Common Scenarios
### Scenario 1: Feature Branch Behind develop
```bash
# Update feature branch with latest develop
git checkout feature/your-feature
git rebase develop
# If conflicts occur:
git status # See conflicted files
# Edit files to resolve conflicts
git add .
git rebase --continue
# Force push with lease (safer than --force)
git push origin feature/your-feature --force-with-lease
```
### Scenario 2: Emergency Hotfix
```bash
# Create hotfix from main
git checkout main
git pull origin main
git checkout -b hotfix/critical-security-fix
# Make fix
git add .
git commit -m "fix: resolve critical authentication vulnerability
- Patch JWT token validation
- Update security tests
- Add rate limiting
Fixes #emergency-issue"
# Push and create PRs to both main and develop
git push -u origin hotfix/critical-security-fix
# Create PR: hotfix/critical-security-fix → main (priority)
# Create PR: hotfix/critical-security-fix → develop
```
### Scenario 3: Large Feature Coordination
```bash
# For complex features requiring multiple developers:
# Main feature branch
feature/ai-agents-integration
# Sub-feature branches
feature/ai-agents-integration/research-agent
feature/ai-agents-integration/resume-optimizer
feature/ai-agents-integration/cover-letter-generator
# Merge sub-features to main feature branch first
# Then merge main feature branch to develop
```
---
## 📈 Branch Management Best Practices
### DO's ✅
- **Keep branches focused** - One feature per branch
- **Use descriptive names** - Clear what the branch does
- **Regular commits** - Small, focused commits with good messages
- **Rebase before merge** - Keep history clean
- **Delete merged branches** - Avoid branch pollution
- **Test before merge** - Ensure CI/CD passes
- **Review code thoroughly** - Maintain code quality
### DON'Ts ❌
- **Don't commit directly to main** - Always use PR workflow
- **Don't use generic branch names** - Avoid "fix", "update", "changes"
- **Don't let branches go stale** - Merge or close unused branches
- **Don't ignore conflicts** - Resolve properly, don't force
- **Don't skip testing** - Every merge should be tested
- **Don't merge your own PRs** - Always get peer review
### Naming Conventions
```bash
# Good branch names:
feature/backend-user-authentication
feature/frontend-application-sidebar
feature/ai-claude-integration
feature/database-migration-v2
hotfix/security-jwt-validation
release/v1.0.0-mvp
# Bad branch names:
fix-stuff
john-updates
temporary
new-feature
test-branch
```
---
## 🔧 Git Configuration
### Recommended Git Settings
```bash
# Set up git aliases for common operations
git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.ci commit
git config --global alias.st status
git config --global alias.unstage 'reset HEAD --'
git config --global alias.last 'log -1 HEAD'
git config --global alias.visual '!gitk'
# Better log formatting
git config --global alias.lg "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"
# Set up pull to rebase by default (cleaner history)
git config --global pull.rebase true
# Set up push to current branch only
git config --global push.default current
```
### Team .gitignore
```gitignore
# Environment files
.env
.env.local
.env.*.local
# IDE files
.vscode/
.idea/
*.swp
*.swo
# OS files
.DS_Store
Thumbs.db
# Docker
.dockerignore
# Python
__pycache__/
*.pyc
*.pyo
*.pyd
.Python
env/
venv/
ENV/
# Node modules (if using)
node_modules/
# Logs
*.log
logs/
# Database
*.db
*.sqlite
# Temporary files
*.tmp
*.temp
temp/
tmp/
# Coverage reports
htmlcov/
.coverage
.coverage.*
# Test outputs
.pytest_cache/
.tox/
```
---
## 📚 Integration with Development Documents
### Relationship to Other Documents
- **Development Setup:** Clone from correct branch, set up environment
- **API Specification:** Feature branches should implement specific endpoints
- **Database Design:** Schema changes require migration planning
- **Testing Strategy:** All branches must pass defined test suites
### 8-Week MVP Timeline Integration
```
Week 1-2: Foundation
├── feature/docker-development-setup
├── feature/database-initial-schema
└── feature/backend-project-structure
Week 3-4: Core Features
├── feature/backend-user-authentication
├── feature/frontend-auth-components
└── feature/backend-application-crud
Week 5-6: AI Integration
├── feature/ai-claude-integration
├── feature/ai-research-agent
└── feature/ai-resume-optimizer
Week 7-8: Polish & Release
├── feature/frontend-document-editor
├── feature/error-handling-improvements
└── release/v1.0.0-mvp
```
---
*This Git branching strategy ensures clean, maintainable code while supporting parallel development and safe deployments for the JobForge MVP. The strategy scales from MVP development to future SaaS features.*

601
docs/infrastructure/docker_setup.md Normal file
View File

@@ -0,0 +1,601 @@
# Docker Setup Guide - Job Forge
## Overview
Job Forge uses Docker for containerization to ensure consistent environments across development, testing, and production. This guide covers Docker configuration, best practices, and troubleshooting.
## Docker Architecture
### Container Structure
```
Job Forge Docker Setup
├── jobforge-app # FastAPI + Dash application
├── postgres # PostgreSQL 16 with pgvector
└── nginx # Reverse proxy and SSL termination
```
### Network Configuration
- **Internal Network**: Docker compose creates isolated network
- **External Access**: Only nginx container exposes ports 80/443
- **Service Discovery**: Containers communicate via service names
## Development Setup
### 1. Prerequisites
```bash
# Install Docker and Docker Compose
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# Install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
# Add user to docker group
sudo usermod -aG docker $USER
newgrp docker
```
### 2. Environment Configuration
```bash
# Copy environment template
cp .env.example .env
# Edit for development
nano .env
```
```bash
# Development Environment Variables
DATABASE_URL="postgresql://jobforge:jobforge123@postgres:5432/jobforge"
CLAUDE_API_KEY="your-claude-api-key"
OPENAI_API_KEY="your-openai-api-key"
JWT_SECRET="development-secret-key-change-in-production"
DEBUG=true
LOG_LEVEL="DEBUG"
```
### 3. Docker Compose Configuration
#### docker-compose.yml
```yaml
version: '3.8'
services:
# FastAPI + Dash Application
jobforge-app:
build:
context: .
dockerfile: Dockerfile
container_name: jobforge-app
ports:
- "8000:8000"
environment:
- DATABASE_URL=postgresql://jobforge:jobforge123@postgres:5432/jobforge
- CLAUDE_API_KEY=${CLAUDE_API_KEY}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- JWT_SECRET=${JWT_SECRET}
- DEBUG=${DEBUG:-false}
- LOG_LEVEL=${LOG_LEVEL:-INFO}
depends_on:
postgres:
condition: service_healthy
volumes:
# Development: mount source for hot reload
- ./app:/app/app:ro
- ./uploads:/app/uploads
- ./logs:/var/log/jobforge
networks:
- jobforge-network
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# PostgreSQL with pgvector
postgres:
image: pgvector/pgvector:pg16
container_name: jobforge-postgres
environment:
- POSTGRES_DB=jobforge
- POSTGRES_USER=jobforge
- POSTGRES_PASSWORD=jobforge123
- POSTGRES_INITDB_ARGS="--encoding=UTF8 --lc-collate=en_US.UTF-8 --lc-ctype=en_US.UTF-8"
ports:
- "5432:5432" # Expose for development access
volumes:
- postgres_data:/var/lib/postgresql/data
- ./init_db.sql:/docker-entrypoint-initdb.d/init_db.sql:ro
- ./backups:/backups
networks:
- jobforge-network
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U jobforge -d jobforge"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
# Nginx Reverse Proxy
nginx:
image: nginx:alpine
container_name: jobforge-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/conf.d:/etc/nginx/conf.d:ro
- ./ssl:/etc/nginx/ssl:ro
- ./static:/var/www/static:ro
depends_on:
- jobforge-app
networks:
- jobforge-network
restart: unless-stopped
healthcheck:
test: ["CMD", "nginx", "-t"]
interval: 30s
timeout: 10s
retries: 3
networks:
jobforge-network:
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
volumes:
postgres_data:
driver: local
```
#### docker-compose.override.yml (Development)
```yaml
# Development overrides
version: '3.8'
services:
jobforge-app:
build:
target: development # Multi-stage build target
environment:
- DEBUG=true
- LOG_LEVEL=DEBUG
- RELOAD=true
volumes:
# Enable hot reload in development
- ./app:/app/app
- ./tests:/app/tests
command: ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
postgres:
environment:
- POSTGRES_PASSWORD=jobforge123 # Simpler password for dev
ports:
- "5432:5432" # Expose port for development tools
```
### 4. Dockerfile Configuration
#### Multi-stage Dockerfile
```dockerfile
# Multi-stage Dockerfile for Job Forge
FROM python:3.12-slim as base
# Set environment variables
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PYTHONPATH="/app" \
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1
# Install system dependencies
RUN apt-get update && apt-get install -y \
curl \
postgresql-client \
build-essential \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Copy requirements and install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Development target
FROM base as development
# Install development dependencies
COPY requirements-dev.txt .
RUN pip install --no-cache-dir -r requirements-dev.txt
# Copy source code
COPY . .
# Create non-root user
RUN adduser --disabled-password --gecos '' jobforge && \
chown -R jobforge:jobforge /app
USER jobforge
# Health check
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
EXPOSE 8000
# Development command with hot reload
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
# Production target
FROM base as production
# Copy source code
COPY app/ ./app/
COPY alembic/ ./alembic/
COPY alembic.ini .
# Create non-root user
RUN adduser --disabled-password --gecos '' jobforge && \
chown -R jobforge:jobforge /app && \
mkdir -p /var/log/jobforge && \
chown jobforge:jobforge /var/log/jobforge
USER jobforge
# Health check
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
EXPOSE 8000
# Production command
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "2"]
```
#### .dockerignore
```
# .dockerignore for Job Forge
__pycache__/
*.pyc
*.pyo
*.pyd
.Python
env/
venv/
.venv/
pip-log.txt
pip-delete-this-directory.txt
.git/
.gitignore
README.md
.env
.env.*
docker-compose*.yml
Dockerfile*
.pytest_cache/
htmlcov/
.coverage
*.log
logs/
backups/
uploads/
!uploads/.gitkeep
.vscode/
.idea/
*.swp
*.swo
*~
```
## Production Setup
### 1. Production Docker Compose
```yaml
# docker-compose.prod.yml
version: '3.8'
services:
jobforge-app:
build:
context: .
dockerfile: Dockerfile
target: production
environment:
- DATABASE_URL=${DATABASE_URL}
- CLAUDE_API_KEY=${CLAUDE_API_KEY}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- JWT_SECRET=${JWT_SECRET}
- DEBUG=false
- LOG_LEVEL=INFO
- WORKERS=4
volumes:
- ./uploads:/app/uploads
- ./logs:/var/log/jobforge
deploy:
resources:
limits:
cpus: '2.0'
memory: 2G
reservations:
cpus: '0.5'
memory: 512M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
postgres:
image: pgvector/pgvector:pg16
environment:
- POSTGRES_DB=${DB_NAME}
- POSTGRES_USER=${DB_USER}
- POSTGRES_PASSWORD=${DB_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
- ./backups:/backups:ro
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.25'
memory: 256M
# Don't expose port in production
# ports:
# - "5432:5432"
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/prod.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
deploy:
resources:
limits:
cpus: '0.5'
memory: 128M
```
### 2. Production Commands
```bash
# Build production images
docker-compose -f docker-compose.prod.yml build
# Start production services
docker-compose -f docker-compose.prod.yml up -d
# Scale application containers
docker-compose -f docker-compose.prod.yml up -d --scale jobforge-app=3
```
## Container Management
### 1. Basic Operations
```bash
# Start all services
docker-compose up -d
# Stop all services
docker-compose down
# Restart specific service
docker-compose restart jobforge-app
# View logs
docker-compose logs -f jobforge-app
docker-compose logs --tail=100 postgres
# Execute commands in container
docker-compose exec jobforge-app bash
docker-compose exec postgres psql -U jobforge -d jobforge
```
### 2. Database Operations
```bash
# Run database migrations
docker-compose exec jobforge-app alembic upgrade head
# Create new migration
docker-compose exec jobforge-app alembic revision --autogenerate -m "description"
# Database backup
docker-compose exec postgres pg_dump -U jobforge jobforge > backup.sql
# Database restore
docker-compose exec -T postgres psql -U jobforge -d jobforge < backup.sql
```
### 3. Application Management
```bash
# Update application code (development)
docker-compose restart jobforge-app
# Rebuild containers
docker-compose build
docker-compose up -d
# View container resource usage
docker stats
# Clean up unused resources
docker system prune -a -f
```
## Monitoring and Debugging
### 1. Health Checks
```bash
# Check container health
docker-compose ps
# Manual health check
curl http://localhost:8000/health
# Check individual services
docker-compose exec jobforge-app python -c "import requests; print(requests.get('http://localhost:8000/health').json())"
```
### 2. Log Management
```bash
# View application logs
docker-compose logs -f jobforge-app
# View specific timeframe
docker-compose logs --since="2024-01-01T00:00:00" jobforge-app
# Export logs
docker-compose logs jobforge-app > app.log
# Follow logs with timestamps
docker-compose logs -f -t jobforge-app
```
### 3. Performance Monitoring
```bash
# Container resource usage
docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}"
# Container processes
docker-compose exec jobforge-app ps aux
# Database performance
docker-compose exec postgres psql -U jobforge -d jobforge -c "SELECT * FROM pg_stat_activity;"
```
## Troubleshooting
### 1. Common Issues
#### Container Won't Start
```bash
# Check logs for errors
docker-compose logs jobforge-app
# Check if ports are in use
sudo netstat -tulpn | grep :8000
# Check Docker daemon
sudo systemctl status docker
```
#### Database Connection Issues
```bash
# Test database connectivity
docker-compose exec jobforge-app python -c "
import asyncio
import asyncpg
asyncio.run(asyncpg.connect('postgresql://jobforge:jobforge123@postgres:5432/jobforge'))
print('Database connection successful')
"
# Check database is ready
docker-compose exec postgres pg_isready -U jobforge
```
#### Volume Mount Issues
```bash
# Check volume permissions
ls -la uploads/ logs/
# Fix permissions
sudo chown -R $USER:$USER uploads logs
chmod 755 uploads logs
```
### 2. Debug Mode
```bash
# Run container in debug mode
docker-compose run --rm jobforge-app bash
# Run with environment override
docker-compose run -e DEBUG=true jobforge-app
# Attach to running container
docker-compose exec jobforge-app bash
```
### 3. Network Issues
```bash
# Check network connectivity
docker network ls
docker network inspect jobforge_jobforge-network
# Test inter-container communication
docker-compose exec jobforge-app ping postgres
docker-compose exec nginx ping jobforge-app
```
## Optimization
### 1. Image Optimization
```dockerfile
# Use multi-stage builds to reduce image size
# Use .dockerignore to exclude unnecessary files
# Use specific base image versions
# Combine RUN commands to reduce layers
# Clean up package caches
```
### 2. Resource Limits
```yaml
# Set appropriate resource limits
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
```
### 3. Volume Optimization
```bash
# Use bind mounts for development
# Use named volumes for persistent data
# Regular cleanup of unused volumes
docker volume prune
```
## Security Best Practices
### 1. Container Security
```dockerfile
# Run as non-root user
USER jobforge
# Use specific image versions
FROM python:3.12-slim
# Don't expose unnecessary ports
# Use secrets for sensitive data
```
### 2. Network Security
```yaml
# Use custom networks
networks:
jobforge-network:
driver: bridge
internal: true # For internal services
```
### 3. Environment Security
```bash
# Use .env files for secrets
# Don't commit secrets to version control
# Use Docker secrets in production
# Regular security updates
```
This Docker setup provides a robust, scalable, and maintainable containerization solution for Job Forge, suitable for both development and production environments.

530
docs/infrastructure/server_deployment.md Normal file
View File

@@ -0,0 +1,530 @@
# Server Deployment Guide - Job Forge
## Overview
This guide covers deploying Job Forge to your own server for prototype development and testing. The deployment uses Docker containers for easy management and isolation.
## Prerequisites
### Server Requirements
- **OS**: Ubuntu 20.04+ or CentOS 8+
- **RAM**: Minimum 2GB, recommended 4GB
- **Storage**: Minimum 20GB available disk space
- **CPU**: 2 cores recommended
- **Network**: Public IP address and domain name (optional)
### Required Software
- Docker 20.10+
- Docker Compose 2.0+
- Git
- Nginx (for reverse proxy)
- Certbot (for SSL certificates)
## Initial Server Setup
### 1. Update System
```bash
# Ubuntu/Debian
sudo apt update && sudo apt upgrade -y
# CentOS/RHEL
sudo yum update -y
```
### 2. Install Docker
```bash
# Ubuntu/Debian
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER
# CentOS/RHEL
sudo yum install -y docker
sudo systemctl start docker
sudo systemctl enable docker
sudo usermod -aG docker $USER
```
### 3. Install Docker Compose
```bash
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
```
### 4. Install Additional Tools
```bash
# Ubuntu/Debian
sudo apt install -y git nginx certbot python3-certbot-nginx
# CentOS/RHEL
sudo yum install -y git nginx certbot python3-certbot-nginx
```
## Application Deployment
### 1. Clone Repository
```bash
cd /opt
sudo git clone https://github.com/yourusername/job-forge.git
sudo chown -R $USER:$USER job-forge
cd job-forge
```
### 2. Environment Configuration
```bash
# Copy environment template
cp .env.example .env
# Edit environment variables
nano .env
```
#### Required Environment Variables
```bash
# Database Configuration
DATABASE_URL="postgresql://jobforge:CHANGE_THIS_PASSWORD@postgres:5432/jobforge"
DATABASE_POOL_SIZE=10
# AI Service API Keys (obtain from providers)
CLAUDE_API_KEY="your-claude-api-key-here"
OPENAI_API_KEY="your-openai-api-key-here"
# Security Settings
JWT_SECRET="your-super-secret-jwt-key-minimum-32-characters"
JWT_ALGORITHM="HS256"
JWT_EXPIRE_MINUTES=1440
# Application Settings
APP_NAME="Job Forge"
DEBUG=false
LOG_LEVEL="INFO"
# Server Configuration
SERVER_HOST="0.0.0.0"
SERVER_PORT=8000
WORKERS=2
# Security
ALLOWED_HOSTS=["yourdomain.com", "www.yourdomain.com", "localhost"]
CORS_ORIGINS=["https://yourdomain.com", "https://www.yourdomain.com"]
```
### 3. Create Required Directories
```bash
mkdir -p uploads backups logs ssl
chmod 755 uploads backups logs
chmod 700 ssl
```
### 4. Build and Start Services
```bash
# Build Docker images
docker-compose build
# Start services in background
docker-compose up -d
# Check status
docker-compose ps
```
### 5. Initialize Database
```bash
# Run database migrations
docker-compose exec jobforge-app alembic upgrade head
# Verify database setup
docker-compose exec postgres psql -U jobforge -d jobforge -c "\dt"
```
### 6. Verify Application
```bash
# Check application health
curl http://localhost:8000/health
# Check logs
docker-compose logs jobforge-app
```
## Nginx Configuration
### 1. Create Nginx Configuration
```bash
sudo nano /etc/nginx/sites-available/jobforge
```
```nginx
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
# Redirect to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
# SSL Configuration (will be added by certbot)
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
# File upload size limit
client_max_body_size 10M;
# Main application
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
# Timeout settings for AI operations
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 120s;
}
# Health check endpoint
location /health {
proxy_pass http://localhost:8000/health;
access_log off;
}
# Static files (if any)
location /static/ {
alias /opt/job-forge/static/;
expires 30d;
add_header Cache-Control "public, immutable";
}
# API documentation
location /docs {
proxy_pass http://localhost:8000/docs;
}
# Deny access to sensitive files
location ~ /\. {
deny all;
}
}
```
### 2. Enable Site and Test Configuration
```bash
# Enable site
sudo ln -s /etc/nginx/sites-available/jobforge /etc/nginx/sites-enabled/
# Test configuration
sudo nginx -t
# Restart nginx
sudo systemctl restart nginx
```
## SSL Certificate Setup
### 1. Obtain SSL Certificate
```bash
# Using Let's Encrypt Certbot
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
# Follow prompts to configure SSL
```
### 2. Configure Auto-Renewal
```bash
# Test renewal
sudo certbot renew --dry-run
# Add cron job for auto-renewal
sudo crontab -e
# Add this line:
0 12 * * * /usr/bin/certbot renew --quiet
```
## Firewall Configuration
### 1. Configure UFW (Ubuntu)
```bash
sudo ufw allow ssh
sudo ufw allow 'Nginx Full'
sudo ufw --force enable
sudo ufw status
```
### 2. Configure Firewalld (CentOS)
```bash
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
```
## Monitoring and Maintenance
### 1. Log Management
```bash
# View application logs
docker-compose logs -f jobforge-app
# View nginx logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
# Set up log rotation
sudo nano /etc/logrotate.d/jobforge
```
```
/opt/job-forge/logs/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
copytruncate
}
```
### 2. Backup Configuration
```bash
# Create backup script
sudo nano /opt/job-forge/backup.sh
```
```bash
#!/bin/bash
# Job Forge backup script
BACKUP_DIR="/opt/backups/jobforge"
DATE=$(date +%Y%m%d_%H%M%S)
# Create backup directory
mkdir -p "$BACKUP_DIR"
echo "Starting Job Forge backup - $DATE"
# Database backup
docker-compose exec -T postgres pg_dump -U jobforge jobforge | gzip > "$BACKUP_DIR/database_$DATE.sql.gz"
# Application files backup
tar -czf "$BACKUP_DIR/app_$DATE.tar.gz" \
--exclude="logs/*" \
--exclude="uploads/*" \
/opt/job-forge
# Keep only last 30 days
find "$BACKUP_DIR" -name "*.gz" -mtime +30 -delete
echo "Backup completed successfully"
```
```bash
# Make executable
chmod +x /opt/job-forge/backup.sh
# Add to crontab (daily backup at 2 AM)
sudo crontab -e
0 2 * * * /opt/job-forge/backup.sh
```
### 3. Health Monitoring
```bash
# Create health check script
nano /opt/job-forge/health-check.sh
```
```bash
#!/bin/bash
# Job Forge health check
HEALTH_URL="http://localhost:8000/health"
LOG_FILE="/opt/job-forge/logs/health-check.log"
response=$(curl -s -o /dev/null -w "%{http_code}" "$HEALTH_URL")
if [ "$response" = "200" ]; then
echo "$(date): Health check passed" >> "$LOG_FILE"
else
echo "$(date): Health check failed - HTTP $response" >> "$LOG_FILE"
# Send alert (email, Slack, etc.)
# systemctl restart docker-compose@job-forge
fi
```
```bash
# Make executable and add to cron (every 5 minutes)
chmod +x /opt/job-forge/health-check.sh
crontab -e
*/5 * * * * /opt/job-forge/health-check.sh
```
## Application Updates
### 1. Update Process
```bash
cd /opt/job-forge
# Create backup before update
./backup.sh
# Pull latest changes
git pull origin main
# Rebuild and restart services
docker-compose build
docker-compose up -d
# Run database migrations if needed
docker-compose exec jobforge-app alembic upgrade head
# Verify application is working
curl http://localhost:8000/health
```
### 2. Rollback Process
```bash
# If update fails, rollback to previous version
git log --oneline -10 # Find previous commit
git checkout <previous-commit-hash>
# Rebuild and restart
docker-compose build
docker-compose up -d
# Or restore from backup if needed
```
## Troubleshooting
### Common Issues
#### 1. Application Won't Start
```bash
# Check logs
docker-compose logs jobforge-app
# Check database connection
docker-compose exec postgres pg_isready -U jobforge
# Check environment variables
docker-compose exec jobforge-app env | grep -E "(DATABASE|CLAUDE|OPENAI)"
```
#### 2. Database Connection Issues
```bash
# Restart postgres
docker-compose restart postgres
# Check database logs
docker-compose logs postgres
# Connect to database manually
docker-compose exec postgres psql -U jobforge -d jobforge
```
#### 3. SSL Certificate Issues
```bash
# Check certificate status
sudo certbot certificates
# Renew certificate manually
sudo certbot renew
# Check nginx configuration
sudo nginx -t
```
#### 4. Permission Issues
```bash
# Fix file permissions
sudo chown -R $USER:$USER /opt/job-forge
chmod 755 /opt/job-forge/uploads
chmod 700 /opt/job-forge/ssl
```
### Performance Optimization
#### 1. Database Optimization
```bash
# Connect to database
docker-compose exec postgres psql -U jobforge -d jobforge
# Check slow queries
SELECT query, mean_time, calls FROM pg_stat_statements ORDER BY mean_time DESC LIMIT 10;
# Analyze table statistics
ANALYZE;
```
#### 2. Container Resource Limits
```yaml
# In docker-compose.yml, add resource limits
services:
jobforge-app:
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
```
#### 3. Nginx Caching
```nginx
# Add to nginx configuration
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
```
## Security Hardening
### 1. System Updates
```bash
# Enable automatic security updates
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
```
### 2. Fail2Ban Setup
```bash
# Install fail2ban
sudo apt install fail2ban
# Configure for nginx
sudo nano /etc/fail2ban/jail.local
```
```ini
[nginx-http-auth]
enabled = true
[nginx-limit-req]
enabled = true
```
### 3. Docker Security
```bash
# Run containers as non-root user (already configured in Dockerfile)
# Limit container capabilities
# Use secrets for sensitive data
```
This deployment guide provides a comprehensive setup for Job Forge on your own server. Adjust configurations based on your specific requirements and security policies.

378
docs/jobforge_mvp_architecture.md
View File

@@ -1,47 +1,48 @@
# JobForge MVP - Core Job Application Module
# Job Forge - Python/FastAPI Web Application Architecture
**Version:** 1.0.0 MVP
**Version:** 1.0.0 Prototype
**Status:** Development Phase 1
**Date:** July 2025
**Scope:** Core job application workflow with essential features
**Target:** Personal use for concept validation and testing
**Date:** August 2025
**Scope:** AI-powered job application management web application
**Target:** Prototype development for server deployment
---
## 📋 MVP Scope & Objectives
## 📋 Application Scope & Objectives
### Core Functionality
- **User Authentication**: Basic login/signup system
- **Job Application Creation**: Add new applications with job description and URL
- **3-Phase AI Workflow**: Research → Resume → Cover Letter generation
- **Document Management**: View and edit generated documents
- **Navigation Interface**: Sidebar + top bar for seamless workflow navigation
### Core Web Application Features
- **User Authentication**: JWT-based secure authentication system
- **Job Application Management**: Full CRUD operations for job applications
- **AI-Powered Document Generation**: Automated cover letter and resume optimization
- **Web Interface**: Modern responsive web interface using Dash + Mantine
- **Multi-tenant Architecture**: Secure user data isolation with RLS
### MVP Goals
- Validate core AI workflow effectiveness
- Test user experience with Dash + Mantine interface
- Prove concept with personal job application journey
- Establish foundation for Phase 2 (post-application features)
### Development Goals
- Deploy functional prototype to personal server
- Validate AI workflow effectiveness for job applications
- Test web application performance and user experience
- Establish scalable architecture for future enhancements
- Demonstrate full-stack Python/FastAPI capabilities
---
## 🏗️ MVP Architecture
## 🏗️ Web Application Architecture
### System Overview
```mermaid
graph TB
subgraph "Frontend (Dash + Mantine)"
UI[Main UI]
SIDEBAR[Application Sidebar]
TOPBAR[Navigation Top Bar]
subgraph "Web Frontend (Dash + Mantine)"
UI[Dashboard Interface]
FORMS[Application Forms]
EDITOR[Document Editor]
VIEWER[Document Viewer]
end
subgraph "Backend API (FastAPI)"
AUTH[Authentication]
APP[Application Service]
AI[AI Orchestrator]
DOC[Document Service]
AUTH[JWT Authentication]
CRUD[Application CRUD]
AI[AI Service Layer]
FILES[Document Management]
end
subgraph "AI Agents"
@@ -61,14 +62,15 @@ graph TB
end
UI --> AUTH
UI --> APP
UI --> DOC
APP --> AI
FORMS --> CRUD
EDITOR --> FILES
VIEWER --> FILES
CRUD --> AI
AI --> RESEARCH
AI --> RESUME
AI --> COVER
APP --> PG
DOC --> FILES
CRUD --> PG
FILES --> PG
RESEARCH --> CLAUDE
RESUME --> CLAUDE
COVER --> CLAUDE
@@ -77,40 +79,49 @@ graph TB
---
## 🔐 User Authentication (MVP)
## 🔐 User Authentication (Web Application)
### Simple Authentication System
### JWT-Based Authentication System
```python
class AuthenticationService:
"""Basic user authentication for MVP"""
"""JWT-based authentication for web application"""
async def register_user(self, email: str, password: str, name: str) -> User:
"""Register new user account"""
async def register_user(self, user_data: UserCreate) -> User:
"""Register new user account with validation"""
async def authenticate_user(self, email: str, password: str) -> AuthResult:
"""Login user and return JWT token"""
async def authenticate_user(self, credentials: UserLogin) -> AuthResult:
"""Authenticate user and return JWT access token"""
async def verify_token(self, token: str) -> User:
"""Verify JWT token and return user"""
"""Verify JWT token and return authenticated user"""
async def logout_user(self, user_id: str) -> None:
"""Logout user session"""
async def refresh_token(self, refresh_token: str) -> AuthResult:
"""Refresh JWT access token"""
def create_access_token(self, user_id: str) -> str:
"""Create JWT access token with expiration"""
```
### Database Schema (Users)
```sql
-- Basic user table for MVP
-- User table with enhanced security
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR(255) UNIQUE NOT NULL,
password_hash VARCHAR(255) NOT NULL,
full_name VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
first_name VARCHAR(100) NOT NULL,
last_name VARCHAR(100) NOT NULL,
is_active BOOLEAN DEFAULT TRUE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
);
-- Enable basic row level security
-- Enable row level security for multi-tenancy
ALTER TABLE users ENABLE ROW LEVEL SECURITY;
-- Create index for performance
CREATE INDEX idx_users_email ON users(email);
CREATE INDEX idx_users_active ON users(is_active);
```
---
@@ -558,157 +569,208 @@ CREATE POLICY user_own_resumes ON user_resumes FOR ALL USING (user_id = current_
---
## 🚀 MVP Development Plan
## 🚀 Web Application Development Plan
### Development Phases
#### **Week 1-2: Foundation Setup**
- Docker development environment
- PostgreSQL database with basic schema
- FastAPI backend with authentication endpoints
- Basic Dash + Mantine frontend structure
#### **Phase 1: Infrastructure & Authentication (Weeks 1-2)**
- Docker containerization for development and production
- PostgreSQL 16 with pgvector extension setup
- FastAPI backend with JWT authentication
- Row Level Security (RLS) implementation
- Basic CI/CD pipeline setup
#### **Week 3-4: Core Application Module**
- Application creation and listing
- Database integration with user isolation
- Basic sidebar and navigation UI
- Application status tracking
#### **Phase 2: Core Web Application (Weeks 3-4)**
- Dash + Mantine responsive web interface
- Application CRUD operations with API endpoints
- User dashboard and application management
- Database integration with async operations
- Multi-tenant data isolation
#### **Week 5-6: AI Workflow Implementation**
- Research Agent with Claude integration
- Resume Optimizer with portfolio handling
- Cover Letter Generator with user context
- Document storage and retrieval system
#### **Phase 3: AI Integration (Weeks 5-6)**
- Claude API integration for document generation
- OpenAI API for embeddings and analysis
- Async AI service layer implementation
- Error handling and retry mechanisms
- AI service rate limiting and monitoring
#### **Week 7-8: Frontend Polish & Integration**
- Document editor with markdown support
- Real-time status updates during AI processing
- Phase navigation and progress tracking
- Error handling and user feedback
#### **Phase 4: Production Deployment (Weeks 7-8)**
- Server deployment with Docker Compose
- Nginx reverse proxy and SSL configuration
- Database backup and monitoring setup
- Performance optimization and caching
- Security hardening and testing
### MVP Success Criteria
-User can register/login securely
-User can create job applications with description/URL
-AI generates research report automatically
- ✅ AI optimizes resume based on job requirements
-AI generates cover letter with user context
-User can view and edit all generated documents
-Smooth navigation between application phases
-Data persisted securely with user isolation
### Prototype Success Criteria
-Secure multi-user web application deployed to server
-JWT-based authentication with user registration/login
-Full CRUD operations for job applications
- ✅ AI-powered cover letter generation via web interface
-Responsive web UI with modern UX design
-Secure data storage with user isolation (RLS)
-Production-ready deployment with monitoring
-Scalable architecture for future enhancements
---
## 🐳 Docker Development Setup
## 🐳 Docker Production Deployment
### Development Environment
### Production Environment
```yaml
# docker-compose.yml
version: '3.8'
services:
postgres:
image: pgvector/pgvector:pg16
environment:
POSTGRES_DB: jobforge_mvp
POSTGRES_USER: jobforge_user
POSTGRES_PASSWORD: jobforge_password
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
- ./database/init.sql:/docker-entrypoint-initdb.d/init.sql
backend:
# FastAPI + Dash Web Application
jobforge-app:
build:
context: .
dockerfile: Dockerfile.backend
ports:
- "8000:8000"
dockerfile: Dockerfile
target: production
container_name: jobforge-app
environment:
- DATABASE_URL=postgresql+asyncpg://jobforge_user:jobforge_password@postgres:5432/jobforge_mvp
- DATABASE_URL=postgresql://jobforge:${DB_PASSWORD}@postgres:5432/jobforge
- CLAUDE_API_KEY=${CLAUDE_API_KEY}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- JWT_SECRET=${JWT_SECRET}
- DEBUG=false
- LOG_LEVEL=INFO
volumes:
- ./src:/app/src
- ./uploads:/app/uploads
- ./logs:/var/log/jobforge
depends_on:
- postgres
command: uvicorn src.backend.main:app --host 0.0.0.0 --port 8000 --reload
postgres:
condition: service_healthy
networks:
- jobforge-network
restart: unless-stopped
frontend:
build:
context: .
dockerfile: Dockerfile.frontend
ports:
- "8501:8501"
# PostgreSQL with pgvector
postgres:
image: pgvector/pgvector:pg16
container_name: jobforge-postgres
environment:
- BACKEND_URL=http://backend:8000
- POSTGRES_DB=jobforge
- POSTGRES_USER=jobforge
- POSTGRES_PASSWORD=${DB_PASSWORD}
volumes:
- ./src/frontend:/app/src/frontend
- postgres_data:/var/lib/postgresql/data
- ./backups:/backups
networks:
- jobforge-network
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U jobforge -d jobforge"]
interval: 10s
timeout: 5s
retries: 5
# Nginx Reverse Proxy
nginx:
image: nginx:alpine
container_name: jobforge-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
depends_on:
- backend
command: python src/frontend/main.py
- jobforge-app
networks:
- jobforge-network
restart: unless-stopped
networks:
jobforge-network:
driver: bridge
volumes:
postgres_data:
driver: local
```
---
## 📁 MVP Project Structure
## 📁 Web Application Project Structure
```
jobforge-mvp/
job-forge/
├── docker-compose.yml
├── Dockerfile.backend
├── Dockerfile.frontend
├── requirements-backend.txt
├── requirements-frontend.txt
├── Dockerfile
├── requirements.txt
├── requirements-dev.txt
├── .env.example
├── database/
│ └── init.sql
├── src/
│ ├── backend/
│ │ ├── main.py
│ ├── api/
│ │ │ ├── auth.py
│ │ │ ├── applications.py
│ │ ├── documents.py
│ │ │ └── processing.py
│ │ ── services/
│ │ │ ├── auth_service.py
│ │ │ ├── application_service.py
│ │ │ ├── document_service.py
│ │ │ ── ai_orchestrator.py
│ │ ├── database/
│ │ │ ├── connection.py
│ │ └── models.py
│ │ ── models/
│ │ ├── requests.py
│ │ └── responses.py
│ ├── frontend/
│ │ ├── main.py
│ │ ├── components/
│ │ │ ├── sidebar.py
│ │ ├── topbar.py
│ │ │ └── editor.py
│ │ ├── pages/
│ │ │ ├── login.py
│ │ ├── dashboard.py
│ │ │ └── application.py
│ │ ── api_client/
│ │ └── client.py
├── agents/
│ │ ├── research_agent.py
│ │ ├── resume_optimizer.py
│ ├── cover_letter_generator.py
── claude_client.py
└── helpers/
├── validators.py
└── formatters.py
└── user_data/
└── resumes/
├── pytest.ini
├── alembic.ini
├── CLAUDE.md
├── README.md
├── app/
│ ├── main.py # FastAPI + Dash application entry
│ ├── core/
│ │ ├── config.py # Application configuration
│ │ ├── database.py # Database connection and session
│ │ ├── security.py # JWT authentication utilities
│ │ ── exceptions.py # Custom exception handlers
│ ├── api/
│ │ ├── v1/
│ │ │ ├── auth.py # Authentication endpoints
│ │ │ ── applications.py # Application CRUD endpoints
│ │ │ └── documents.py # Document management endpoints
│ │ └── dependencies.py # FastAPI dependencies
── models/
│ │ ── user.py # User SQLAlchemy model
│ │ ├── application.py # Application SQLAlchemy model
│ │ └── document.py # Document SQLAlchemy model
│ ├── schemas/
│ │ ├── user.py # User Pydantic schemas
│ │ ├── application.py # Application Pydantic schemas
│ │ └── auth.py # Authentication schemas
├── crud/
│ │ ├── user.py # User database operations
│ │ ├── application.py # Application database operations
│ │ └── document.py # Document database operations
├── services/
│ │ ├── auth.py # Authentication service
│ │ ── application.py # Application business logic
│ │ └── ai/
│ ├── claude_service.py # Claude API integration
│ │ ├── openai_service.py # OpenAI API integration
│ │ └── document_generator.py # AI document generation
└── frontend/
── app.py # Dash application setup
├── layouts/
│ ├── dashboard.py # Main dashboard layout
│ ├── auth.py # Login/register layouts
│ │ └── application.py # Application detail layout
├── components/
│ │ ├── navigation.py # Navigation components
│ │ ├── forms.py # Form components
│ │ └── modals.py # Modal components
│ └── callbacks/
│ ├── auth.py # Authentication callbacks
│ ├── application.py # Application callbacks
│ └── navigation.py # Navigation callbacks
├── alembic/
│ ├── versions/ # Database migration files
│ └── env.py # Alembic configuration
├── tests/
│ ├── conftest.py # Pytest configuration and fixtures
│ ├── unit/ # Unit tests
│ ├── integration/ # Integration tests
│ └── e2e/ # End-to-end tests
├── docs/
│ ├── README.md # Main documentation hub
│ ├── development/ # Development documentation
│ ├── infrastructure/ # Deployment documentation
│ └── testing/ # Testing documentation
├── nginx/
│ └── nginx.conf # Nginx configuration
├── logs/ # Application logs
├── uploads/ # File uploads
└── backups/ # Database backups
```
---
*This MVP architecture focuses on delivering the core job application workflow with essential features. It establishes the foundation for Phase 2 development while providing immediate value for personal job application management and concept validation.*
*This web application architecture provides a comprehensive, production-ready solution for AI-powered job application management. The FastAPI backend with Dash frontend delivers a modern web experience while maintaining scalability and security for prototype development and future enhancements.*

951
docs/team_management_guide.md
View File

@@ -1,951 +0,0 @@
# JobForge MVP - Team Management Guide
**Version:** 1.0.0
**Project:** JobForge MVP Development
**Timeline:** 8 Weeks (July - August 2025)
**Team Structure:** 6 Specialized Roles
**Last Updated:** July 2025
---
## 📋 Table of Contents
1. [Team Structure & Hierarchy](#team-structure--hierarchy)
2. [Role Definitions](#role-definitions)
3. [Communication Protocols](#communication-protocols)
4. [Development Process](#development-process)
5. [Quality Standards](#quality-standards)
6. [Meeting Framework](#meeting-framework)
7. [Documentation Standards](#documentation-standards)
8. [Escalation Procedures](#escalation-procedures)
9. [Performance Metrics](#performance-metrics)
10. [Standard Templates](#standard-templates)
---
## 🏗️ Team Structure & Hierarchy
### Organizational Chart
```mermaid
graph TD
PM[Project Manager] --> ARCH[Architect & Orchestrator]
PM --> BE[Backend Team]
PM --> FE[Frontend Team]
PM --> AI[AI Engineering Team]
PM --> DO[DevOps & Integration Team]
ARCH --> BE
ARCH --> FE
ARCH --> AI
ARCH --> DO
BE --> DO
FE --> DO
AI --> BE
```
### Reporting Structure
| Level | Role | Reports To | Direct Reports |
|-------|------|------------|----------------|
| **L1** | Project Manager | Stakeholders/CEO | All team leads |
| **L2** | Architect & Orchestrator | Project Manager | Technical guidance to all teams |
| **L2** | Backend Team Lead | Project Manager | Backend developers |
| **L2** | Frontend Team Lead | Project Manager | Frontend developers |
| **L2** | AI Engineering Team Lead | Project Manager | AI engineers |
| **L2** | DevOps & Integration Team Lead | Project Manager | DevOps engineers |
### Authority Matrix
| Decision Type | Project Manager | Architect | Team Leads | Team Members |
|---------------|-----------------|-----------|------------|--------------|
| Project Scope | **Decide** | Consult | Inform | Inform |
| Technical Architecture | Consult | **Decide** | Consult | Inform |
| Implementation Details | Inform | Consult | **Decide** | Responsible |
| Resource Allocation | **Decide** | Consult | Consult | Inform |
| Quality Standards | Consult | **Decide** | Responsible | Responsible |
| Release Decisions | **Decide** | Consult | Inform | Inform |
---
## 👥 Role Definitions
### 1. Project Manager
#### **Core Responsibilities**
- **Project Planning:** Define sprint goals, manage timeline, allocate resources
- **Risk Management:** Identify, assess, and mitigate project risks
- **Stakeholder Communication:** Regular status updates and expectation management
- **Team Coordination:** Facilitate cross-team collaboration and resolve blockers
- **Progress Tracking:** Monitor deliverables, milestones, and budget
#### **Key Deliverables**
- Weekly project status reports
- Sprint planning and retrospective facilitation
- Risk register and mitigation plans
- Resource allocation and capacity planning
- Stakeholder communication and updates
#### **Required Skills**
- Agile/Scrum methodology expertise
- Technical project management experience
- Excellent communication and leadership skills
- Risk assessment and mitigation
- Budget and resource management
#### **Daily Activities**
- **Morning:** Review overnight progress, check for blockers
- **Mid-day:** Attend standups, facilitate cross-team communication
- **Evening:** Update project tracking, prepare status reports
#### **Success Metrics**
- On-time delivery of sprint goals (100% target)
- Team velocity consistency (±15% variance)
- Stakeholder satisfaction scores (>8/10)
- Risk mitigation effectiveness (>90% issues resolved)
---
### 2. Architect & Orchestrator
#### **Core Responsibilities**
- **System Architecture:** Define and maintain overall system design
- **Technical Standards:** Establish coding standards, patterns, and best practices
- **Architecture Reviews:** Conduct regular technical reviews and approvals
- **Cross-Team Alignment:** Ensure technical consistency across all teams
- **Technology Decisions:** Evaluate and approve technology choices
#### **Key Deliverables**
- System architecture documentation and diagrams
- Technical standards and coding guidelines
- Architecture review reports and approvals
- Technology evaluation and recommendation reports
- Technical debt assessment and remediation plans
#### **Required Skills**
- Full-stack architecture experience
- Deep knowledge of Python, PostgreSQL, Docker
- API design and microservices architecture
- Code review and quality assessment
- Technical leadership and mentoring
#### **Daily Activities**
- **Morning:** Review pull requests and architecture compliance
- **Mid-day:** Conduct architecture reviews and technical discussions
- **Evening:** Update architecture documentation and standards
#### **Review Schedule**
- **Daily:** Code review and PR approvals
- **Weekly:** Architecture compliance review
- **Bi-weekly:** Technical debt assessment
- **Sprint End:** Architecture retrospective and improvements
#### **Success Metrics**
- Architecture compliance score (>95%)
- Technical debt ratio (<10%)
- Code review turnaround time (<4 hours)
- Cross-team technical consistency (>90%)
---
### 3. Backend Team
#### **Core Responsibilities**
- **API Development:** Build FastAPI endpoints per specification
- **Database Design:** Implement PostgreSQL schema with RLS policies
- **Business Logic:** Develop core application services and workflows
- **Integration:** Integrate with AI services and external APIs
- **Testing:** Write comprehensive unit and integration tests
#### **Key Deliverables**
- REST API endpoints with full documentation
- Database schema with migrations and seed data
- Business logic services and domain models
- API integration with AI services
- Comprehensive test suites (>80% coverage)
#### **Required Skills**
- Advanced Python (FastAPI, SQLAlchemy, AsyncIO)
- PostgreSQL database design and optimization
- REST API design and development
- Testing frameworks (pytest, mocking)
- Docker and containerization
#### **Team Structure**
- **Backend Team Lead:** Technical leadership, architecture compliance
- **Senior Backend Developer:** Complex features, AI integration
- **Backend Developer:** CRUD operations, testing, documentation
#### **Daily Activities**
- **Morning:** Review API requirements and database design
- **Mid-day:** Implement endpoints and business logic
- **Evening:** Write tests and update documentation
#### **Handoff Requirements**
- **To Frontend:** Complete API documentation with examples
- **To AI Team:** Integration endpoints and data models
- **To DevOps:** Docker configuration and deployment requirements
#### **Success Metrics**
- API endpoint completion rate (100% per sprint)
- Test coverage percentage (>80%)
- API response time (<500ms for CRUD operations)
- Bug density (<2 bugs per 1000 lines of code)
---
### 4. Frontend Team
#### **Core Responsibilities**
- **UI Development:** Build Dash + Mantine user interface components
- **User Experience:** Create intuitive and responsive user interactions
- **API Integration:** Implement frontend API client and data management
- **Visual Design:** Ensure professional and modern visual design
- **Testing:** Develop frontend testing strategies and implementation
#### **Key Deliverables**
- Complete user interface with all MVP features
- Responsive design for desktop and mobile
- API client library with error handling
- Component library and design system
- User experience testing and optimization
#### **Required Skills**
- Advanced Python (Dash, Plotly, component libraries)
- Modern web technologies (HTML5, CSS3, JavaScript)
- UI/UX design principles and responsive design
- API integration and state management
- Frontend testing and debugging
#### **Team Structure**
- **Frontend Team Lead:** UI architecture, UX decisions
- **Senior Frontend Developer:** Complex components, API integration
- **Frontend Developer:** Component development, styling, testing
#### **Daily Activities**
- **Morning:** Review UI requirements and design specifications
- **Mid-day:** Develop components and integrate with backend APIs
- **Evening:** Test user interactions and update documentation
#### **Handoff Requirements**
- **From Backend:** API documentation and endpoint availability
- **To DevOps:** Frontend build configuration and deployment needs
- **To PM:** User acceptance testing and demo preparation
#### **Success Metrics**
- Feature completion rate (100% per sprint)
- UI responsiveness score (>95% across devices)
- User experience satisfaction (>8/10 in testing)
- Frontend error rate (<1% of user interactions)
---
### 5. AI Engineering Team
#### **Core Responsibilities**
- **Prompt Engineering:** Develop and optimize Claude Sonnet 4 prompts
- **AI Integration:** Build AI agents for research, resume, and cover letter generation
- **Vector Operations:** Implement OpenAI embeddings and similarity search
- **Performance Optimization:** Optimize AI response times and accuracy
- **Quality Assurance:** Test AI outputs for consistency and relevance
#### **Key Deliverables**
- Research Agent with job analysis capabilities
- Resume Optimizer with multi-resume synthesis
- Cover Letter Generator with voice preservation
- Vector database integration for semantic search
- AI performance monitoring and optimization tools
#### **Required Skills**
- Advanced prompt engineering and LLM optimization
- Python AI/ML libraries (OpenAI, Anthropic APIs)
- Vector databases and semantic search
- Natural language processing and analysis
- AI testing and quality assurance methods
#### **Team Structure**
- **AI Team Lead:** AI strategy, prompt architecture
- **Senior AI Engineer:** Complex AI workflows, vector integration
- **AI Engineer:** Prompt development, testing, optimization
#### **Daily Activities**
- **Morning:** Review AI requirements and prompt specifications
- **Mid-day:** Develop and test AI agents and prompts
- **Evening:** Optimize performance and document AI behaviors
#### **Handoff Requirements**
- **To Backend:** AI service integration requirements and APIs
- **From Architect:** AI workflow specifications and quality criteria
- **To PM:** AI performance metrics and capability demonstrations
#### **Success Metrics**
- AI response accuracy (>90% relevance score)
- Processing time (<30 seconds per AI operation)
- Prompt effectiveness (>85% user satisfaction)
- AI service uptime (>99.5% availability)
---
### 6. DevOps & Integration Team
#### **Core Responsibilities**
- **Infrastructure Management:** Docker Compose orchestration and optimization
- **CI/CD Pipeline:** Gitea workflows, automated testing, and deployment
- **Integration Testing:** End-to-end system integration and testing
- **Quality Assurance:** Enforce quality standards and code review processes
- **Documentation Management:** Maintain project documentation and knowledge base
#### **Key Deliverables**
- Complete Docker development environment
- Automated CI/CD pipelines with quality gates
- Integration testing suite and monitoring
- Quality standards documentation and enforcement
- Production deployment configuration and monitoring
#### **Required Skills**
- Docker and container orchestration
- CI/CD pipeline design and implementation
- Automated testing and quality assurance
- System integration and monitoring
- Technical documentation and knowledge management
#### **Team Structure**
- **DevOps & Integration Lead:** Infrastructure architecture, quality standards
- **Senior DevOps Engineer:** CI/CD pipelines, production deployment
- **Integration Engineer:** System integration, testing, documentation
#### **Daily Activities**
- **Morning:** Review system health, CI/CD pipeline status
- **Mid-day:** Support integration needs, resolve deployment issues
- **Evening:** Update documentation, monitor quality metrics
#### **Handoff Requirements**
- **From All Teams:** Code, configuration, and deployment requirements
- **To PM:** System status, quality metrics, deployment readiness
- **To Architect:** Infrastructure compliance and optimization recommendations
#### **Success Metrics**
- CI/CD pipeline success rate (>95%)
- Integration test pass rate (>98%)
- System uptime (>99.9% during development)
- Documentation completeness (>90% coverage)
---
## 📞 Communication Protocols
### Communication Matrix
| Communication Type | Frequency | Participants | Duration | Format |
|-------------------|-----------|--------------|----------|--------|
| **Daily Standup** | Daily | All team leads + PM | 15 min | Synchronous |
| **Team Standup** | Daily | Team members + Team lead | 10 min | Synchronous |
| **Architecture Review** | Weekly | Architect + All leads | 30 min | Synchronous |
| **Sprint Planning** | Weekly | All team leads + PM | 60 min | Synchronous |
| **Sprint Retrospective** | Weekly | All team leads + PM | 45 min | Synchronous |
| **Technical Sync** | As needed | Relevant teams | 30 min | Synchronous |
| **Status Updates** | Weekly | PM + Stakeholders | 30 min | Synchronous/Async |
### Communication Guidelines
#### **Daily Standup Format**
Each team lead reports:
1. **Yesterday:** What was completed
2. **Today:** What will be worked on
3. **Blockers:** Any impediments or dependencies
4. **Risks:** Emerging risks or concerns
#### **Cross-Team Communication Rules**
- **Backend ↔ Frontend:** API changes require 24-hour notice
- **AI ↔ Backend:** Integration requirements must be documented
- **DevOps ↔ All Teams:** Infrastructure changes require approval
- **Architect ↔ All Teams:** Technical decisions require consultation
#### **Escalation Matrix**
| Issue Level | Response Time | Escalation Path |
|-------------|---------------|-----------------|
| **Low** | 24 hours | Team Lead → PM |
| **Medium** | 4 hours | Team Lead → PM → Architect |
| **High** | 1 hour | Team Lead → PM + Architect |
| **Critical** | 30 minutes | All leads + PM + Architect |
---
## 🔄 Development Process
### Sprint Structure (1-Week Sprints)
#### **Monday: Sprint Planning**
- **9:00 AM:** Sprint planning meeting (60 min)
- **10:30 AM:** Team breakouts for task estimation
- **11:30 AM:** Cross-team dependency identification
- **12:00 PM:** Sprint commitment and kick-off
#### **Tuesday-Thursday: Development**
- **9:00 AM:** Daily standup (15 min)
- **Development work according to team schedules**
- **4:00 PM:** Daily progress check-in
- **As needed:** Technical sync meetings
#### **Friday: Review & Retrospective**
- **9:00 AM:** Sprint demo preparation
- **10:00 AM:** Sprint review and demo (60 min)
- **11:30 AM:** Sprint retrospective (45 min)
- **1:00 PM:** Next sprint preparation
- **3:00 PM:** Week wrap-up and documentation
### Definition of Done
#### **Backend Features**
- [ ] API endpoints implemented per specification
- [ ] Unit tests written with >80% coverage
- [ ] Integration tests passing
- [ ] API documentation updated
- [ ] Code reviewed and approved by Architect
- [ ] Database migrations tested
- [ ] Error handling implemented
#### **Frontend Features**
- [ ] UI components implemented per design
- [ ] Responsive design tested on multiple devices
- [ ] API integration working correctly
- [ ] User acceptance criteria met
- [ ] Code reviewed and approved
- [ ] Documentation updated
- [ ] Browser compatibility tested
#### **AI Features**
- [ ] Prompts developed and optimized
- [ ] AI agents tested for accuracy and performance
- [ ] Integration with backend services working
- [ ] Performance benchmarks met
- [ ] Error handling and fallbacks implemented
- [ ] Documentation and examples provided
- [ ] Quality assurance testing completed
#### **DevOps Features**
- [ ] Infrastructure changes deployed and tested
- [ ] CI/CD pipelines updated and working
- [ ] Documentation updated
- [ ] Security review completed
- [ ] Performance impact assessed
- [ ] Rollback procedures tested
- [ ] Monitoring and alerting configured
---
## 🎯 Quality Standards
### Code Quality Requirements
#### **General Standards**
- **Type Hints:** Required for all public functions and methods
- **Documentation:** Docstrings for all classes and public methods
- **Testing:** Minimum 80% code coverage for backend, 70% for frontend
- **Code Review:** All changes require approval from team lead + architect
- **Security:** No hardcoded secrets, proper input validation
#### **Backend Standards**
```python
# Example of required code quality
from typing import Optional, List
from pydantic import BaseModel
class ApplicationService:
"""Service for managing job applications with proper error handling."""
async def create_application(
self,
user_id: str,
application_data: CreateApplicationRequest
) -> Application:
"""
Create a new job application for the specified user.
Args:
user_id: UUID of the authenticated user
application_data: Validated application creation data
Returns:
Application: Created application with generated ID
Raises:
ValidationError: If application data is invalid
DatabaseError: If database operation fails
"""
# Implementation with proper error handling
pass
```
#### **Frontend Standards**
- **Component Documentation:** Clear docstrings for all components
- **Props Validation:** Type hints and validation for all component props
- **Error Boundaries:** Proper error handling for API failures
- **Accessibility:** WCAG 2.1 AA compliance for all UI components
- **Performance:** Components should render in <100ms
#### **AI Standards**
- **Prompt Documentation:** Clear documentation of prompt purpose and expected outputs
- **Error Handling:** Graceful degradation when AI services are unavailable
- **Performance Monitoring:** Response time and accuracy tracking
- **Quality Assurance:** Systematic testing of AI outputs for consistency
### Quality Gates
#### **Pre-Commit Checks**
- [ ] Code formatting (Black, isort)
- [ ] Type checking (mypy)
- [ ] Linting (flake8, pylint)
- [ ] Security scanning (bandit)
- [ ] Test execution (pytest)
#### **Pull Request Checks**
- [ ] All CI/CD pipeline checks pass
- [ ] Code coverage requirements met
- [ ] Architecture compliance verified
- [ ] Security review completed
- [ ] Documentation updated
- [ ] Performance impact assessed
#### **Sprint Completion Checks**
- [ ] All features meet Definition of Done
- [ ] Integration testing passes
- [ ] Performance benchmarks met
- [ ] Security review completed
- [ ] Documentation complete and accurate
- [ ] Demo preparation completed
---
## 📅 Meeting Framework
### Meeting Templates
#### **Daily Standup Template**
```
Date: [Date]
Sprint: [Sprint Number]
Facilitator: [Project Manager]
Team Updates:
□ Backend Team - [Lead Name]
- Completed:
- Today:
- Blockers:
□ Frontend Team - [Lead Name]
- Completed:
- Today:
- Blockers:
□ AI Team - [Lead Name]
- Completed:
- Today:
- Blockers:
□ DevOps Team - [Lead Name]
- Completed:
- Today:
- Blockers:
Cross-Team Dependencies:
- [Dependency 1]
- [Dependency 2]
Action Items:
- [Action Item 1] - Owner: [Name] - Due: [Date]
- [Action Item 2] - Owner: [Name] - Due: [Date]
```
#### **Sprint Planning Template**
```
Sprint Planning - Sprint [Number]
Date: [Date]
Duration: [Start Date] to [End Date]
Sprint Goal:
[Clear, concise statement of what will be achieved]
Team Capacity:
- Backend Team: [X] story points
- Frontend Team: [X] story points
- AI Team: [X] story points
- DevOps Team: [X] story points
Selected Stories:
□ [Story 1] - [Team] - [Points] - [Priority]
□ [Story 2] - [Team] - [Points] - [Priority]
□ [Story 3] - [Team] - [Points] - [Priority]
Dependencies Identified:
- [Dependency 1] - Teams: [A] → [B] - Risk: [Low/Medium/High]
- [Dependency 2] - Teams: [A] → [B] - Risk: [Low/Medium/High]
Risks and Mitigation:
- [Risk 1] - Probability: [%] - Impact: [High/Medium/Low] - Mitigation: [Plan]
- [Risk 2] - Probability: [%] - Impact: [High/Medium/Low] - Mitigation: [Plan]
Sprint Commitment:
Team leads confirm commitment to sprint goal and deliverables.
□ Backend Team Lead - [Name]
□ Frontend Team Lead - [Name]
□ AI Team Lead - [Name]
□ DevOps Team Lead - [Name]
```
#### **Architecture Review Template**
```
Architecture Review - Week [Number]
Date: [Date]
Reviewer: [Architect Name]
Components Reviewed:
□ Backend API Design
- Compliance: [Green/Yellow/Red]
- Issues: [List any issues]
- Recommendations: [List recommendations]
□ Frontend Architecture
- Compliance: [Green/Yellow/Red]
- Issues: [List any issues]
- Recommendations: [List recommendations]
□ AI Integration
- Compliance: [Green/Yellow/Red]
- Issues: [List any issues]
- Recommendations: [List recommendations]
□ Infrastructure Design
- Compliance: [Green/Yellow/Red]
- Issues: [List any issues]
- Recommendations: [List recommendations]
Technical Debt Assessment:
- Current Level: [Low/Medium/High]
- Priority Items: [List top 3 items]
- Remediation Plan: [Summary of approach]
Decisions Made:
- [Decision 1] - Rationale: [Explanation]
- [Decision 2] - Rationale: [Explanation]
Action Items:
- [Action 1] - Owner: [Name] - Due: [Date]
- [Action 2] - Owner: [Name] - Due: [Date]
```
---
## 📋 Documentation Standards
### Required Documentation
#### **API Documentation**
- **OpenAPI Specification:** Complete API documentation with examples
- **Integration Guide:** How to integrate with each API endpoint
- **Error Handling:** Comprehensive error codes and responses
- **Authentication:** Security requirements and implementation
#### **Code Documentation**
- **README Files:** Clear setup and usage instructions
- **Inline Comments:** Complex logic explanation and business rules
- **Architecture Decisions:** ADR (Architecture Decision Records)
- **Deployment Guide:** Step-by-step deployment instructions
#### **Process Documentation**
- **Team Onboarding:** New team member setup guide
- **Development Workflow:** Git branching and development process
- **Quality Standards:** Code quality and review requirements
- **Troubleshooting:** Common issues and resolution steps
### Documentation Review Process
#### **Weekly Documentation Review**
- **Owner:** DevOps & Integration Team Lead
- **Participants:** All team leads
- **Duration:** 30 minutes
- **Agenda:** Review documentation completeness and accuracy
#### **Documentation Standards**
- **Format:** Markdown files in `/docs` directory
- **Structure:** Consistent headings, table of contents, examples
- **Updates:** Documentation updated with each feature delivery
- **Review:** All documentation changes require peer review
---
## 🚨 Escalation Procedures
### Issue Classification
#### **Priority Levels**
| Priority | Response Time | Definition | Examples |
|----------|---------------|------------|----------|
| **P0 - Critical** | 30 minutes | System down, security breach | Database crash, API completely down |
| **P1 - High** | 2 hours | Major feature broken, blocking | Authentication broken, AI services down |
| **P2 - Medium** | 8 hours | Minor feature issues, performance | Slow API responses, UI bugs |
| **P3 - Low** | 24 hours | Enhancement requests, documentation | Feature improvements, doc updates |
### Escalation Flow
#### **Technical Issues**
```
Developer → Team Lead → Architect → Project Manager → Stakeholders
```
#### **Resource/Timeline Issues**
```
Team Lead → Project Manager → Stakeholders
```
#### **Quality/Standards Issues**
```
Team Member → Team Lead → Architect → Project Manager
```
#### **Cross-Team Conflicts**
```
Team Leads → Project Manager → Architect (if technical) → Resolution
```
### Crisis Management
#### **Critical Issue Response**
1. **Immediate (0-15 min):**
- Issue reporter creates critical incident ticket
- Notify Project Manager and Architect immediately
- Form incident response team
2. **Short-term (15-60 min):**
- Assess impact and root cause
- Implement temporary workaround if possible
- Communicate status to stakeholders
3. **Resolution (1+ hours):**
- Develop and implement permanent fix
- Test fix thoroughly in staging environment
- Deploy fix and monitor system health
- Conduct post-incident review
---
## 📊 Performance Metrics
### Team Performance Metrics
#### **Delivery Metrics**
| Metric | Target | Measurement | Frequency |
|--------|--------|-------------|-----------|
| **Sprint Goal Achievement** | 100% | Goals completed vs planned | Weekly |
| **Story Point Velocity** | ±15% variance | Points delivered per sprint | Weekly |
| **Feature Delivery** | On schedule | Features completed on time | Weekly |
| **Defect Rate** | <5% | Bugs found post-delivery | Weekly |
#### **Quality Metrics**
| Metric | Target | Measurement | Frequency |
|--------|--------|-------------|-----------|
| **Code Coverage** | >80% | Automated test coverage | Daily |
| **Code Review Time** | <4 hours | Time from PR to approval | Daily |
| **Build Success Rate** | >95% | CI/CD pipeline success | Daily |
| **Documentation Coverage** | >90% | Features documented | Weekly |
#### **Team Health Metrics**
| Metric | Target | Measurement | Frequency |
|--------|--------|-------------|-----------|
| **Team Satisfaction** | >8/10 | Weekly team survey | Weekly |
| **Collaboration Score** | >8/10 | Cross-team effectiveness | Weekly |
| **Knowledge Sharing** | >3 sessions/week | Tech talks, reviews | Weekly |
| **Blockers Resolution** | <24 hours | Time to resolve blockers | Daily |
### Individual Performance Metrics
#### **Backend Team**
- API endpoint delivery rate (100% per sprint)
- Code quality score (>90%)
- Test coverage percentage (>80%)
- Code review participation rate (100%)
#### **Frontend Team**
- UI component completion rate (100% per sprint)
- User experience satisfaction (>8/10)
- Browser compatibility score (>95%)
- Design system compliance (>90%)
#### **AI Team**
- AI model accuracy (>90%)
- Prompt optimization rate (>85% user satisfaction)
- Processing time improvements (weekly optimization)
- AI service uptime (>99.5%)
#### **DevOps Team**
- Infrastructure uptime (>99.9%)
- CI/CD pipeline reliability (>95% success rate)
- Documentation completeness (>90%)
- Security compliance score (100%)
---
## 📝 Standard Templates
### Handoff Document Template
```markdown
# Team Handoff Document
**From Team:** [Source Team]
**To Team:** [Destination Team]
**Date:** [Date]
**Sprint:** [Sprint Number]
## Deliverables
- [Deliverable 1] - Status: [Complete/Partial/Pending]
- [Deliverable 2] - Status: [Complete/Partial/Pending]
## Technical Specifications
- **API Endpoints:** [List with documentation links]
- **Data Models:** [List with schema definitions]
- **Configuration:** [Environment variables, settings]
- **Dependencies:** [External services, libraries]
## Testing Information
- **Test Coverage:** [Percentage]
- **Test Results:** [Link to test report]
- **Known Issues:** [List any known problems]
- **Testing Instructions:** [How to test the deliverables]
## Documentation
- **Technical Docs:** [Links to relevant documentation]
- **API Documentation:** [Link to API docs]
- **Setup Instructions:** [How to run/deploy]
- **Troubleshooting:** [Common issues and solutions]
## Next Steps
- [Action item 1] - Owner: [Name] - Due: [Date]
- [Action item 2] - Owner: [Name] - Due: [Date]
## Contact Information
- **Primary Contact:** [Name] - [Email] - [Slack/Teams]
- **Secondary Contact:** [Name] - [Email] - [Slack/Teams]
## Sign-off
- **Source Team Lead:** [Name] - [Date] - [Signature]
- **Destination Team Lead:** [Name] - [Date] - [Signature]
```
### Status Report Template
```markdown
# Weekly Status Report
**Week of:** [Date Range]
**Sprint:** [Sprint Number]
**Report Date:** [Date]
**Prepared by:** [Project Manager Name]
## Executive Summary
[2-3 sentence summary of week's progress and status]
## Sprint Progress
- **Sprint Goal:** [Goal statement]
- **Completion Rate:** [X]% ([Y] of [Z] story points completed)
- **On Track for Sprint Goal:** [Yes/No/At Risk]
## Team Status
### Backend Team
- **Completed:** [List major accomplishments]
- **In Progress:** [Current work]
- **Planned:** [Next week's priorities]
- **Blockers:** [Any impediments]
- **Health:** [Green/Yellow/Red]
### Frontend Team
- **Completed:** [List major accomplishments]
- **In Progress:** [Current work]
- **Planned:** [Next week's priorities]
- **Blockers:** [Any impediments]
- **Health:** [Green/Yellow/Red]
### AI Engineering Team
- **Completed:** [List major accomplishments]
- **In Progress:** [Current work]
- **Planned:** [Next week's priorities]
- **Blockers:** [Any impediments]
- **Health:** [Green/Yellow/Red]
### DevOps & Integration Team
- **Completed:** [List major accomplishments]
- **In Progress:** [Current work]
- **Planned:** [Next week's priorities]
- **Blockers:** [Any impediments]
- **Health:** [Green/Yellow/Red]
## Key Metrics
| Metric | Target | Actual | Status |
|--------|--------|---------|--------|
| Sprint Velocity | [X] points | [Y] points | [Green/Yellow/Red] |
| Code Coverage | >80% | [X]% | [Green/Yellow/Red] |
| Build Success Rate | >95% | [X]% | [Green/Yellow/Red] |
| Team Satisfaction | >8/10 | [X]/10 | [Green/Yellow/Red] |
## Risks and Issues
| Risk/Issue | Impact | Probability | Mitigation | Owner | Due Date |
|------------|--------|-------------|------------|--------|----------|
| [Risk 1] | [High/Med/Low] | [High/Med/Low] | [Plan] | [Name] | [Date] |
| [Risk 2] | [High/Med/Low] | [High/Med/Low] | [Plan] | [Name] | [Date] |
## Decisions Made
- [Decision 1] - Rationale: [Explanation] - Impact: [Description]
- [Decision 2] - Rationale: [Explanation] - Impact: [Description]
## Next Week Focus
- [Priority 1]
- [Priority 2]
- [Priority 3]
## Action Items
- [Action 1] - Owner: [Name] - Due: [Date]
- [Action 2] - Owner: [Name] - Due: [Date]
## Attachments
- [Link to detailed metrics dashboard]
- [Link to sprint burndown chart]
- [Link to risk register]
```
---
## 🎯 Implementation Checklist
### Week 1: Team Formation
- [ ] All team members hired and onboarded
- [ ] Role responsibilities communicated and accepted
- [ ] Communication tools set up (Slack, Gitea, etc.)
- [ ] Development environment access provided
- [ ] First sprint planning meeting scheduled
### Week 2: Process Implementation
- [ ] Daily standup schedule established
- [ ] Sprint planning process implemented
- [ ] Architecture review process started
- [ ] Quality standards documented and communicated
- [ ] Documentation standards established
### Week 3: Team Optimization
- [ ] First retrospective completed with improvements
- [ ] Cross-team communication protocols refined
- [ ] Performance metrics baseline established
- [ ] Escalation procedures tested and refined
- [ ] Team health survey implemented
### Ongoing: Continuous Improvement
- [ ] Weekly retrospectives with action items
- [ ] Monthly team satisfaction surveys
- [ ] Quarterly process review and optimization
- [ ] Continuous metrics monitoring and improvement
- [ ] Regular team building and knowledge sharing
---
*This team management guide provides the foundation for successful JobForge MVP development with clear roles, processes, and standards for professional team coordination and delivery.*

769
docs/testing/qa_procedures.md Normal file
View File

@@ -0,0 +1,769 @@
# QA Procedures - Job Forge
## Overview
This document outlines the Quality Assurance procedures for Job Forge, including testing strategies, quality gates, bug reporting, and release validation processes.
## Testing Strategy
### Test Pyramid for Job Forge
```
/\ E2E Tests (10%)
/ \ - Critical user workflows
/____\ - Cross-browser testing
/ \ Integration Tests (20%)
/ \ - API endpoint testing
\ / - Database RLS validation
\______/ - AI service integration
\ / Unit Tests (70%)
\ / - Business logic
\/ - Authentication
- Data validation
```
### 1. Unit Testing (70% of tests)
#### Test Categories
- **Authentication & Security**: Login, JWT tokens, password hashing
- **Business Logic**: Application CRUD operations, status transitions
- **Data Validation**: Pydantic model validation, input sanitization
- **AI Integration**: Service mocking, error handling, rate limiting
- **Database Operations**: RLS policies, query optimization
#### Running Unit Tests
```bash
# Run all unit tests
pytest tests/unit/ -v
# Run specific test file
pytest tests/unit/test_auth_service.py -v
# Run with coverage
pytest tests/unit/ --cov=app --cov-report=html
# Run tests matching pattern
pytest -k "test_auth" -v
```
#### Unit Test Example
```python
# tests/unit/test_application_service.py
import pytest
from unittest.mock import AsyncMock
@pytest.mark.asyncio
async def test_create_application_with_ai_generation(test_db, test_user, mock_claude_service):
"""Test application creation with AI cover letter generation."""
# Arrange
mock_claude_service.generate_cover_letter.return_value = "Generated cover letter"
app_data = ApplicationCreate(
company_name="AI Corp",
role_title="ML Engineer",
job_description="Python ML position",
status="draft"
)
# Act
with patch('app.services.ai.claude_service.ClaudeService', return_value=mock_claude_service):
application = await create_application(test_db, app_data, test_user.id)
# Assert
assert application.company_name == "AI Corp"
assert application.cover_letter == "Generated cover letter"
mock_claude_service.generate_cover_letter.assert_called_once()
```
### 2. Integration Testing (20% of tests)
#### Test Categories
- **API Integration**: Full request/response testing with authentication
- **Database Integration**: Multi-tenant isolation, RLS policy validation
- **AI Service Integration**: Real API calls with mocking strategies
- **Service Layer Integration**: Complete workflow testing
#### Running Integration Tests
```bash
# Run integration tests
pytest tests/integration/ -v
# Run with test database
pytest tests/integration/ --db-url=postgresql://test:test@localhost:5432/jobforge_test
# Run specific integration test
pytest tests/integration/test_api_auth.py::TestAuthenticationEndpoints::test_complete_registration_flow -v
```
#### Integration Test Example
```python
# tests/integration/test_api_applications.py
@pytest.mark.asyncio
async def test_complete_application_workflow(async_client, test_user_token):
"""Test complete application workflow from creation to update."""
headers = {"Authorization": f"Bearer {test_user_token}"}
# 1. Create application
app_data = {
"company_name": "Integration Test Corp",
"role_title": "Software Engineer",
"job_description": "Full-stack developer position",
"status": "draft"
}
create_response = await async_client.post(
"/api/v1/applications/",
json=app_data,
headers=headers
)
assert create_response.status_code == 201
app_id = create_response.json()["id"]
# 2. Get application
get_response = await async_client.get(
f"/api/v1/applications/{app_id}",
headers=headers
)
assert get_response.status_code == 200
# 3. Update application status
update_response = await async_client.put(
f"/api/v1/applications/{app_id}",
json={"status": "applied"},
headers=headers
)
assert update_response.status_code == 200
assert update_response.json()["status"] == "applied"
```
### 3. End-to-End Testing (10% of tests)
#### Test Categories
- **Critical User Journeys**: Registration → Login → Create Application → Generate Cover Letter
- **Cross-browser Compatibility**: Chrome, Firefox, Safari, Edge
- **Performance Testing**: Response times, concurrent users
- **Error Scenario Testing**: Network failures, service outages
#### E2E Test Tools Setup
```bash
# Install Playwright for E2E testing
pip install playwright
playwright install
# Run E2E tests
pytest tests/e2e/ -v --headed # With browser UI
pytest tests/e2e/ -v # Headless mode
```
#### E2E Test Example
```python
# tests/e2e/test_user_workflows.py
import pytest
from playwright.async_api import async_playwright
@pytest.mark.asyncio
async def test_complete_user_journey():
"""Test complete user journey from registration to application creation."""
async with async_playwright() as p:
browser = await p.chromium.launch()
page = await browser.new_page()
try:
# 1. Navigate to registration
await page.goto("http://localhost:8000/register")
# 2. Fill registration form
await page.fill('[data-testid="email-input"]', 'e2e@test.com')
await page.fill('[data-testid="password-input"]', 'E2EPassword123!')
await page.fill('[data-testid="first-name-input"]', 'E2E')
await page.fill('[data-testid="last-name-input"]', 'User')
# 3. Submit registration
await page.click('[data-testid="register-button"]')
# 4. Verify redirect to dashboard
await page.wait_for_url("**/dashboard")
# 5. Create application
await page.click('[data-testid="new-application-button"]')
await page.fill('[data-testid="company-input"]', 'E2E Test Corp')
await page.fill('[data-testid="role-input"]', 'Test Engineer')
# 6. Submit application
await page.click('[data-testid="save-application-button"]')
# 7. Verify application appears
await page.wait_for_selector('[data-testid="application-card"]')
# 8. Verify application details
company_text = await page.text_content('[data-testid="company-name"]')
assert company_text == "E2E Test Corp"
finally:
await browser.close()
```
## Quality Gates
### 1. Code Quality Gates
#### Pre-commit Hooks
```bash
# Install pre-commit hooks
pip install pre-commit
pre-commit install
# Run hooks manually
pre-commit run --all-files
```
#### .pre-commit-config.yaml
```yaml
repos:
- repo: https://github.com/psf/black
rev: 23.7.0
hooks:
- id: black
language_version: python3.12
- repo: https://github.com/charliermarsh/ruff-pre-commit
rev: v0.0.284
hooks:
- id: ruff
args: [--fix, --exit-non-zero-on-fix]
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.5.1
hooks:
- id: mypy
additional_dependencies: [pydantic, sqlalchemy]
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-files
```
#### Quality Metrics Thresholds
```bash
# Code coverage minimum: 80%
pytest --cov=app --cov-fail-under=80
# Complexity maximum: 10
ruff check --select=C901
# Type coverage minimum: 90%
mypy app/ --strict
```
### 2. Functional Quality Gates
#### API Response Time Requirements
- **Authentication endpoints**: < 200ms
- **CRUD operations**: < 500ms
- **AI generation endpoints**: < 30 seconds
- **Dashboard loading**: < 2 seconds
#### Reliability Requirements
- **Uptime**: > 99% during testing
- **Error rate**: < 1% for non-AI operations
- **AI service fallback**: Must handle service failures gracefully
### 3. Security Quality Gates
#### Security Testing Checklist
```yaml
authentication_security:
- [ ] JWT tokens expire correctly
- [ ] Password hashing is secure (bcrypt)
- [ ] Session management is stateless
- [ ] Rate limiting prevents brute force
authorization_security:
- [ ] RLS policies enforce user isolation
- [ ] API endpoints require proper authentication
- [ ] Users cannot access other users' data
- [ ] Admin endpoints are properly protected
input_validation:
- [ ] All API inputs are validated
- [ ] SQL injection prevention works
- [ ] XSS prevention is implemented
- [ ] File upload validation is secure
data_protection:
- [ ] Sensitive data is encrypted
- [ ] API keys are properly secured
- [ ] Environment variables contain no secrets
- [ ] Database connections are secure
```
## Bug Reporting and Management
### 1. Bug Classification
#### Severity Levels
- **Critical**: Application crashes, data loss, security vulnerabilities
- **High**: Major features not working, authentication failures
- **Medium**: Minor features broken, UI issues, performance problems
- **Low**: Cosmetic issues, minor improvements, documentation errors
#### Priority Levels
- **P0**: Fix immediately (< 2 hours)
- **P1**: Fix within 24 hours
- **P2**: Fix within 1 week
- **P3**: Fix in next release cycle
### 2. Bug Report Template
#### GitHub Issue Template
```markdown
## Bug Report
### Summary
Brief description of the bug
### Environment
- **OS**: macOS 14.0 / Windows 11 / Ubuntu 22.04
- **Browser**: Chrome 118.0 / Firefox 119.0 / Safari 17.0
- **Python Version**: 3.12.0
- **FastAPI Version**: 0.104.1
### Steps to Reproduce
1. Go to '...'
2. Click on '...'
3. Enter data '...'
4. See error
### Expected Behavior
What should happen
### Actual Behavior
What actually happens
### Screenshots/Logs
```
Error logs or screenshots
```
### Additional Context
Any other context about the problem
### Severity/Priority
- [ ] Critical
- [ ] High
- [ ] Medium
- [ ] Low
```
### 3. Bug Triage Process
#### Weekly Bug Triage Meeting
1. **Review new bugs**: Assign severity and priority
2. **Update existing bugs**: Check progress and blockers
3. **Close resolved bugs**: Verify fixes and close tickets
4. **Plan bug fixes**: Assign to sprints based on priority
#### Bug Assignment Criteria
- **Critical/P0**: Technical Lead + DevOps
- **High/P1**: Full-stack Developer
- **Medium/P2**: QA Engineer + Developer collaboration
- **Low/P3**: Next available developer
## Test Data Management
### 1. Test Data Strategy
#### Test Database Setup
```bash
# Create test database
createdb jobforge_test
# Run test migrations
DATABASE_URL=postgresql://test:test@localhost/jobforge_test alembic upgrade head
# Seed test data
python scripts/seed_test_data.py
```
#### Test Data Factory
```python
# tests/factories.py
import factory
from app.models.user import User
from app.models.application import Application
class UserFactory(factory.Factory):
class Meta:
model = User
email = factory.Sequence(lambda n: f"user{n}@test.com")
password_hash = "$2b$12$hash"
first_name = "Test"
last_name = factory.Sequence(lambda n: f"User{n}")
class ApplicationFactory(factory.Factory):
class Meta:
model = Application
company_name = factory.Faker('company')
role_title = factory.Faker('job')
job_description = factory.Faker('text', max_nb_chars=500)
status = "draft"
user = factory.SubFactory(UserFactory)
```
### 2. Test Environment Management
#### Environment Isolation
```yaml
# docker-compose.test.yml
version: '3.8'
services:
test-db:
image: pgvector/pgvector:pg16
environment:
- POSTGRES_DB=jobforge_test
- POSTGRES_USER=test
- POSTGRES_PASSWORD=test
ports:
- "5433:5432"
tmpfs:
- /var/lib/postgresql/data # In-memory for speed
test-app:
build: .
environment:
- DATABASE_URL=postgresql://test:test@test-db:5432/jobforge_test
- TESTING=true
depends_on:
- test-db
```
#### Test Data Cleanup
```python
# tests/conftest.py
@pytest.fixture(autouse=True)
async def cleanup_test_data(test_db):
"""Clean up test data after each test."""
yield
# Truncate all tables
await test_db.execute("TRUNCATE TABLE applications CASCADE")
await test_db.execute("TRUNCATE TABLE users CASCADE")
await test_db.commit()
```
## Performance Testing
### 1. Load Testing with Locust
#### Installation and Setup
```bash
# Install locust
pip install locust
# Run load tests
locust -f tests/performance/locustfile.py --host=http://localhost:8000
```
#### Load Test Example
```python
# tests/performance/locustfile.py
from locust import HttpUser, task, between
import json
class JobForgeUser(HttpUser):
wait_time = between(1, 3)
def on_start(self):
"""Login user on start."""
response = self.client.post("/api/auth/login", data={
"username": "test@example.com",
"password": "testpass123"
})
if response.status_code == 200:
self.token = response.json()["access_token"]
self.headers = {"Authorization": f"Bearer {self.token}"}
@task(3)
def get_applications(self):
"""Get user applications."""
self.client.get("/api/v1/applications/", headers=self.headers)
@task(1)
def create_application(self):
"""Create new application."""
app_data = {
"company_name": "Load Test Corp",
"role_title": "Test Engineer",
"job_description": "Performance testing position",
"status": "draft"
}
self.client.post(
"/api/v1/applications/",
json=app_data,
headers=self.headers
)
@task(1)
def generate_cover_letter(self):
"""Generate AI cover letter (expensive operation)."""
# Get first application
response = self.client.get("/api/v1/applications/", headers=self.headers)
if response.status_code == 200:
applications = response.json()
if applications:
app_id = applications[0]["id"]
self.client.post(
f"/api/v1/applications/{app_id}/generate-cover-letter",
headers=self.headers
)
```
### 2. Performance Benchmarks
#### Response Time Targets
```python
# tests/performance/test_benchmarks.py
import pytest
import time
import statistics
@pytest.mark.performance
@pytest.mark.asyncio
async def test_api_response_times(async_client, test_user_token):
"""Test API response time benchmarks."""
headers = {"Authorization": f"Bearer {test_user_token}"}
# Test multiple requests
response_times = []
for _ in range(50):
start_time = time.time()
response = await async_client.get("/api/v1/applications/", headers=headers)
assert response.status_code == 200
response_time = (time.time() - start_time) * 1000 # Convert to ms
response_times.append(response_time)
# Analyze results
avg_time = statistics.mean(response_times)
p95_time = statistics.quantiles(response_times, n=20)[18] # 95th percentile
# Assert performance requirements
assert avg_time < 200, f"Average response time {avg_time}ms exceeds 200ms limit"
assert p95_time < 500, f"95th percentile {p95_time}ms exceeds 500ms limit"
print(f"Average response time: {avg_time:.2f}ms")
print(f"95th percentile: {p95_time:.2f}ms")
```
## Release Testing Procedures
### 1. Pre-Release Testing Checklist
#### Functional Testing
```yaml
authentication_testing:
- [ ] User registration works
- [ ] User login/logout works
- [ ] JWT token validation works
- [ ] Password reset works (if implemented)
application_management:
- [ ] Create application works
- [ ] View applications works
- [ ] Update application works
- [ ] Delete application works
- [ ] Application status transitions work
ai_integration:
- [ ] Cover letter generation works
- [ ] AI service error handling works
- [ ] Rate limiting is enforced
- [ ] Fallback mechanisms work
data_security:
- [ ] User data isolation works
- [ ] RLS policies are enforced
- [ ] No data leakage between users
- [ ] Sensitive data is protected
```
#### Cross-Browser Testing
```yaml
browsers_to_test:
chrome:
- [ ] Latest version
- [ ] Previous major version
firefox:
- [ ] Latest version
- [ ] ESR version
safari:
- [ ] Latest version (macOS/iOS)
edge:
- [ ] Latest version
mobile_testing:
- [ ] iOS Safari
- [ ] Android Chrome
- [ ] Responsive design works
- [ ] Touch interactions work
```
### 2. Release Validation Process
#### Staging Environment Testing
```bash
# Deploy to staging
docker-compose -f docker-compose.staging.yml up -d
# Run full test suite against staging
pytest tests/ --base-url=https://staging.jobforge.com
# Run smoke tests
pytest tests/smoke/ -v
# Performance testing
locust -f tests/performance/locustfile.py --host=https://staging.jobforge.com --users=50 --spawn-rate=5 --run-time=5m
```
#### Production Deployment Checklist
```yaml
pre_deployment:
- [ ] All tests passing in CI/CD
- [ ] Code review completed
- [ ] Database migrations tested
- [ ] Environment variables updated
- [ ] SSL certificates valid
- [ ] Backup created
deployment:
- [ ] Deploy with zero downtime
- [ ] Health checks passing
- [ ] Database migrations applied
- [ ] Cache cleared if needed
- [ ] CDN updated if needed
post_deployment:
- [ ] Smoke tests passing
- [ ] Performance metrics normal
- [ ] Error rates acceptable
- [ ] User workflows tested
- [ ] Rollback plan ready
```
## Continuous Testing Integration
### 1. CI/CD Pipeline Testing
#### GitHub Actions Workflow
```yaml
# .github/workflows/test.yml
name: Test Suite
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: pgvector/pgvector:pg16
env:
POSTGRES_PASSWORD: test
POSTGRES_DB: jobforge_test
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.12'
- name: Install dependencies
run: |
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Run linting
run: |
black --check .
ruff check .
mypy app/
- name: Run tests
run: |
pytest tests/unit/ tests/integration/ --cov=app --cov-report=xml
env:
DATABASE_URL: postgresql://postgres:test@localhost:5432/jobforge_test
- name: Upload coverage
uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
```
### 2. Quality Metrics Dashboard
#### Test Results Tracking
```python
# scripts/generate_test_report.py
import json
import subprocess
from datetime import datetime
def generate_test_report():
"""Generate comprehensive test report."""
# Run tests with JSON output
result = subprocess.run([
'pytest', 'tests/', '--json-report', '--json-report-file=test_report.json'
], capture_output=True, text=True)
# Load test results
with open('test_report.json') as f:
test_data = json.load(f)
# Generate summary
summary = {
'timestamp': datetime.now().isoformat(),
'total_tests': test_data['summary']['total'],
'passed': test_data['summary']['passed'],
'failed': test_data['summary']['failed'],
'skipped': test_data['summary']['skipped'],
'duration': test_data['duration'],
'pass_rate': test_data['summary']['passed'] / test_data['summary']['total'] * 100
}
print(f"Test Summary: {summary['passed']}/{summary['total']} passed ({summary['pass_rate']:.1f}%)")
return summary
if __name__ == "__main__":
generate_test_report()
```
This comprehensive QA procedure ensures that Job Forge maintains high quality through systematic testing, monitoring, and validation processes.

700
docs/testing_strategy.md
View File

@@ -1,700 +0,0 @@
# JobForge MVP - Testing Strategy & Guidelines
**Version:** 1.0.0 MVP
**Target Audience:** Development Team
**Testing Framework:** pytest + manual testing
**Last Updated:** July 2025
---
## 🎯 Testing Philosophy
### MVP Testing Approach
- **Pragmatic over Perfect:** Focus on critical path testing rather than 100% coverage
- **Backend Heavy:** Comprehensive API testing, lighter frontend testing for MVP
- **Manual Integration:** Manual testing of full user workflows
- **AI Mocking:** Mock external AI services for reliable testing
- **Database Testing:** Test data isolation and security policies
### Testing Pyramid for MVP
```
┌─────────────────┐
│ Manual E2E │ ← Full user workflows
│ Testing │
├─────────────────┤
│ Integration │ ← API endpoints + database
│ Tests │
├─────────────────┤
│ Unit Tests │ ← Business logic + utilities
│ │
└─────────────────┘
```
---
## 🧪 Unit Testing (Backend)
### Test Structure
```
tests/
├── unit/
│ ├── services/
│ │ ├── test_auth_service.py
│ │ ├── test_application_service.py
│ │ └── test_document_service.py
│ ├── agents/
│ │ ├── test_research_agent.py
│ │ ├── test_resume_optimizer.py
│ │ └── test_cover_letter_generator.py
│ └── helpers/
│ ├── test_validators.py
│ └── test_formatters.py
├── integration/
│ ├── test_api_auth.py
│ ├── test_api_applications.py
│ ├── test_api_documents.py
│ └── test_database_policies.py
├── fixtures/
│ ├── test_data.py
│ └── mock_responses.py
├── conftest.py
└── pytest.ini
```
### Sample Unit Tests
#### Authentication Service Test
```python
# tests/unit/services/test_auth_service.py
import pytest
from unittest.mock import AsyncMock, patch
from src.backend.services.auth_service import AuthenticationService
from src.backend.models.requests import RegisterRequest
class TestAuthenticationService:
@pytest.fixture
def auth_service(self, mock_db):
return AuthenticationService(mock_db)
@pytest.mark.asyncio
async def test_register_user_success(self, auth_service):
# Arrange
register_data = RegisterRequest(
email="test@example.com",
password="SecurePass123!",
full_name="Test User"
)
# Act
user = await auth_service.register_user(register_data)
# Assert
assert user.email == "test@example.com"
assert user.full_name == "Test User"
assert user.id is not None
# Password should be hashed
assert user.password_hash != "SecurePass123!"
assert user.password_hash.startswith("$2b$")
@pytest.mark.asyncio
async def test_register_user_duplicate_email(self, auth_service, existing_user):
# Arrange
register_data = RegisterRequest(
email=existing_user.email, # Same email as existing user
password="SecurePass123!",
full_name="Another User"
)
# Act & Assert
with pytest.raises(DuplicateEmailError):
await auth_service.register_user(register_data)
@pytest.mark.asyncio
async def test_authenticate_user_success(self, auth_service, existing_user):
# Act
auth_result = await auth_service.authenticate_user(
existing_user.email,
"correct_password"
)
# Assert
assert auth_result.success is True
assert auth_result.user.id == existing_user.id
assert auth_result.access_token is not None
assert auth_result.token_type == "bearer"
@pytest.mark.asyncio
async def test_authenticate_user_wrong_password(self, auth_service, existing_user):
# Act
auth_result = await auth_service.authenticate_user(
existing_user.email,
"wrong_password"
)
# Assert
assert auth_result.success is False
assert auth_result.user is None
assert auth_result.access_token is None
```
#### AI Agent Test with Mocking
```python
# tests/unit/agents/test_research_agent.py
import pytest
from unittest.mock import AsyncMock, patch
from src.agents.research_agent import ResearchAgent
class TestResearchAgent:
@pytest.fixture
def research_agent(self, mock_claude_client):
return ResearchAgent(mock_claude_client)
@pytest.mark.asyncio
@patch('src.agents.research_agent.web_search')
async def test_analyze_job_description(self, mock_web_search, research_agent):
# Arrange
job_description = """
We are seeking a Senior Python Developer with 5+ years experience.
Must have Django, PostgreSQL, and AWS experience.
"""
mock_claude_response = {
"content": [{
"text": """
{
"required_skills": ["Python", "Django", "PostgreSQL", "AWS"],
"experience_level": "Senior (5+ years)",
"key_requirements": ["Backend development", "Database design"],
"nice_to_have": ["Docker", "Kubernetes"]
}
"""
}]
}
research_agent.claude_client.messages.create.return_value = mock_claude_response
# Act
analysis = await research_agent.analyze_job_description(job_description)
# Assert
assert "Python" in analysis.required_skills
assert "Django" in analysis.required_skills
assert analysis.experience_level == "Senior (5+ years)"
assert len(analysis.key_requirements) > 0
@pytest.mark.asyncio
async def test_research_company_info(self, research_agent):
# Test company research with mocked web search
company_name = "Google"
# Mock web search results
with patch('src.agents.research_agent.web_search') as mock_search:
mock_search.return_value = {
"results": [
{
"title": "Google - About",
"content": "Google is a multinational technology company...",
"url": "https://about.google.com"
}
]
}
company_info = await research_agent.research_company_info(company_name)
assert company_info.company_name == "Google"
assert len(company_info.recent_news) >= 0
assert company_info.company_description is not None
```
---
## 🔗 Integration Testing
### API Integration Tests
```python
# tests/integration/test_api_applications.py
import pytest
from httpx import AsyncClient
from src.backend.main import app
class TestApplicationsAPI:
@pytest.mark.asyncio
async def test_create_application_success(self, auth_headers):
async with AsyncClient(app=app, base_url="http://test") as client:
# Arrange
application_data = {
"company_name": "Google",
"role_title": "Senior Developer",
"job_description": "We are seeking an experienced developer with Python skills...",
"location": "Toronto, ON",
"priority_level": "high"
}
# Act
response = await client.post(
"/api/v1/applications",
json=application_data,
headers=auth_headers
)
# Assert
assert response.status_code == 201
data = response.json()
assert data["company_name"] == "Google"
assert data["role_title"] == "Senior Developer"
assert data["status"] == "draft"
assert data["name"] == "google_senior_developer_2025_07_01" # Auto-generated
@pytest.mark.asyncio
async def test_create_application_validation_error(self, auth_headers):
async with AsyncClient(app=app, base_url="http://test") as client:
# Arrange - missing required fields
application_data = {
"company_name": "", # Empty company name
"job_description": "Short" # Too short (min 50 chars)
}
# Act
response = await client.post(
"/api/v1/applications",
json=application_data,
headers=auth_headers
)
# Assert
assert response.status_code == 400
error = response.json()
assert "company_name" in error["error"]["details"]
assert "job_description" in error["error"]["details"]
@pytest.mark.asyncio
async def test_list_applications_user_isolation(self, auth_headers, other_user_auth_headers):
async with AsyncClient(app=app, base_url="http://test") as client:
# Create application as user 1
await client.post(
"/api/v1/applications",
json={
"company_name": "User1 Company",
"role_title": "Developer",
"job_description": "Job description for user 1 application..."
},
headers=auth_headers
)
# List applications as user 2
response = await client.get(
"/api/v1/applications",
headers=other_user_auth_headers
)
# Assert user 2 cannot see user 1's applications
assert response.status_code == 200
data = response.json()
assert len(data["applications"]) == 0 # Should be empty for user 2
```
### Database Policy Tests
```python
# tests/integration/test_database_policies.py
import pytest
from src.backend.database.connection import get_db_connection
class TestDatabasePolicies:
@pytest.mark.asyncio
async def test_rls_user_isolation(self, test_user_1, test_user_2):
async with get_db_connection() as conn:
# Set context as user 1
await conn.execute(
"SET LOCAL app.current_user_id = %s",
str(test_user_1.id)
)
# Create application as user 1
result = await conn.execute("""
INSERT INTO applications (user_id, name, company_name, role_title, job_description)
VALUES (%s, 'test_app', 'Test Co', 'Developer', 'Test job description...')
RETURNING id
""", str(test_user_1.id))
app_id = result.fetchone()[0]
# Switch context to user 2
await conn.execute(
"SET LOCAL app.current_user_id = %s",
str(test_user_2.id)
)
# Try to access user 1's application as user 2
result = await conn.execute(
"SELECT * FROM applications WHERE id = %s",
str(app_id)
)
# Assert user 2 cannot see user 1's application
assert len(result.fetchall()) == 0
@pytest.mark.asyncio
async def test_document_cascade_delete(self, test_user, test_application):
async with get_db_connection() as conn:
# Set user context
await conn.execute(
"SET LOCAL app.current_user_id = %s",
str(test_user.id)
)
# Create document
await conn.execute("""
INSERT INTO documents (application_id, document_type, content)
VALUES (%s, 'research_report', 'Test research content')
""", str(test_application.id))
# Delete application
await conn.execute(
"DELETE FROM applications WHERE id = %s",
str(test_application.id)
)
# Verify documents were cascaded deleted
result = await conn.execute(
"SELECT COUNT(*) FROM documents WHERE application_id = %s",
str(test_application.id)
)
assert result.fetchone()[0] == 0
```
---
## 🎭 Test Fixtures & Mocking
### Pytest Configuration
```python
# conftest.py
import pytest
import asyncio
from unittest.mock import AsyncMock
from src.backend.database.connection import get_db_connection
from src.backend.models.requests import RegisterRequest
@pytest.fixture(scope="session")
def event_loop():
"""Create an instance of the default event loop for the test session."""
loop = asyncio.get_event_loop_policy().new_event_loop()
yield loop
loop.close()
@pytest.fixture
async def test_db():
"""Provide test database connection with cleanup."""
async with get_db_connection() as conn:
# Start transaction
trans = await conn.begin()
yield conn
# Rollback transaction (cleanup)
await trans.rollback()
@pytest.fixture
async def test_user(test_db):
"""Create test user."""
user_data = {
"id": "123e4567-e89b-12d3-a456-426614174000",
"email": "test@example.com",
"password_hash": "$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8",
"full_name": "Test User"
}
await test_db.execute("""
INSERT INTO users (id, email, password_hash, full_name)
VALUES (%(id)s, %(email)s, %(password_hash)s, %(full_name)s)
""", user_data)
return User(**user_data)
@pytest.fixture
def auth_headers(test_user):
"""Generate authentication headers for test user."""
token = generate_jwt_token(test_user.id)
return {"Authorization": f"Bearer {token}"}
@pytest.fixture
def mock_claude_client():
"""Mock Claude API client."""
mock = AsyncMock()
mock.messages.create.return_value = {
"content": [{
"text": "Mocked Claude response"
}]
}
return mock
@pytest.fixture
def mock_openai_client():
"""Mock OpenAI API client."""
mock = AsyncMock()
mock.embeddings.create.return_value = {
"data": [{
"embedding": [0.1] * 1536 # Mock 1536-dimensional embedding
}]
}
return mock
```
### Test Data Factory
```python
# tests/fixtures/test_data.py
from datetime import datetime
import uuid
class TestDataFactory:
"""Factory for creating test data objects."""
@staticmethod
def create_user_data(**overrides):
defaults = {
"id": str(uuid.uuid4()),
"email": "user@example.com",
"password_hash": "$2b$12$test_hash",
"full_name": "Test User",
"created_at": datetime.now(),
"updated_at": datetime.now()
}
return {**defaults, **overrides}
@staticmethod
def create_application_data(user_id, **overrides):
defaults = {
"id": str(uuid.uuid4()),
"user_id": user_id,
"name": "test_company_developer_2025_07_01",
"company_name": "Test Company",
"role_title": "Software Developer",
"job_description": "We are seeking a software developer with Python experience...",
"location": "Toronto, ON",
"priority_level": "medium",
"status": "draft",
"research_completed": False,
"resume_optimized": False,
"cover_letter_generated": False,
"created_at": datetime.now(),
"updated_at": datetime.now()
}
return {**defaults, **overrides}
@staticmethod
def create_document_data(application_id, **overrides):
defaults = {
"id": str(uuid.uuid4()),
"application_id": application_id,
"document_type": "research_report",
"content": "# Test Research Report\n\nThis is test content...",
"created_at": datetime.now(),
"updated_at": datetime.now()
}
return {**defaults, **overrides}
```
---
## 🎯 Manual Testing Guidelines
### Critical User Workflows
#### Workflow 1: Complete Application Creation
**Goal:** Test full 3-phase workflow from start to finish
**Steps:**
1. **Registration & Login**
- [ ] Register new account with valid email/password
- [ ] Login with created credentials
- [ ] Verify JWT token is received and stored
2. **Application Creation**
- [ ] Create new application with job description
- [ ] Verify application appears in sidebar
- [ ] Check application status is "draft"
3. **Research Phase**
- [ ] Click "Research" tab
- [ ] Verify research processing starts automatically
- [ ] Wait for completion (check processing status)
- [ ] Review generated research report
- [ ] Verify application status updates to "research_complete"
4. **Resume Optimization**
- [ ] Upload at least one resume to library
- [ ] Click "Resume" tab
- [ ] Start resume optimization
- [ ] Verify processing completes successfully
- [ ] Review optimized resume content
- [ ] Test editing resume content
- [ ] Verify application status updates to "resume_ready"
5. **Cover Letter Generation**
- [ ] Click "Cover Letter" tab
- [ ] Add additional context in text box
- [ ] Generate cover letter
- [ ] Review generated content
- [ ] Test editing cover letter
- [ ] Verify application status updates to "cover_letter_ready"
**Expected Results:**
- All phases complete without errors
- Documents are editable and changes persist
- Status updates correctly through workflow
- Navigation works smoothly between phases
#### Workflow 2: Data Isolation Testing
**Goal:** Verify users cannot access each other's data
**Steps:**
1. **Create two test accounts**
- Account A: user1@test.com
- Account B: user2@test.com
2. **Create applications in both accounts**
- Login as User A, create "Google Developer" application
- Login as User B, create "Microsoft Engineer" application
3. **Verify isolation**
- [ ] User A cannot see User B's applications in sidebar
- [ ] User A cannot access User B's application URLs directly
- [ ] Document URLs return 404 for wrong user
#### Workflow 3: Error Handling
**Goal:** Test system behavior with invalid inputs and failures
**Steps:**
1. **Invalid Application Data**
- [ ] Submit empty company name (should show validation error)
- [ ] Submit job description under 50 characters (should fail)
- [ ] Submit invalid URL format (should fail or ignore)
2. **Network/API Failures**
- [ ] Temporarily block Claude API access (mock network failure)
- [ ] Verify user gets meaningful error message
- [ ] Verify system doesn't crash or corrupt data
3. **Authentication Failures**
- [ ] Try accessing API without token (should get 401)
- [ ] Try with expired token (should redirect to login)
- [ ] Try with malformed token (should get error)
---
## 📊 Test Coverage Goals
### MVP Coverage Targets
- **Backend Services:** 80%+ line coverage
- **API Endpoints:** 100% endpoint coverage (at least smoke tests)
- **Database Models:** 90%+ coverage of business logic
- **Critical Paths:** 100% coverage of main user workflows
- **Error Handling:** 70%+ coverage of error scenarios
### Coverage Exclusions (MVP)
- Frontend components (manual testing only)
- External API integrations (mocked)
- Database migration scripts
- Development utilities
- Logging and monitoring code
---
## 🚀 Testing Commands
### Running Tests
```bash
# Run all tests
pytest
# Run with coverage report
pytest --cov=src --cov-report=html
# Run specific test file
pytest tests/unit/services/test_auth_service.py
# Run tests with specific marker
pytest -m "not slow"
# Run integration tests only
pytest tests/integration/
# Verbose output for debugging
pytest -v -s tests/unit/services/test_auth_service.py::TestAuthenticationService::test_register_user_success
```
### Test Database Setup
```bash
# Reset test database
docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp_test -c "DROP SCHEMA public CASCADE; CREATE SCHEMA public;"
# Run database init for tests
docker-compose exec postgres psql -U jobforge_user -d jobforge_mvp_test -f /docker-entrypoint-initdb.d/init.sql
```
---
## 🐛 Testing Best Practices
### DO's
- ✅ **Test business logic thoroughly** - Focus on services and agents
- ✅ **Mock external dependencies** - Claude API, OpenAI, web scraping
- ✅ **Test user data isolation** - Critical for multi-tenant security
- ✅ **Use descriptive test names** - Should explain what is being tested
- ✅ **Test error conditions** - Not just happy paths
- ✅ **Clean up test data** - Use fixtures and database transactions
### DON'Ts
- ❌ **Don't test external APIs directly** - Too unreliable for CI/CD
- ❌ **Don't ignore database constraints** - Test them explicitly
- ❌ **Don't hardcode test data** - Use factories and fixtures
- ❌ **Don't skip cleanup** - Polluted test data affects other tests
- ❌ **Don't test implementation details** - Test behavior, not internals
### Test Organization
```python
# Good test structure
class TestApplicationService:
"""Test class for ApplicationService business logic."""
def test_create_application_with_valid_data_returns_application(self):
"""Should create and return application when given valid data."""
# Arrange
# Act
# Assert
def test_create_application_with_duplicate_name_raises_error(self):
"""Should raise DuplicateNameError when application name already exists."""
# Arrange
# Act
# Assert
```
---
## 📈 Testing Metrics
### Key Testing Metrics
- **Test Execution Time:** Target < 30 seconds for full suite
- **Test Reliability:** 95%+ pass rate on repeated runs
- **Code Coverage:** 80%+ overall, 90%+ for critical paths
- **Bug Detection:** Tests should catch regressions before deployment
### Performance Testing (Basic)
```python
# Basic performance test example
@pytest.mark.asyncio
async def test_application_creation_performance():
"""Application creation should complete within 2 seconds."""
start_time = time.time()
# Create application
result = await application_service.create_application(test_data)
execution_time = time.time() - start_time
assert execution_time < 2.0, f"Application creation took {execution_time:.2f}s"
```
---
*This testing strategy provides comprehensive coverage for the MVP while remaining practical and maintainable. Focus on backend testing for Phase 1, with more sophisticated frontend testing to be added in Phase 2.*

29
pytest.ini Normal file
View File

@@ -0,0 +1,29 @@
[tool:pytest]
# pytest configuration for Job Forge
minversion = 6.0
addopts =
-ra
--strict-markers
--strict-config
--cov=app
--cov-report=term-missing
--cov-report=html:htmlcov
--cov-report=xml
--cov-fail-under=80
testpaths = tests
python_files = test_*.py
python_classes = Test*
python_functions = test_*
markers =
slow: marks tests as slow (deselect with '-m "not slow"')
integration: marks tests as integration tests
unit: marks tests as unit tests
ai: marks tests that involve AI services
database: marks tests that require database
auth: marks tests for authentication
asyncio: marks async tests
filterwarnings =
ignore::UserWarning
ignore::DeprecationWarning
ignore::PendingDeprecationWarning
asyncio_mode = auto

325
tests/conftest.py Normal file
View File

@@ -0,0 +1,325 @@
# Test configuration for Job Forge
import pytest
import asyncio
import asyncpg
from sqlalchemy.ext.asyncio import AsyncSession, create_async_engine
from sqlalchemy.orm import sessionmaker
from fastapi.testclient import TestClient
from httpx import AsyncClient
import os
from typing import AsyncGenerator
from unittest.mock import AsyncMock
from app.main import app
from app.core.database import get_db, Base
from app.core.security import create_access_token
from app.models.user import User
from app.models.application import Application
# Test database URL
TEST_DATABASE_URL = os.getenv(
"TEST_DATABASE_URL",
"postgresql+asyncpg://jobforge:jobforge123@localhost:5432/jobforge_test"
)
# Test engine and session factory
test_engine = create_async_engine(TEST_DATABASE_URL, echo=False)
TestSessionLocal = sessionmaker(
test_engine, class_=AsyncSession, expire_on_commit=False
)
@pytest.fixture(scope="session")
def event_loop():
"""Create an instance of the default event loop for the test session."""
loop = asyncio.get_event_loop_policy().new_event_loop()
yield loop
loop.close()
@pytest.fixture(scope="session")
async def setup_test_db():
"""Set up test database tables."""
# Create all tables
async with test_engine.begin() as conn:
await conn.run_sync(Base.metadata.drop_all)
await conn.run_sync(Base.metadata.create_all)
# Enable RLS and create policies
await conn.execute("""
ALTER TABLE applications ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS applications_user_isolation ON applications;
CREATE POLICY applications_user_isolation ON applications
FOR ALL TO authenticated
USING (user_id = current_setting('app.current_user_id')::UUID);
-- Create vector extension if needed
CREATE EXTENSION IF NOT EXISTS vector;
""")
yield
# Cleanup
async with test_engine.begin() as conn:
await conn.run_sync(Base.metadata.drop_all)
@pytest.fixture
async def test_db(setup_test_db) -> AsyncGenerator[AsyncSession, None]:
"""Create a test database session."""
async with TestSessionLocal() as session:
try:
yield session
finally:
await session.rollback()
@pytest.fixture
def override_get_db(test_db: AsyncSession):
"""Override the get_db dependency for testing."""
def _override_get_db():
return test_db
app.dependency_overrides[get_db] = _override_get_db
yield
app.dependency_overrides.clear()
@pytest.fixture
def test_client(override_get_db):
"""Create a test client."""
with TestClient(app) as client:
yield client
@pytest.fixture
async def async_client(override_get_db):
"""Create an async test client."""
async with AsyncClient(app=app, base_url="http://test") as client:
yield client
@pytest.fixture
async def test_user(test_db: AsyncSession):
"""Create a test user."""
from app.crud.user import create_user
from app.schemas.user import UserCreate
user_data = UserCreate(
email="test@jobforge.com",
password="testpassword123",
first_name="Test",
last_name="User"
)
user = await create_user(test_db, user_data)
await test_db.commit()
return user
@pytest.fixture
def test_user_token(test_user):
"""Create a JWT token for test user."""
token_data = {"sub": str(test_user.id), "email": test_user.email}
return create_access_token(data=token_data)
@pytest.fixture
async def test_application(test_db: AsyncSession, test_user):
"""Create a test job application."""
from app.crud.application import create_application
from app.schemas.application import ApplicationCreate
app_data = ApplicationCreate(
company_name="Test Corp",
role_title="Software Developer",
job_description="Python developer position with FastAPI experience",
status="draft"
)
application = await create_application(test_db, app_data, test_user.id)
await test_db.commit()
return application
@pytest.fixture
def mock_claude_service():
"""Mock Claude AI service."""
mock = AsyncMock()
mock.generate_cover_letter.return_value = """
Dear Hiring Manager,
I am writing to express my strong interest in the Software Developer position at Test Corp.
With my experience in Python development and FastAPI expertise, I am confident I would be
a valuable addition to your team.
Thank you for your consideration.
Sincerely,
Test User
"""
return mock
@pytest.fixture
def mock_openai_service():
"""Mock OpenAI service."""
mock = AsyncMock()
mock.create_embedding.return_value = [0.1] * 1536 # Mock embedding vector
mock.test_connection.return_value = True
return mock
@pytest.fixture
async def multiple_test_users(test_db: AsyncSession):
"""Create multiple test users for isolation testing."""
from app.crud.user import create_user
from app.schemas.user import UserCreate
users = []
for i in range(3):
user_data = UserCreate(
email=f"user{i}@test.com",
password="password123",
first_name=f"User{i}",
last_name="Test"
)
user = await create_user(test_db, user_data)
users.append(user)
await test_db.commit()
return users
@pytest.fixture
async def applications_for_users(test_db: AsyncSession, multiple_test_users):
"""Create applications for multiple users to test isolation."""
from app.crud.application import create_application
from app.schemas.application import ApplicationCreate
all_applications = []
for i, user in enumerate(multiple_test_users):
for j in range(2): # 2 applications per user
app_data = ApplicationCreate(
company_name=f"Company{i}-{j}",
role_title=f"Role{i}-{j}",
job_description=f"Job description for user {i}, application {j}",
status="draft"
)
application = await create_application(test_db, app_data, user.id)
all_applications.append(application)
await test_db.commit()
return all_applications
# Test data factories
class TestDataFactory:
"""Factory for creating test data."""
@staticmethod
def user_data(email: str = None, **kwargs):
"""Create user test data."""
return {
"email": email or "test@example.com",
"password": "testpassword123",
"first_name": "Test",
"last_name": "User",
**kwargs
}
@staticmethod
def application_data(company_name: str = None, **kwargs):
"""Create application test data."""
return {
"company_name": company_name or "Test Company",
"role_title": "Software Developer",
"job_description": "Python developer position",
"status": "draft",
**kwargs
}
@staticmethod
def ai_response():
"""Create mock AI response."""
return """
Dear Hiring Manager,
I am excited to apply for this position. My background in software development
and passion for technology make me an ideal candidate.
Best regards,
Test User
"""
# Database utilities for testing
async def create_test_user_and_token(db: AsyncSession, email: str):
"""Helper to create a user and return auth token."""
from app.crud.user import create_user
from app.schemas.user import UserCreate
user_data = UserCreate(
email=email,
password="password123",
first_name="Test",
last_name="User"
)
user = await create_user(db, user_data)
await db.commit()
token_data = {"sub": str(user.id), "email": user.email}
token = create_access_token(data=token_data)
return user, token
async def set_rls_context(db: AsyncSession, user_id: str):
"""Set RLS context for testing multi-tenancy."""
await db.execute(f"SET app.current_user_id = '{user_id}'")
# Performance testing helpers
@pytest.fixture
def benchmark_db_operations():
"""Benchmark database operations."""
import time
class BenchmarkContext:
def __init__(self):
self.start_time = None
self.end_time = None
def __enter__(self):
self.start_time = time.time()
return self
def __exit__(self, *args):
self.end_time = time.time()
@property
def duration(self):
return self.end_time - self.start_time if self.end_time else None
return BenchmarkContext

469
tests/integration/test_api_auth.py Normal file
View File

@@ -0,0 +1,469 @@
# Integration tests for API authentication
import pytest
from fastapi.testclient import TestClient
from httpx import AsyncClient
import json
from app.main import app
from app.core.security import create_access_token
class TestAuthenticationEndpoints:
"""Test authentication API endpoints."""
def test_register_user_success(self, test_client):
"""Test successful user registration."""
user_data = {
"email": "newuser@test.com",
"password": "securepassword123",
"first_name": "New",
"last_name": "User"
}
response = test_client.post("/api/auth/register", json=user_data)
assert response.status_code == 201
data = response.json()
assert data["email"] == "newuser@test.com"
assert data["first_name"] == "New"
assert data["last_name"] == "User"
assert "password" not in data # Password should not be returned
assert "access_token" in data
assert "token_type" in data
def test_register_user_duplicate_email(self, test_client, test_user):
"""Test registration with duplicate email."""
user_data = {
"email": test_user.email, # Use existing user's email
"password": "differentpassword",
"first_name": "Duplicate",
"last_name": "User"
}
response = test_client.post("/api/auth/register", json=user_data)
assert response.status_code == 400
data = response.json()
assert "email already registered" in data["detail"].lower()
def test_register_user_invalid_email(self, test_client):
"""Test registration with invalid email format."""
user_data = {
"email": "invalid-email",
"password": "securepassword123",
"first_name": "Invalid",
"last_name": "Email"
}
response = test_client.post("/api/auth/register", json=user_data)
assert response.status_code == 422 # Validation error
def test_register_user_weak_password(self, test_client):
"""Test registration with weak password."""
user_data = {
"email": "weakpass@test.com",
"password": "123", # Too weak
"first_name": "Weak",
"last_name": "Password"
}
response = test_client.post("/api/auth/register", json=user_data)
assert response.status_code == 422 # Validation error
def test_login_success(self, test_client, test_user):
"""Test successful login."""
login_data = {
"username": test_user.email, # FastAPI OAuth2 uses 'username'
"password": "testpassword123" # From test_user fixture
}
response = test_client.post(
"/api/auth/login",
data=login_data, # OAuth2 expects form data
headers={"Content-Type": "application/x-www-form-urlencoded"}
)
assert response.status_code == 200
data = response.json()
assert "access_token" in data
assert "token_type" in data
assert data["token_type"] == "bearer"
def test_login_wrong_password(self, test_client, test_user):
"""Test login with wrong password."""
login_data = {
"username": test_user.email,
"password": "wrongpassword"
}
response = test_client.post(
"/api/auth/login",
data=login_data,
headers={"Content-Type": "application/x-www-form-urlencoded"}
)
assert response.status_code == 401
data = response.json()
assert "incorrect" in data["detail"].lower()
def test_login_nonexistent_user(self, test_client):
"""Test login with non-existent user."""
login_data = {
"username": "nonexistent@test.com",
"password": "somepassword"
}
response = test_client.post(
"/api/auth/login",
data=login_data,
headers={"Content-Type": "application/x-www-form-urlencoded"}
)
assert response.status_code == 401
def test_get_current_user_success(self, test_client, test_user_token):
"""Test getting current user with valid token."""
headers = {"Authorization": f"Bearer {test_user_token}"}
response = test_client.get("/api/auth/me", headers=headers)
assert response.status_code == 200
data = response.json()
assert "email" in data
assert "id" in data
assert "first_name" in data
assert "last_name" in data
assert "password" not in data # Password should never be returned
def test_get_current_user_invalid_token(self, test_client):
"""Test getting current user with invalid token."""
headers = {"Authorization": "Bearer invalid.token.here"}
response = test_client.get("/api/auth/me", headers=headers)
assert response.status_code == 401
def test_get_current_user_no_token(self, test_client):
"""Test getting current user without token."""
response = test_client.get("/api/auth/me")
assert response.status_code == 401
def test_get_current_user_expired_token(self, test_client, test_user):
"""Test getting current user with expired token."""
from datetime import timedelta
# Create expired token
token_data = {"sub": str(test_user.id), "email": test_user.email}
expired_token = create_access_token(
data=token_data,
expires_delta=timedelta(seconds=-1) # Expired
)
headers = {"Authorization": f"Bearer {expired_token}"}
response = test_client.get("/api/auth/me", headers=headers)
assert response.status_code == 401
class TestProtectedEndpoints:
"""Test protected endpoints require authentication."""
def test_protected_endpoint_without_token(self, test_client):
"""Test accessing protected endpoint without token."""
response = test_client.get("/api/applications")
assert response.status_code == 401
def test_protected_endpoint_with_valid_token(self, test_client, test_user_token):
"""Test accessing protected endpoint with valid token."""
headers = {"Authorization": f"Bearer {test_user_token}"}
response = test_client.get("/api/applications", headers=headers)
assert response.status_code == 200
def test_protected_endpoint_with_invalid_token(self, test_client):
"""Test accessing protected endpoint with invalid token."""
headers = {"Authorization": "Bearer invalid.token"}
response = test_client.get("/api/applications", headers=headers)
assert response.status_code == 401
def test_create_application_requires_auth(self, test_client):
"""Test creating application requires authentication."""
app_data = {
"company_name": "Test Corp",
"role_title": "Developer",
"job_description": "Test role",
"status": "draft"
}
response = test_client.post("/api/applications", json=app_data)
assert response.status_code == 401
def test_create_application_with_auth(self, test_client, test_user_token):
"""Test creating application with authentication."""
app_data = {
"company_name": "Auth Test Corp",
"role_title": "Developer",
"job_description": "Test role with auth",
"status": "draft"
}
headers = {"Authorization": f"Bearer {test_user_token}"}
response = test_client.post("/api/applications", json=app_data, headers=headers)
assert response.status_code == 201
data = response.json()
assert data["company_name"] == "Auth Test Corp"
class TestTokenValidation:
"""Test token validation scenarios."""
def test_malformed_token(self, test_client):
"""Test malformed token handling."""
malformed_tokens = [
"Bearer",
"Bearer ",
"not-a-token",
"Bearer not.a.jwt",
"NotBearer validtoken"
]
for token in malformed_tokens:
headers = {"Authorization": token}
response = test_client.get("/api/auth/me", headers=headers)
assert response.status_code == 401
def test_token_with_invalid_signature(self, test_client):
"""Test token with invalid signature."""
# Create a token with wrong signature
invalid_token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyMTIzIiwiZXhwIjoxNjk5OTk5OTk5fQ.invalid_signature"
headers = {"Authorization": f"Bearer {invalid_token}"}
response = test_client.get("/api/auth/me", headers=headers)
assert response.status_code == 401
def test_token_missing_required_claims(self, test_client):
"""Test token missing required claims."""
# Create token without required 'sub' claim
token_data = {"email": "test@example.com"} # Missing 'sub'
token = create_access_token(data=token_data)
headers = {"Authorization": f"Bearer {token}"}
response = test_client.get("/api/auth/me", headers=headers)
assert response.status_code == 401
class TestAuthenticationFlow:
"""Test complete authentication flows."""
def test_complete_registration_and_login_flow(self, test_client):
"""Test complete flow from registration to authenticated request."""
# 1. Register new user
user_data = {
"email": "flowtest@test.com",
"password": "securepassword123",
"first_name": "Flow",
"last_name": "Test"
}
register_response = test_client.post("/api/auth/register", json=user_data)
assert register_response.status_code == 201
register_data = register_response.json()
registration_token = register_data["access_token"]
# 2. Use registration token to access protected endpoint
headers = {"Authorization": f"Bearer {registration_token}"}
protected_response = test_client.get("/api/auth/me", headers=headers)
assert protected_response.status_code == 200
# 3. Login with same credentials
login_data = {
"username": "flowtest@test.com",
"password": "securepassword123"
}
login_response = test_client.post(
"/api/auth/login",
data=login_data,
headers={"Content-Type": "application/x-www-form-urlencoded"}
)
assert login_response.status_code == 200
login_token = login_response.json()["access_token"]
# 4. Use login token to access protected endpoint
headers = {"Authorization": f"Bearer {login_token}"}
me_response = test_client.get("/api/auth/me", headers=headers)
assert me_response.status_code == 200
me_data = me_response.json()
assert me_data["email"] == "flowtest@test.com"
def test_user_isolation_between_tokens(self, test_client):
"""Test that different user tokens access different data."""
# Create two users
user1_data = {
"email": "user1@isolation.test",
"password": "password123",
"first_name": "User",
"last_name": "One"
}
user2_data = {
"email": "user2@isolation.test",
"password": "password123",
"first_name": "User",
"last_name": "Two"
}
# Register both users
user1_response = test_client.post("/api/auth/register", json=user1_data)
user2_response = test_client.post("/api/auth/register", json=user2_data)
assert user1_response.status_code == 201
assert user2_response.status_code == 201
user1_token = user1_response.json()["access_token"]
user2_token = user2_response.json()["access_token"]
# Get user info with each token
user1_headers = {"Authorization": f"Bearer {user1_token}"}
user2_headers = {"Authorization": f"Bearer {user2_token}"}
user1_me = test_client.get("/api/auth/me", headers=user1_headers)
user2_me = test_client.get("/api/auth/me", headers=user2_headers)
assert user1_me.status_code == 200
assert user2_me.status_code == 200
user1_data = user1_me.json()
user2_data = user2_me.json()
# Verify users are different
assert user1_data["email"] != user2_data["email"]
assert user1_data["id"] != user2_data["id"]
class TestRateLimiting:
"""Test rate limiting on authentication endpoints."""
def test_login_rate_limiting(self, test_client, test_user):
"""Test rate limiting on login attempts."""
login_data = {
"username": test_user.email,
"password": "wrongpassword"
}
# Make multiple failed login attempts
responses = []
for _ in range(10): # Assuming rate limit is higher than 10
response = test_client.post(
"/api/auth/login",
data=login_data,
headers={"Content-Type": "application/x-www-form-urlencoded"}
)
responses.append(response)
# All should return 401 (wrong password) but not rate limited
for response in responses:
assert response.status_code == 401
# If rate limiting is implemented, some responses might be 429
def test_registration_rate_limiting(self, test_client):
"""Test rate limiting on registration attempts."""
# Make multiple registration attempts
responses = []
for i in range(5):
user_data = {
"email": f"ratelimit{i}@test.com",
"password": "password123",
"first_name": "Rate",
"last_name": f"Limit{i}"
}
response = test_client.post("/api/auth/register", json=user_data)
responses.append(response)
# Most should succeed (assuming reasonable rate limits)
successful_responses = [r for r in responses if r.status_code == 201]
assert len(successful_responses) >= 3 # At least some should succeed
@pytest.mark.asyncio
class TestAsyncAuthEndpoints:
"""Test authentication endpoints with async client."""
async def test_async_register_user(self, async_client):
"""Test user registration with async client."""
user_data = {
"email": "async@test.com",
"password": "asyncpassword123",
"first_name": "Async",
"last_name": "User"
}
response = await async_client.post("/api/auth/register", json=user_data)
assert response.status_code == 201
data = response.json()
assert data["email"] == "async@test.com"
assert "access_token" in data
async def test_async_login_user(self, async_client, test_user):
"""Test user login with async client."""
login_data = {
"username": test_user.email,
"password": "testpassword123"
}
response = await async_client.post(
"/api/auth/login",
data=login_data,
headers={"Content-Type": "application/x-www-form-urlencoded"}
)
assert response.status_code == 200
data = response.json()
assert "access_token" in data
async def test_async_protected_endpoint(self, async_client, test_user_token):
"""Test protected endpoint with async client."""
headers = {"Authorization": f"Bearer {test_user_token}"}
response = await async_client.get("/api/auth/me", headers=headers)
assert response.status_code == 200
data = response.json()
assert "email" in data

458
tests/unit/test_application_service.py Normal file
View File

@@ -0,0 +1,458 @@
# Unit tests for application service
import pytest
from unittest.mock import AsyncMock, patch, MagicMock
from datetime import datetime
import uuid
from app.schemas.application import ApplicationCreate, ApplicationUpdate
from app.crud.application import (
create_application,
get_application_by_id,
get_user_applications,
update_application,
delete_application
)
from app.services.ai.claude_service import ClaudeService
from app.models.application import ApplicationStatus
class TestApplicationCRUD:
"""Test application CRUD operations."""
@pytest.mark.asyncio
async def test_create_application_success(self, test_db, test_user):
"""Test successful application creation."""
app_data = ApplicationCreate(
company_name="Google",
role_title="Senior Python Developer",
job_description="Python developer role with ML focus",
status="draft"
)
application = await create_application(test_db, app_data, test_user.id)
assert application.company_name == "Google"
assert application.role_title == "Senior Python Developer"
assert application.status == ApplicationStatus.DRAFT
assert application.user_id == test_user.id
assert application.id is not None
assert application.created_at is not None
assert application.updated_at is not None
@pytest.mark.asyncio
async def test_create_application_with_ai_generation(self, test_db, test_user, mock_claude_service):
"""Test application creation with AI cover letter generation."""
app_data = ApplicationCreate(
company_name="Microsoft",
role_title="Software Engineer",
job_description="Full-stack developer position with React and Python",
status="draft"
)
with patch('app.services.ai.claude_service.ClaudeService', return_value=mock_claude_service):
application = await create_application(test_db, app_data, test_user.id)
assert application.company_name == "Microsoft"
assert application.cover_letter is not None
assert len(application.cover_letter) > 100
assert "Dear Hiring Manager" in application.cover_letter
@pytest.mark.asyncio
async def test_get_application_by_id_success(self, test_db, test_application):
"""Test getting application by ID."""
retrieved_app = await get_application_by_id(
test_db, test_application.id, test_application.user_id
)
assert retrieved_app is not None
assert retrieved_app.id == test_application.id
assert retrieved_app.company_name == test_application.company_name
assert retrieved_app.user_id == test_application.user_id
@pytest.mark.asyncio
async def test_get_application_by_id_wrong_user(self, test_db, test_application):
"""Test getting application by ID with wrong user (RLS test)."""
wrong_user_id = str(uuid.uuid4())
retrieved_app = await get_application_by_id(
test_db, test_application.id, wrong_user_id
)
# Should return None due to RLS policy
assert retrieved_app is None
@pytest.mark.asyncio
async def test_get_application_nonexistent(self, test_db, test_user):
"""Test getting non-existent application."""
fake_id = str(uuid.uuid4())
retrieved_app = await get_application_by_id(
test_db, fake_id, test_user.id
)
assert retrieved_app is None
@pytest.mark.asyncio
async def test_get_user_applications(self, test_db, test_user):
"""Test getting all applications for a user."""
# Create multiple applications
app_data_list = [
ApplicationCreate(
company_name=f"Company{i}",
role_title=f"Role{i}",
job_description=f"Description {i}",
status="draft"
)
for i in range(3)
]
created_apps = []
for app_data in app_data_list:
app = await create_application(test_db, app_data, test_user.id)
created_apps.append(app)
await test_db.commit()
# Get user applications
user_apps = await get_user_applications(test_db, test_user.id)
assert len(user_apps) >= 3 # At least the 3 we created
# Verify all returned apps belong to user
for app in user_apps:
assert app.user_id == test_user.id
@pytest.mark.asyncio
async def test_update_application_success(self, test_db, test_application):
"""Test successful application update."""
update_data = ApplicationUpdate(
company_name="Updated Company",
status="applied"
)
updated_app = await update_application(
test_db, test_application.id, update_data, test_application.user_id
)
assert updated_app.company_name == "Updated Company"
assert updated_app.status == ApplicationStatus.APPLIED
assert updated_app.updated_at > updated_app.created_at
@pytest.mark.asyncio
async def test_update_application_wrong_user(self, test_db, test_application):
"""Test updating application with wrong user."""
wrong_user_id = str(uuid.uuid4())
update_data = ApplicationUpdate(company_name="Hacked Company")
updated_app = await update_application(
test_db, test_application.id, update_data, wrong_user_id
)
# Should return None due to RLS policy
assert updated_app is None
@pytest.mark.asyncio
async def test_delete_application_success(self, test_db, test_application):
"""Test successful application deletion."""
app_id = test_application.id
user_id = test_application.user_id
deleted = await delete_application(test_db, app_id, user_id)
assert deleted is True
# Verify application is deleted
retrieved_app = await get_application_by_id(test_db, app_id, user_id)
assert retrieved_app is None
@pytest.mark.asyncio
async def test_delete_application_wrong_user(self, test_db, test_application):
"""Test deleting application with wrong user."""
wrong_user_id = str(uuid.uuid4())
deleted = await delete_application(
test_db, test_application.id, wrong_user_id
)
# Should return False due to RLS policy
assert deleted is False
class TestApplicationStatusTransitions:
"""Test application status transitions."""
@pytest.mark.asyncio
async def test_status_transition_draft_to_applied(self, test_db, test_application):
"""Test status transition from draft to applied."""
# Initial status should be draft
assert test_application.status == ApplicationStatus.DRAFT
update_data = ApplicationUpdate(status="applied")
updated_app = await update_application(
test_db, test_application.id, update_data, test_application.user_id
)
assert updated_app.status == ApplicationStatus.APPLIED
@pytest.mark.asyncio
async def test_status_transition_applied_to_interview(self, test_db):
"""Test status transition from applied to interview."""
# Create application in applied status
app_data = ApplicationCreate(
company_name="Interview Corp",
role_title="Developer",
job_description="Developer role",
status="applied"
)
from tests.conftest import TestDataFactory
user_data = TestDataFactory.user_data("interview@test.com")
# Create user and application
from app.crud.user import create_user
from app.schemas.user import UserCreate
user = await create_user(test_db, UserCreate(**user_data))
application = await create_application(test_db, app_data, user.id)
await test_db.commit()
# Update to interview status
update_data = ApplicationUpdate(status="interview")
updated_app = await update_application(
test_db, application.id, update_data, user.id
)
assert updated_app.status == ApplicationStatus.INTERVIEW
@pytest.mark.asyncio
async def test_invalid_status_transition(self, test_db, test_application):
"""Test invalid status value."""
update_data = ApplicationUpdate(status="invalid_status")
with pytest.raises(ValueError):
await update_application(
test_db, test_application.id, update_data, test_application.user_id
)
class TestApplicationFiltering:
"""Test application filtering and searching."""
@pytest.mark.asyncio
async def test_filter_applications_by_status(self, test_db, test_user):
"""Test filtering applications by status."""
# Create applications with different statuses
statuses = ["draft", "applied", "interview", "rejected"]
applications = []
for status in statuses:
app_data = ApplicationCreate(
company_name=f"Company-{status}",
role_title="Developer",
job_description="Test role",
status=status
)
app = await create_application(test_db, app_data, test_user.id)
applications.append(app)
await test_db.commit()
# Test filtering (this would require implementing filter functionality)
all_apps = await get_user_applications(test_db, test_user.id)
# Verify we have applications with different statuses
app_statuses = {app.status for app in all_apps}
assert len(app_statuses) >= 3 # Should have multiple statuses
@pytest.mark.asyncio
async def test_search_applications_by_company(self, test_db, test_user):
"""Test searching applications by company name."""
companies = ["Google", "Microsoft", "Apple", "Amazon"]
for company in companies:
app_data = ApplicationCreate(
company_name=company,
role_title="Developer",
job_description="Test role",
status="draft"
)
await create_application(test_db, app_data, test_user.id)
await test_db.commit()
# Get all applications
all_apps = await get_user_applications(test_db, test_user.id)
# Verify we can find specific companies
company_names = {app.company_name for app in all_apps}
assert "Google" in company_names
assert "Microsoft" in company_names
class TestApplicationValidation:
"""Test application data validation."""
def test_application_create_validation(self):
"""Test ApplicationCreate schema validation."""
# Valid data
valid_data = {
"company_name": "Valid Company",
"role_title": "Software Developer",
"job_description": "Great opportunity",
"status": "draft"
}
app_create = ApplicationCreate(**valid_data)
assert app_create.company_name == "Valid Company"
assert app_create.status == "draft"
def test_application_create_invalid_data(self):
"""Test ApplicationCreate with invalid data."""
# Missing required fields
with pytest.raises(ValueError):
ApplicationCreate(company_name="Company") # Missing role_title
# Invalid status
with pytest.raises(ValueError):
ApplicationCreate(
company_name="Company",
role_title="Role",
status="invalid_status"
)
def test_application_update_validation(self):
"""Test ApplicationUpdate schema validation."""
# Partial update should work
update_data = ApplicationUpdate(company_name="New Company")
assert update_data.company_name == "New Company"
# Update with valid status
update_data = ApplicationUpdate(status="applied")
assert update_data.status == "applied"
class TestConcurrentApplicationOperations:
"""Test concurrent operations on applications."""
@pytest.mark.asyncio
async def test_concurrent_application_updates(self, test_db, test_application):
"""Test concurrent updates to same application."""
import asyncio
async def update_company_name(name_suffix):
update_data = ApplicationUpdate(
company_name=f"Updated Company {name_suffix}"
)
return await update_application(
test_db, test_application.id, update_data, test_application.user_id
)
# Perform concurrent updates
tasks = [
update_company_name(i) for i in range(3)
]
results = await asyncio.gather(*tasks, return_exceptions=True)
# At least one update should succeed
successful_updates = [r for r in results if not isinstance(r, Exception)]
assert len(successful_updates) >= 1
@pytest.mark.asyncio
async def test_concurrent_application_creation(self, test_db, test_user):
"""Test concurrent application creation for same user."""
import asyncio
async def create_test_application(index):
app_data = ApplicationCreate(
company_name=f"Concurrent Company {index}",
role_title=f"Role {index}",
job_description="Concurrent test",
status="draft"
)
return await create_application(test_db, app_data, test_user.id)
# Create multiple applications concurrently
tasks = [create_test_application(i) for i in range(5)]
results = await asyncio.gather(*tasks, return_exceptions=True)
# All creations should succeed
successful_creations = [r for r in results if not isinstance(r, Exception)]
assert len(successful_creations) == 5
# Verify all have different IDs
app_ids = {app.id for app in successful_creations}
assert len(app_ids) == 5
class TestApplicationBusinessLogic:
"""Test application business logic."""
@pytest.mark.asyncio
async def test_application_timestamps_on_update(self, test_db, test_application):
"""Test that updated_at timestamp changes on update."""
original_updated_at = test_application.updated_at
# Wait a small amount to ensure timestamp difference
import asyncio
await asyncio.sleep(0.01)
update_data = ApplicationUpdate(company_name="Timestamp Test Company")
updated_app = await update_application(
test_db, test_application.id, update_data, test_application.user_id
)
assert updated_app.updated_at > original_updated_at
@pytest.mark.asyncio
async def test_application_cover_letter_generation_trigger(self, test_db, test_user, mock_claude_service):
"""Test that cover letter generation is triggered appropriately."""
with patch('app.services.ai.claude_service.ClaudeService', return_value=mock_claude_service):
# Create application without job description
app_data = ApplicationCreate(
company_name="No Description Corp",
role_title="Developer",
status="draft"
)
app_without_desc = await create_application(test_db, app_data, test_user.id)
# Should not generate cover letter without job description
assert app_without_desc.cover_letter is None
# Create application with job description
app_data_with_desc = ApplicationCreate(
company_name="With Description Corp",
role_title="Developer",
job_description="Detailed job description here",
status="draft"
)
app_with_desc = await create_application(test_db, app_data_with_desc, test_user.id)
# Should generate cover letter with job description
assert app_with_desc.cover_letter is not None
assert len(app_with_desc.cover_letter) > 50

368
tests/unit/test_auth_service.py Normal file
View File

@@ -0,0 +1,368 @@
# Unit tests for authentication service
import pytest
from unittest.mock import AsyncMock, patch
from datetime import datetime, timedelta
from app.core.security import (
create_access_token,
verify_token,
hash_password,
verify_password,
get_current_user
)
from app.schemas.user import UserCreate
from app.crud.user import create_user, authenticate_user
class TestPasswordHashing:
"""Test password hashing functionality."""
def test_hash_password_creates_hash(self):
"""Test that password hashing creates a hash."""
password = "testpassword123"
hashed = hash_password(password)
assert hashed != password
assert len(hashed) > 50 # bcrypt hashes are long
assert hashed.startswith("$2b$")
def test_verify_password_correct(self):
"""Test password verification with correct password."""
password = "testpassword123"
hashed = hash_password(password)
assert verify_password(password, hashed) is True
def test_verify_password_incorrect(self):
"""Test password verification with incorrect password."""
password = "testpassword123"
wrong_password = "wrongpassword"
hashed = hash_password(password)
assert verify_password(wrong_password, hashed) is False
def test_hash_same_password_different_hashes(self):
"""Test that hashing the same password twice gives different hashes."""
password = "testpassword123"
hash1 = hash_password(password)
hash2 = hash_password(password)
assert hash1 != hash2
assert verify_password(password, hash1) is True
assert verify_password(password, hash2) is True
class TestJWTTokens:
"""Test JWT token functionality."""
def test_create_access_token(self):
"""Test creating access token."""
data = {"sub": "user123", "email": "test@example.com"}
token = create_access_token(data=data)
assert isinstance(token, str)
assert len(token) > 100 # JWT tokens are long
assert "." in token # JWT format has dots
def test_create_token_with_expiry(self):
"""Test creating token with custom expiry."""
data = {"sub": "user123"}
expires_delta = timedelta(minutes=30)
token = create_access_token(data=data, expires_delta=expires_delta)
# Verify token was created
assert isinstance(token, str)
assert len(token) > 100
def test_verify_valid_token(self):
"""Test verifying a valid token."""
data = {"sub": "user123", "email": "test@example.com"}
token = create_access_token(data=data)
payload = verify_token(token)
assert payload["sub"] == "user123"
assert payload["email"] == "test@example.com"
assert "exp" in payload
def test_verify_invalid_token(self):
"""Test verifying an invalid token."""
invalid_token = "invalid.token.here"
with pytest.raises(Exception): # Should raise an exception
verify_token(invalid_token)
def test_verify_expired_token(self):
"""Test verifying an expired token."""
data = {"sub": "user123"}
# Create token that expires immediately
expires_delta = timedelta(seconds=-1)
token = create_access_token(data=data, expires_delta=expires_delta)
with pytest.raises(Exception): # Should raise an exception
verify_token(token)
class TestUserCRUD:
"""Test user CRUD operations."""
@pytest.mark.asyncio
async def test_create_user_success(self, test_db):
"""Test successful user creation."""
user_data = UserCreate(
email="newuser@test.com",
password="securepassword123",
first_name="New",
last_name="User"
)
user = await create_user(test_db, user_data)
assert user.email == "newuser@test.com"
assert user.first_name == "New"
assert user.last_name == "User"
assert user.password_hash != "securepassword123" # Should be hashed
assert user.id is not None
assert user.created_at is not None
@pytest.mark.asyncio
async def test_create_user_duplicate_email(self, test_db):
"""Test creating user with duplicate email."""
# Create first user
user_data1 = UserCreate(
email="duplicate@test.com",
password="password123",
first_name="First",
last_name="User"
)
await create_user(test_db, user_data1)
await test_db.commit()
# Try to create second user with same email
user_data2 = UserCreate(
email="duplicate@test.com",
password="password456",
first_name="Second",
last_name="User"
)
with pytest.raises(Exception): # Should raise integrity error
await create_user(test_db, user_data2)
await test_db.commit()
@pytest.mark.asyncio
async def test_authenticate_user_success(self, test_db):
"""Test successful user authentication."""
# Create user
user_data = UserCreate(
email="auth@test.com",
password="testpassword123",
first_name="Auth",
last_name="User"
)
user = await create_user(test_db, user_data)
await test_db.commit()
# Authenticate user
authenticated_user = await authenticate_user(
test_db, "auth@test.com", "testpassword123"
)
assert authenticated_user is not None
assert authenticated_user.email == "auth@test.com"
assert authenticated_user.id == user.id
@pytest.mark.asyncio
async def test_authenticate_user_wrong_password(self, test_db):
"""Test authentication with wrong password."""
# Create user
user_data = UserCreate(
email="wrongpass@test.com",
password="correctpassword",
first_name="Test",
last_name="User"
)
await create_user(test_db, user_data)
await test_db.commit()
# Try to authenticate with wrong password
authenticated_user = await authenticate_user(
test_db, "wrongpass@test.com", "wrongpassword"
)
assert authenticated_user is None
@pytest.mark.asyncio
async def test_authenticate_user_nonexistent(self, test_db):
"""Test authentication with non-existent user."""
authenticated_user = await authenticate_user(
test_db, "nonexistent@test.com", "password123"
)
assert authenticated_user is None
class TestAuthenticationIntegration:
"""Test authentication integration with FastAPI."""
@pytest.mark.asyncio
async def test_get_current_user_valid_token(self, test_db, test_user):
"""Test getting current user with valid token."""
# Create token for test user
token_data = {"sub": str(test_user.id), "email": test_user.email}
token = create_access_token(data=token_data)
# Mock the database dependency
with patch('app.core.security.get_db') as mock_get_db:
mock_get_db.return_value.__aenter__.return_value = test_db
current_user = await get_current_user(token, test_db)
assert current_user.id == test_user.id
assert current_user.email == test_user.email
@pytest.mark.asyncio
async def test_get_current_user_invalid_token(self, test_db):
"""Test getting current user with invalid token."""
invalid_token = "invalid.token.here"
with pytest.raises(Exception):
await get_current_user(invalid_token, test_db)
@pytest.mark.asyncio
async def test_get_current_user_nonexistent_user(self, test_db):
"""Test getting current user for non-existent user."""
# Create token for non-existent user
token_data = {"sub": "non-existent-id", "email": "fake@test.com"}
token = create_access_token(data=token_data)
with pytest.raises(Exception):
await get_current_user(token, test_db)
class TestSecurityValidation:
"""Test security validation functions."""
def test_password_strength_validation(self):
"""Test password strength requirements."""
# This would test password strength if implemented
weak_passwords = [
"123",
"password",
"abc",
"12345678"
]
strong_passwords = [
"SecurePassword123!",
"MyStr0ngP@ssw0rd",
"C0mpl3xP@ssw0rd!"
]
# Note: Implement password strength validation if needed
assert True # Placeholder
def test_email_validation(self):
"""Test email format validation."""
valid_emails = [
"test@example.com",
"user.name@domain.co.uk",
"user+tag@example.org"
]
invalid_emails = [
"invalid-email",
"user@",
"@domain.com",
"user@domain"
]
# Note: Email validation is typically handled by Pydantic
assert True # Placeholder
@pytest.mark.asyncio
async def test_rate_limiting_simulation(self):
"""Test rate limiting for authentication attempts."""
# This would test rate limiting if implemented
# Simulate multiple failed login attempts
failed_attempts = []
for i in range(5):
# Mock failed authentication attempt
failed_attempts.append(f"attempt_{i}")
assert len(failed_attempts) == 5
# In real implementation, would test that after X failed attempts,
# further attempts are rate limited
class TestTokenSecurity:
"""Test token security features."""
def test_token_contains_required_claims(self):
"""Test that tokens contain required claims."""
data = {"sub": "user123", "email": "test@example.com"}
token = create_access_token(data=data)
payload = verify_token(token)
# Check required claims
assert "sub" in payload
assert "exp" in payload
assert "iat" in payload
assert payload["sub"] == "user123"
def test_token_expiry_time(self):
"""Test token expiry time is set correctly."""
data = {"sub": "user123"}
expires_delta = timedelta(minutes=30)
token = create_access_token(data=data, expires_delta=expires_delta)
payload = verify_token(token)
# Check expiry is approximately correct (within 1 minute tolerance)
exp_time = datetime.fromtimestamp(payload["exp"])
expected_exp = datetime.utcnow() + expires_delta
time_diff = abs((exp_time - expected_exp).total_seconds())
assert time_diff < 60 # Within 1 minute tolerance
def test_token_uniqueness(self):
"""Test that different tokens are generated for same data."""
data = {"sub": "user123", "email": "test@example.com"}
token1 = create_access_token(data=data)
token2 = create_access_token(data=data)
# Tokens should be different due to different iat (issued at) times
assert token1 != token2
# But both should decode to similar payload (except iat and exp)
payload1 = verify_token(token1)
payload2 = verify_token(token2)
assert payload1["sub"] == payload2["sub"]
assert payload1["email"] == payload2["email"]