# TSYS Developer Support Stack - Agent Guidelines ## Project Intent The TSYS Developer Support Stack is a comprehensive Docker Compose environment providing 16 developer tools and services for TSYS Group development workflow. This stack includes: - **Developer Tools**: Homepage (dashboard), Atuin (shell history), Wakapi (time tracking), ArchiveBox (web archiving), Tube Archivist (YouTube archiving), MailHog (email testing) - **Infrastructure**: PostgreSQL, Elasticsearch, Docker Socket Proxy, Pi-hole (DNS), Portainer (Docker management), Redis (cache) - **Monitoring**: InfluxDB (time series), Grafana (visualization) - **Documentation**: Draw.io (diagrams), Kroki (diagrams as code) ## ๐Ÿšจ STRICT QA/TESTING/AUDITING/VALIDATION GUIDELINES ### ๐Ÿ“‹ MANDATORY TESTING PROTOCOL **ALL CHANGES MUST PASS THE FOLLOWING BEFORE CONSIDERATION COMPLETE:** 1. **PRIMARY VALIDATION**: `./test-stack.sh` is the **ONLY** entrypoint for all testing/qa/audit/validation - **100% Test Coverage Required**: All end-user facing services must be tested - **Zero Failure Tolerance**: Any test failure = change rejected - **Comprehensive Validation**: Security, functionality, performance, accessibility 2. **PRE-COMMIT VALIDATION**: Before any commit: ```bash # MUST run full test suite ./test-stack.sh # MUST verify all services healthy docker compose --env-file demo.env ps # MUST validate configuration ./test-stack.sh config ``` 3. **SERVICE CATEGORIES**: - **End-User Services**: Homepage, Atuin, Wakapi, ArchiveBox, Tube Archivist, MailHog, Pi-hole, Portainer, InfluxDB, Grafana, Draw.io, Kroki - **Infrastructure Services**: PostgreSQL, Elasticsearch, Redis, Docker Socket Proxy - **Homepage Display Rule**: ONLY end-user services should appear in Homepage dashboard ### ๐Ÿ”’ SECURITY VALIDATION REQUIREMENTS 1. **Docker Socket Security**: - โœ… No direct Docker socket exposure - โœ… All access through proxy only - โœ… Proxy properly restricts dangerous operations 2. **Resource Limits**: - โœ… All services have memory limits - โœ… All services have CPU limits - โœ… Resource usage monitored 3. **Network Security**: - โœ… Services isolated in dedicated network - โœ… Only necessary ports exposed - โœ… No privileged containers ### ๐Ÿงช TEST SUITE REQUIREMENTS (test-stack.sh) **MUST INCLUDE THE FOLLOWING TEST CATEGORIES:** 1. **Configuration Validation**: - Docker Compose syntax validation - Environment variable validation - YAML file linting - Shell script linting 2. **Service Health Validation**: - All end-user services accessible via HTTP - All health check endpoints responding - Proper service status reporting - Service discovery functionality 3. **Security Validation**: - Docker socket proxy security testing - Port accessibility validation - Container privilege verification - Network isolation testing 4. **Functionality Validation**: - Homepage service discovery accuracy - Service grouping correctness - End-user interface accessibility - Integration testing between services 5. **Performance Validation**: - Resource usage monitoring - Startup time validation - Memory leak detection - CPU usage validation ### ๐Ÿ“Š SUCCESS CRITERIA (100% REQUIRED) **ALL OF THE FOLLOWING MUST PASS:** 1. **Container Status**: - โœ… All 16 containers running - โœ… All end-user services healthy - โœ… No restart loops - โœ… Proper startup ordering 2. **Service Accessibility**: - โœ… All end-user services accessible via designated ports - โœ… HTTP status 200 for all web interfaces - โœ… Health check endpoints responding - โœ… No port conflicts 3. **Homepage Dashboard**: - โœ… Discovers exactly 12 end-user services (not 16) - โœ… Services grouped correctly in 4 categories - โœ… No infrastructure services displayed - โœ… Service status accurately reported 4. **Security Compliance**: - โœ… Docker socket proxy secure - โœ… No direct socket access - โœ… Resource limits enforced - โœ… Network isolation maintained 5. **Test Suite Coverage**: - โœ… 100% end-user service coverage - โœ… All failure scenarios tested - โœ… Performance benchmarks met - โœ… Security validations complete ## Demo Environment Specifics - **Network**: 192.168.3.0/24 - **Host IP**: 192.168.3.6 - **Port Range**: 4000-4011 for services, 2375 for Docker socket proxy - **Docker Network**: tsysdevstack_supportstack - **All passwords**: demo_password (for demo environment only) ## ๐Ÿ”„ WORKFLOW INTEGRATION ### Before Making Changes: 1. Run `./test-stack.sh` to establish baseline 2. Make changes 3. Run `./test-stack.sh` again 4. Fix any failures 5. Repeat until 100% pass ### Before Committing: 1. `./test-stack.sh` must pass completely 2. All services must be healthy 3. Manual verification of key functionality 4. Documentation updated if needed ### Before Declaring "Done": 1. Full test suite execution 2. Manual service verification 3. Performance validation 4. Security audit completion 5. Documentation review ## Critical Configuration Files - `docker-compose.yml`: Main service definitions with resource limits - `homepage/config/settings.yaml`: Homepage configuration - `homepage/config/docker.yaml`: Service discovery configuration (CRITICAL for service filtering) - `test-stack.sh`: **PRIMARY VALIDATION TOOL** - comprehensive test suite - `AGENTS.md`: This file - QA guidelines and workflow requirements ## ๐Ÿšจ CURRENT KNOWN ISSUES (MUST BE FIXED) 1. **Homepage Service Discovery**: - โŒ Redis/Elasticsearch/PostgreSQL appearing (should be hidden) - โŒ Pi-hole not working - โŒ Atuin not working - โŒ Tube Archivist not working - โŒ Portainer showing "unknown" status 2. **Service Health Issues**: - โŒ Multiple services restarting - โŒ Health check timing issues - โŒ Resource contention problems ## Success Criteria (100% REQUIRED) - โœ… All 16 containers running and healthy - โœ… Homepage discovering exactly 12 end-user services in 4 groups - โœ… All end-user ports accessible and responding with HTTP 200 - โœ… Test suite passing completely (100% coverage) - โœ… No security vulnerabilities (Docker socket only via proxy) - โœ… Zero infrastructure services displayed in Homepage - โœ… All end-user services fully functional