Files

Petru Paler 6c3dd34412 Implement health check endpoint (P2.15)

Add GET /api/health endpoint for deployment monitoring and load balancer
health probes. Returns 200 with status "ok" when PocketBase is reachable,
503 with status "unhealthy" when PocketBase connection fails.

Response includes timestamp (ISO 8601), version, and error message (on failure).
Uses PocketBase SDK's built-in health.check() method for connectivity testing.

14 tests covering healthy/unhealthy states and edge cases.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-11 08:17:13 +00:00

48 KiB

Raw Blame History

PhaseFlow Implementation Plan

This file is maintained by Ralph. Run ./ralph-sandbox.sh plan 3 to generate tasks.

Current State Summary

Overall Status: 517 tests passing across 30 test files

Library Implementation

File	Status	Gap Analysis
`cycle.ts`	COMPLETE	9 tests covering all functions, production-ready
`nutrition.ts`	COMPLETE	17 tests covering getNutritionGuidance, getSeedSwitchAlert, phase-specific carb ranges, keto guidance
`email.ts`	COMPLETE	14 tests covering sendDailyEmail, sendPeriodConfirmationEmail, email formatting, subject lines
`ics.ts`	COMPLETE	23 tests covering generateIcsFeed (90 days of phase events), ICS format validation, timezone handling
`encryption.ts`	COMPLETE	14 tests covering AES-256-GCM encrypt/decrypt round-trip, error handling, key validation
`decision-engine.ts`	COMPLETE	8 priority rules + override handling with `getDecisionWithOverrides()`, 24 tests
`garmin.ts`	COMPLETE	33 tests covering fetchGarminData, fetchHrvStatus, fetchBodyBattery, fetchIntensityMinutes, isTokenExpired, daysUntilExpiry, error handling, token validation
`pocketbase.ts`	COMPLETE	9 tests covering `createPocketBaseClient()`, `isAuthenticated()`, `getCurrentUser()`, `loadAuthFromCookies()`
`auth-middleware.ts`	COMPLETE	6 tests covering `withAuth()` wrapper for API route protection
`middleware.ts` (Next.js)	COMPLETE	12 tests covering page protection, redirects to login
`logger.ts`	NOT IMPLEMENTED	P2.17 - Structured logging with pino
`metrics.ts`	NOT IMPLEMENTED	P2.16 - Prometheus metrics collection

Infrastructure Gaps (from specs/ - pending implementation)

Gap	Spec Reference	Task	Priority
Health Check Endpoint	specs/observability.md	P2.15	COMPLETE
Prometheus Metrics	specs/observability.md	P2.16	Medium
Structured Logging (pino)	specs/observability.md	P2.17	Medium
OIDC Authentication	specs/authentication.md	P2.18	Medium
Token Expiration Warnings	specs/email.md	P3.9	Medium

API Routes (17 total)

Route	Status	Notes
GET /api/user	COMPLETE	Returns user profile with `withAuth()`
PATCH /api/user	COMPLETE	Updates cycleLength, notificationTime, timezone (17 tests)
POST /api/cycle/period	COMPLETE	Logs period start, updates user, creates PeriodLog (8 tests)
GET /api/cycle/current	COMPLETE	Returns cycle day, phase, config, daysUntilNextPhase (10 tests)
GET /api/today	COMPLETE	Returns decision, cycle, biometrics, nutrition (22 tests)
POST /api/overrides	COMPLETE	Adds override to user.activeOverrides (14 tests)
DELETE /api/overrides	COMPLETE	Removes override from user.activeOverrides (14 tests)
POST /api/garmin/tokens	COMPLETE	Stores encrypted Garmin OAuth tokens (15 tests)
DELETE /api/garmin/tokens	COMPLETE	Clears tokens and disconnects Garmin (15 tests)
GET /api/garmin/status	COMPLETE	Returns connection status, expiry, warning level (11 tests)
GET /api/calendar/[userId]/[token].ics	COMPLETE	Token validation, ICS generation, caching headers (10 tests)
POST /api/calendar/regenerate-token	COMPLETE	Generates 32-char token, returns URL (9 tests)
POST /api/cron/garmin-sync	COMPLETE	Syncs Garmin data for all users, creates DailyLogs (22 tests)
POST /api/cron/notifications	COMPLETE	Sends daily emails with timezone matching, DailyLog handling (20 tests)
GET /api/history	COMPLETE	Paginated historical daily logs with date filtering (19 tests)
GET /api/health	COMPLETE	Health check for deployment monitoring (14 tests)
GET /metrics	NOT IMPLEMENTED	Prometheus metrics endpoint (P2.16)

Pages (7 total)

Page	Status	Notes
Dashboard (`/`)	COMPLETE	Wired with /api/today, DecisionCard, DataPanel, NutritionPanel, OverrideToggles
Login (`/login`)	COMPLETE	Email/password form with auth, error handling, loading states
Settings (`/settings`)	COMPLETE	Form with cycleLength, notificationTime, timezone
Settings/Garmin (`/settings/garmin`)	COMPLETE	Token management UI, connection status, disconnect functionality, 27 tests
Calendar (`/calendar`)	COMPLETE	MonthView with navigation, ICS subscription section, token regeneration, 23 tests
History (`/history`)	COMPLETE	Table view with date filtering, pagination, decision styling, 26 tests
Plan (`/plan`)	NOT IMPLEMENTED	Placeholder only - shows heading and placeholder text, needs phase details display

Components

Component	Status	Notes
`DecisionCard`	COMPLETE	Displays status, icon, reason
`DataPanel`	COMPLETE	Shows BB, HRV, intensity data
`NutritionPanel`	COMPLETE	Shows seeds, carbs, keto guidance
`OverrideToggles`	COMPLETE	Toggle buttons with callbacks
`DayCell`	COMPLETE	Phase-colored day with click handler
`MiniCalendar`	PARTIAL (~30%)	Has header with cycle info only, MISSING: calendar grid with DayCell integration
`MonthView`	COMPLETE	Calendar grid with DayCell integration, navigation controls, phase legend

Test Coverage

Test File	Status
`src/lib/cycle.test.ts`	EXISTS - 9 tests
`src/lib/decision-engine.test.ts`	EXISTS - 24 tests (8 algorithmic rules + 16 override scenarios)
`src/lib/pocketbase.test.ts`	EXISTS - 9 tests (auth helpers, cookie loading)
`src/lib/auth-middleware.test.ts`	EXISTS - 6 tests (withAuth wrapper, error handling)
`src/middleware.test.ts`	EXISTS - 12 tests (page protection, public routes, static assets)
`src/app/api/user/route.test.ts`	EXISTS - 21 tests (GET/PATCH profile, auth, validation, security)
`src/app/api/cycle/period/route.test.ts`	EXISTS - 8 tests (POST period, auth, validation, date checks)
`src/app/api/cycle/current/route.test.ts`	EXISTS - 10 tests (GET current cycle, auth, all phases, rollover, custom lengths)
`src/app/api/today/route.test.ts`	EXISTS - 22 tests (daily snapshot, auth, decision, overrides, phases, nutrition, biometrics)
`src/app/api/overrides/route.test.ts`	EXISTS - 14 tests (POST/DELETE overrides, auth, validation, type checks)
`src/app/login/page.test.tsx`	EXISTS - 14 tests (form rendering, auth flow, error handling, validation)
`src/app/page.test.tsx`	EXISTS - 23 tests (data fetching, component rendering, override toggles, error handling)
`src/lib/nutrition.test.ts`	EXISTS - 17 tests (seed cycling, carb ranges, keto guidance by phase)
`src/lib/email.test.ts`	EXISTS - 14 tests (email content, subject lines, formatting)
`src/lib/ics.test.ts`	EXISTS - 23 tests (ICS format validation, 90-day event generation, timezone handling)
`src/lib/encryption.test.ts`	EXISTS - 14 tests (encrypt/decrypt round-trip, error handling, key validation)
`src/lib/garmin.test.ts`	EXISTS - 33 tests (fetchGarminData, fetchHrvStatus, fetchBodyBattery, fetchIntensityMinutes, token expiry, error handling)
`src/app/api/garmin/tokens/route.test.ts`	EXISTS - 15 tests (POST/DELETE tokens, encryption, validation, auth)
`src/app/api/garmin/status/route.test.ts`	EXISTS - 11 tests (connection status, expiry, warning levels)
`src/app/api/cron/garmin-sync/route.test.ts`	EXISTS - 22 tests (auth, user iteration, token handling, Garmin data fetching, DailyLog creation, error handling)
`src/app/api/cron/notifications/route.test.ts`	EXISTS - 20 tests (timezone matching, DailyLog handling, email sending)
`src/app/api/calendar/[userId]/[token].ics/route.test.ts`	EXISTS - 10 tests (token validation, ICS generation, caching, error handling)
`src/app/api/calendar/regenerate-token/route.test.ts`	EXISTS - 9 tests (token generation, URL formatting, auth)
`src/app/api/history/route.test.ts`	EXISTS - 19 tests (pagination, date filtering, auth, validation)
`src/app/api/health/route.test.ts`	EXISTS - 14 tests (healthy/unhealthy states, PocketBase connectivity, error handling)
`src/app/history/page.test.tsx`	EXISTS - 26 tests (rendering, data loading, pagination, date filtering, styling)
`src/components/calendar/month-view.test.tsx`	EXISTS - 21 tests (calendar grid, phase colors, navigation, legend)
`src/app/calendar/page.test.tsx`	EXISTS - 23 tests (rendering, navigation, ICS subscription, token regeneration)
`src/app/settings/page.test.tsx`	EXISTS - 24+ tests (form rendering, validation, submission)
`src/app/settings/garmin/page.test.tsx`	EXISTS - 27 tests (connection status, token management)
`src/components/dashboard/decision-card.test.tsx`	MISSING - Needs tests for rendering, status icons
`src/components/dashboard/data-panel.test.tsx`	MISSING - Needs tests for biometrics display
`src/components/dashboard/nutrition-panel.test.tsx`	MISSING - Needs tests for nutrition guidance display
`src/components/dashboard/override-toggles.test.tsx`	MISSING - Needs tests for toggle state and callbacks
`src/components/dashboard/mini-calendar.test.tsx`	MISSING - Needs tests for header/partial implementation
`src/components/calendar/day-cell.test.tsx`	MISSING - Needs tests for phase coloring, click handler
E2E tests	AUTHORIZED SKIP - Per specs/testing.md

Critical Business Rules (from Spec)

Override Priority: flare > stress > sleep > pms (must be enforced in order)
HRV Unbalanced: ALWAYS forces REST (highest algorithmic priority, non-overridable)
Phase Limits: Strictly enforced per phase configuration
Token Expiration Warnings: Must send email at 14 days and 7 days before expiry (NOT IMPLEMENTED - P3.9)
ICS Feed: Generates 90 days of phase events for calendar subscription

P0: Critical Blockers ✅ ALL COMPLETE

These must be completed first - nothing else works without them.

P0.1: PocketBase Auth Helpers ✅ COMPLETE

Add authentication utilities to pocketbase.ts
Files:
- src/lib/pocketbase.ts - Added createPocketBaseClient(), getCurrentUser(), isAuthenticated(), loadAuthFromCookies()
Tests:
- src/lib/pocketbase.test.ts - 9 tests covering auth state management, cookie loading
Why: Every protected route and page depends on these helpers
Blocking: P0.2, P0.4, P1.1-P1.7, P2.2-P2.13

P0.2: Auth Middleware for API Routes ✅ COMPLETE

Create reusable auth middleware for protected API endpoints
Files:
- src/lib/auth-middleware.ts - Added withAuth() wrapper for route handlers
- src/middleware.ts - Added Next.js middleware for page protection
Tests:
- src/lib/auth-middleware.test.ts - 6 tests covering unauthorized rejection, user context passing, error handling
- src/middleware.test.ts - 12 tests covering protected routes, public routes, API routes, static assets
Why: All API routes except /api/calendar/[userId]/[token].ics and /api/cron/* require auth
Depends On: P0.1
Blocking: P0.4, P1.1-P1.5

P0.3: Decision Engine Override Handling ✅ COMPLETE

Add override priority logic before algorithmic decision
Files:
- src/lib/decision-engine.ts - Added getDecisionWithOverrides(data, overrides) function
Tests:
- src/lib/decision-engine.test.ts - 24 tests covering all 8 priority rules + override scenarios
Override Priority (enforced in this order):
1. flare - Always forces REST
2. stress - Forces REST
3. sleep - Forces REST
4. pms - Forces REST
Why: Overrides are core to the user experience per spec
Blocking: P1.4, P1.5

P0.4: GET /api/user Implementation ✅ COMPLETE

Return authenticated user profile
Files:
- src/app/api/user/route.ts - Implemented GET handler with withAuth() wrapper
Tests:
- src/app/api/user/route.test.ts - 4 tests covering auth, response shape, sensitive field exclusion
Response Shape:
- id, email, garminConnected, cycleLength, lastPeriodDate, notificationTime, timezone, activeOverrides
- Excludes sensitive fields: garminOauth1Token, garminOauth2Token, calendarToken
Why: Dashboard and all pages need user context
Depends On: P0.1, P0.2
Blocking: P1.7, P2.9, P2.10

P1: Core Functionality ✅ ALL COMPLETE

Minimum viable product - app can be used for daily decisions.

P1.1: PATCH /api/user Implementation ✅ COMPLETE

Allow profile updates (cycleLength, notificationTime, timezone)
Files:
- src/app/api/user/route.ts - Implemented PATCH handler with validation
Tests:
- src/app/api/user/route.test.ts - 17 tests covering field validation, persistence, security
Validation Rules:
- cycleLength: number, range 21-45 days
- notificationTime: string, HH:MM format (24-hour)
- timezone: non-empty string
Security: Ignores attempts to update non-updatable fields (email, tokens)
Why: Users need to configure their cycle and preferences
Depends On: P0.1, P0.2

P1.2: POST /api/cycle/period Implementation ✅ COMPLETE

Log period start date, update user record, create PeriodLog
Files:
- src/app/api/cycle/period/route.ts - Implemented POST handler with validation
Tests:
- src/app/api/cycle/period/route.test.ts - 8 tests covering auth, date validation, user update, PeriodLog creation
Why: Cycle tracking is the foundation of all recommendations
Depends On: P0.1, P0.2

P1.3: GET /api/cycle/current Implementation ✅ COMPLETE

Return current cycle day, phase, and phase config
Files:
- src/app/api/cycle/current/route.ts - Implemented GET using cycle.ts utilities with withAuth() wrapper
Tests:
- src/app/api/cycle/current/route.test.ts - 10 tests covering auth, validation, all phases, cycle rollover, custom cycle lengths
Response Shape:
- cycleDay, phase, phaseConfig, daysUntilNextPhase, cycleLength
Why: Dashboard needs this for display
Depends On: P0.1, P0.2, P1.2

P1.4: GET /api/today Implementation ✅ COMPLETE

Return complete daily snapshot with decision, biometrics, nutrition
Files:
- src/app/api/today/route.ts - Implemented GET with withAuth() wrapper, aggregates cycle, biometrics, and nutrition
Tests:
- src/app/api/today/route.test.ts - 22 tests covering auth, validation, decision calculation, overrides, phases, nutrition
Response Shape:
- decision (status, reason, icon), cycleDay, phase, phaseConfig, daysUntilNextPhase, cycleLength
- biometrics (hrvStatus, bodyBatteryCurrent, bodyBatteryYesterdayLow, weekIntensityMinutes, phaseLimit)
- nutrition (seeds, carbRange, ketoGuidance)
Fallback Behavior: When no DailyLog exists (Garmin not synced), returns defaults: hrvStatus="Unknown", BB=100, weekIntensity=0
Why: This is THE core API for the dashboard
Depends On: P0.1, P0.2, P0.3, P1.3

P1.5: POST/DELETE /api/overrides Implementation ✅ COMPLETE

Toggle override flags on user record
Files:
- src/app/api/overrides/route.ts - Implemented POST (add) and DELETE (remove) handlers with validation
Tests:
- src/app/api/overrides/route.test.ts - 14 tests covering auth, override types, persistence, validation, edge cases
Override Types: flare, stress, sleep, pms
POST Response: Returns updated user with new override added to activeOverrides array
DELETE Response: Returns updated user with override removed from activeOverrides array
Validation: Rejects invalid override types, duplicates on POST, missing overrides on DELETE
Why: Emergency overrides are critical for flare days
Depends On: P0.1, P0.2, P0.3

Functional login form with PocketBase auth
Files:
- src/app/login/page.tsx - Client component with email/password form, error handling, loading states, redirect
Tests:
- src/app/login/page.test.tsx - 14 tests covering rendering, form submission, auth flow, error handling, validation
Infrastructure Added:
- src/test-setup.ts - Global test setup with @testing-library/jest-dom and cleanup
- Updated vitest.config.ts to include setupFiles
Why: Users need to authenticate to use the app
Depends On: P0.1

P1.7: Dashboard Page Implementation ✅ COMPLETE

Wire up dashboard with real data from /api/today
Integrate DecisionCard, DataPanel, NutritionPanel, OverrideToggles
Implement override toggle functionality with optimistic updates
Add error handling and loading states
Files:
- src/app/page.tsx - Client component fetching /api/today, rendering all dashboard components
Tests:
- src/app/page.test.tsx - 23 tests covering data fetching, component rendering, override toggles, error handling
Features Implemented:
- Real-time decision display with cycle phase information
- Biometrics panel (HRV, Body Battery, Intensity Minutes)
- Nutrition guidance panel (seeds, carbs, keto)
- Override toggles with optimistic UI updates
- Error boundaries and loading states
Why: This is the main user interface
Depends On: P0.4, P1.3, P1.4, P1.5

P2: Important Features

Full feature set for production use.

P2.1: Garmin Data Fetching Functions ✅ COMPLETE

Add specific fetchers for HRV, Body Battery, Intensity Minutes
Files:
- src/lib/garmin.ts - Added fetchHrvStatus(), fetchBodyBattery(), fetchIntensityMinutes()
Tests:
- src/lib/garmin.test.ts - 33 tests covering API calls, response parsing, error handling (increased from 14 tests)
Functions Implemented:
- fetchHrvStatus() - Fetches HRV status (balanced/unbalanced) from Garmin
- fetchBodyBattery() - Fetches current and yesterday's low body battery values
- fetchIntensityMinutes() - Fetches weekly moderate + vigorous intensity minutes
Why: Real biometric data is required for accurate decisions

P2.2: POST/DELETE /api/garmin/tokens Implementation ✅ COMPLETE

Store encrypted Garmin OAuth tokens
Files:
- src/app/api/garmin/tokens/route.ts - POST/DELETE handlers with encryption, validation
Tests:
- src/app/api/garmin/tokens/route.test.ts - 15 tests covering encryption, validation, storage, auth, deletion
Features Implemented:
- POST: Accepts oauth1, oauth2, expires_at; encrypts tokens; stores in user record
- DELETE: Clears tokens and sets garminConnected to false
- Validation for required fields and types
- Returns daysUntilExpiry in POST response
Why: Users need to connect their Garmin accounts
Depends On: P0.1, P0.2

P2.3: GET /api/garmin/status Implementation ✅ COMPLETE

Return Garmin connection status and days until expiry
Files:
- src/app/api/garmin/status/route.ts - GET handler with expiry calculation
Tests:
- src/app/api/garmin/status/route.test.ts - 11 tests covering connected/disconnected states, expiry calc, warning levels
Response Shape:
- connected - Boolean indicating if tokens exist
- daysUntilExpiry - Days until token expires (null if not connected)
- expired - Boolean indicating if tokens have expired
- warningLevel - "critical" (<=7 days), "warning" (8-14 days), or null
Why: Users need visibility into their Garmin connection
Depends On: P0.1, P0.2, P2.1

P2.4: POST /api/cron/garmin-sync Implementation ✅ COMPLETE

Daily sync of all Garmin data for all users
Files:
- src/app/api/cron/garmin-sync/route.ts - Iterates users, fetches data, stores DailyLog
Tests:
- src/app/api/cron/garmin-sync/route.test.ts - 22 tests covering auth, user iteration, token handling, Garmin data fetching, DailyLog creation, error handling
Features Implemented:
- Fetches all users with garminConnected=true
- Skips users with expired tokens
- Decrypts OAuth2 tokens and fetches HRV, Body Battery, Intensity Minutes
- Calculates cycle day, phase, phase limit, remaining minutes
- Computes training decision using decision engine
- Creates DailyLog entries for each user
- Returns sync summary (usersProcessed, errors, skippedExpired, timestamp)
Why: Automated data sync is required for morning notifications
Depends On: P2.1, P2.2

P2.5: POST /api/cron/notifications Implementation ✅ COMPLETE

Send daily email notifications at user's preferred time
Files:
- src/app/api/cron/notifications/route.ts - Timezone-aware user matching, DailyLog fallback, email sending
Tests:
- src/app/api/cron/notifications/route.test.ts - 20 tests covering timezone matching, DailyLog handling, email sending
Features Implemented:
- Timezone-aware notification matching (finds users whose notificationTime matches current hour in their timezone)
- DailyLog-based notifications with fallback to real-time calculation when DailyLog missing
- Duplicate prevention (only sends once per user per hour)
- Nutrition guidance integration (seeds, carbs, keto)
- CRON_SECRET authentication
- Returns summary with emailsSent count and timestamp
Why: Email notifications are a key feature per spec
Depends On: P2.4

P2.6: GET /api/calendar/[userId]/[token].ics Implementation ✅ COMPLETE

Return ICS feed for calendar subscription
Files:
- src/app/api/calendar/[userId]/[token].ics/route.ts - Validates token, generates ICS with 90 days of phase events
Tests:
- src/app/api/calendar/[userId]/[token].ics/route.test.ts - 10 tests covering token validation, ICS generation, caching headers, error handling
Features Implemented:
- Token-based authentication (no session required)
- Validates calendar token against user record
- Generates 90 days of phase events using generateIcsFeed()
- Returns proper Content-Type header (text/calendar; charset=utf-8)
- Caching headers for calendar client optimization
- 404 for non-existent users, 401 for invalid tokens
Why: Calendar integration for external apps

P2.7: POST /api/calendar/regenerate-token Implementation ✅ COMPLETE

Generate new calendar token
Files:
- src/app/api/calendar/regenerate-token/route.ts - Creates random 32-char token, updates user
Tests:
- src/app/api/calendar/regenerate-token/route.test.ts - 9 tests covering token generation, URL formatting, auth
Features Implemented:
- Requires authentication via withAuth() middleware
- Generates cryptographically secure 32-character hex token
- Updates user's calendarToken field in database
- Returns new token and formatted calendar URL
- Old tokens immediately invalidated
Why: Security feature for calendar URLs
Depends On: P0.1, P0.2

P2.8: GET /api/history Implementation ✅ COMPLETE

Return paginated historical daily logs
Files:
- src/app/api/history/route.ts - Query DailyLog with pagination, date filtering, validation
Tests:
- src/app/api/history/route.test.ts - 19 tests covering pagination, date filtering, auth, validation
Features Implemented:
- Pagination with page/limit parameters (default: page=1, limit=20)
- Date filtering with startDate/endDate query params (YYYY-MM-DD format)
- Validation for all parameters with descriptive error messages
- Sort by date descending (most recent first)
- Returns items, total, page, limit, totalPages, hasMore
Why: Users want to see their training history
Depends On: P0.1, P0.2

P2.9: Settings Page Implementation ✅ COMPLETE

User profile management UI
Files:
- src/app/settings/page.tsx - Form for cycleLength, notificationTime, timezone with validation, loading states, error handling
Tests:
- src/app/settings/page.test.tsx - 24 tests covering rendering, data loading, form submission, validation, error handling
Why: Users need to configure their preferences
Depends On: P0.4, P1.1

P2.10: Settings/Garmin Page Implementation ✅ COMPLETE

Garmin connection management UI
Files:
- src/app/settings/garmin/page.tsx - Token input form, connection status, expiry warnings, disconnect button
Tests:
- src/app/settings/garmin/page.test.tsx - 27 tests covering rendering, connection states, warning levels, token submission, disconnect flow
- src/app/settings/page.test.tsx - 3 additional tests for Garmin link (28 total)
Features Implemented:
- Connection status display with green/red/gray indicators
- Token expiry warnings (yellow for 14 days, red for 7 days)
- Token input form with JSON validation
- Instructions for running bootstrap script
- Disconnect functionality
- Loading and error states
Why: Users need to manage their Garmin connection
Depends On: P0.4, P2.2, P2.3

P2.11: Calendar Page Implementation ✅ COMPLETE

In-app calendar with phase visualization
Files:
- src/app/calendar/page.tsx - Month view with navigation, ICS subscription section with URL display, copy button, token regeneration
- src/components/calendar/month-view.tsx - Complete calendar grid with DayCell integration, navigation controls, phase legend
Tests:
- src/components/calendar/month-view.test.tsx - 21 tests covering calendar grid, phase colors, navigation, legend
- src/app/calendar/page.test.tsx - 23 tests covering rendering, navigation, ICS subscription, token regeneration
Why: Planning ahead is a key user need
Depends On: P2.6

P2.12: History Page Implementation ✅ COMPLETE

View past training decisions and data
Files:
- src/app/history/page.tsx - Data fetching, table display, pagination, date filtering
Tests:
- src/app/history/page.test.tsx - 26 tests covering rendering, data loading, pagination, filtering, error handling
Why: Users want to review their training history
Depends On: P2.8

P2.13: Plan Page Implementation

Phase-specific training plan view
Current State: Placeholder only - shows "Exercise Plan" heading and placeholder text, no actual content
Files:
- src/app/plan/page.tsx - Current phase details, upcoming phases, limits
Tests:
- Component tests: phase info display, limits shown correctly
Features Needed:
- Current phase details (name, day range, characteristics)
- Upcoming phases preview
- Phase-specific training limits and recommendations
- Integration with cycle.ts utilities
Why: Users want detailed training guidance
Depends On: P0.4, P1.3

P2.14: Mini Calendar Component

Dashboard overview calendar
Current State: Component exists with header/cycle info only (~30% complete), NO calendar grid
Files:
- src/components/dashboard/mini-calendar.tsx - Needs: complete calendar grid with phase colors using DayCell
Tests:
- src/components/dashboard/mini-calendar.test.tsx - Component test: renders current month, highlights today
Features Needed:
- Calendar grid (reuse DayCell component from MonthView)
- Current week/month view
- Phase color coding
- Today highlight
Why: Quick visual reference on dashboard
Note: Can leverage existing MonthView/DayCell components for implementation

P2.15: Health Check Endpoint ✅ COMPLETE

GET /api/health for deployment monitoring
Current State: Fully implemented with PocketBase connectivity checks
Files:
- src/app/api/health/route.ts - Returns health status with PocketBase connectivity check
Tests:
- src/app/api/health/route.test.ts - 14 tests for healthy (200) and unhealthy (503) states
Response Shape:
- status - "ok" or "unhealthy"
- timestamp - ISO 8601 timestamp
- version - Application version
Checks Performed:
- PocketBase connectivity
- Basic app startup complete
Why: Required for Nomad health checks, load balancer probes, and uptime monitoring (per specs/observability.md)

P2.16: Prometheus Metrics Endpoint

GET /metrics for monitoring
Current State: Endpoint and metrics library do not exist
Files:
- src/app/api/metrics/route.ts - Returns Prometheus-format metrics
- src/lib/metrics.ts - Metrics collection with prom-client
Tests:
- src/app/api/metrics/route.test.ts - Tests for valid Prometheus format output
Metrics:
- Standard Node.js metrics (heap, eventloop lag, http requests)
- Custom: phaseflow_garmin_sync_total, phaseflow_email_sent_total, phaseflow_decision_engine_calls_total, phaseflow_active_users
Why: Required for Prometheus scraping and production monitoring (per specs/observability.md)
Depends On: None

P2.17: Structured Logging with Pino

Replace console.error with structured JSON logging
Current State: logger.ts does not exist, using console.log/error
Files:
- src/lib/logger.ts - Pino logger configuration
- All route files - Replace console.error/log with logger calls
Tests:
- src/lib/logger.test.ts - Tests for log format, levels, and JSON output
Log Levels: error, warn, info
Key Events: Auth success/failure, Garmin sync, email sent/failed, decision calculated, period logged, override toggled
Why: Required for log aggregators (Loki, ELK) and production debugging (per specs/observability.md)
Depends On: None

P2.18: OIDC Authentication

Replace email/password login with OIDC (Pocket-ID)
Current State: Using email/password form, no OIDC code exists
Files:
- src/app/login/page.tsx - Replace form with "Sign In with Pocket-ID" button
- src/lib/pocketbase.ts - Add OIDC redirect and callback handling
Tests:
- Update src/app/login/page.test.tsx - Tests for OIDC redirect flow
Flow:
1. User clicks "Sign In with Pocket-ID"
2. Redirect to Pocket-ID authorization endpoint
3. User authenticates (MFA if configured)
4. Callback with authorization code
5. PocketBase exchanges code for tokens
6. Redirect to dashboard
Environment Variables:
- POCKETBASE_OIDC_CLIENT_ID
- POCKETBASE_OIDC_CLIENT_SECRET
- POCKETBASE_OIDC_ISSUER_URL
Why: Required per specs/authentication.md for secure identity management
Note: Current email/password implementation works but OIDC is the production requirement

P3: Polish and Quality

Testing, error handling, and refinements.

P3.1: Decision Engine Tests ✅ COMPLETE

Comprehensive unit tests for all decision paths
Files:
- src/lib/decision-engine.test.ts - All 8 priority rules, override combinations (24 tests)
Test Cases Covered:
- HRV Unbalanced always forces REST (highest algorithmic priority)
- Override priority: flare > stress > sleep > pms
- Phase limits strictly enforced
- All override bypass and fallthrough scenarios
Why: Critical logic is now fully tested

P3.2: Nutrition Tests ✅ COMPLETE

Unit tests for nutrition guidance
Files:
- src/lib/nutrition.test.ts - 17 tests covering seed cycling, carb ranges, keto guidance by phase
Test Cases Covered:
- Seed cycling recommendations by phase (flax/pumpkin vs sunflower/sesame)
- Carb range calculations per phase
- Keto guidance by cycle day
- Edge cases and phase transitions
Why: Nutrition advice accuracy is now fully tested

P3.3: Email Tests ✅ COMPLETE

Unit tests for email composition
Files:
- src/lib/email.test.ts - 14 tests covering email content, subject lines, formatting
Test Cases Covered:
- Daily email composition with decision data
- Period confirmation email content
- Subject line formatting
- HTML email structure
Why: Email formatting correctness is now fully tested

P3.4: ICS Tests ✅ COMPLETE

Unit tests for calendar generation
Files:
- src/lib/ics.test.ts - 23 tests covering ICS format validation, 90-day event generation, timezone handling
Test Cases Covered:
- ICS feed generation with 90 days of phase events
- RFC 5545 format compliance
- Timezone handling (UTC conversion)
- Event boundaries and phase transitions
Why: Calendar integration compatibility is now fully tested

P3.5: Encryption Tests ✅ COMPLETE

Unit tests for encrypt/decrypt round-trip
Files:
- src/lib/encryption.test.ts - 14 tests covering AES-256-GCM round-trip, error handling, key validation
Test Cases Covered:
- Encrypt/decrypt round-trip verification
- Key validation and error handling
- IV generation uniqueness
- Malformed data handling
Why: Token security is now fully tested

P3.6: Garmin Tests ✅ COMPLETE

Unit tests for Garmin API interactions
Files:
- src/lib/garmin.test.ts - 33 tests covering API calls, error handling, token expiry (expanded in P2.1)
Test Cases Covered:
- fetchGarminData, fetchHrvStatus, fetchBodyBattery, fetchIntensityMinutes HTTP calls and response parsing
- isTokenExpired logic with various expiry dates
- daysUntilExpiry calculations
- Error handling for invalid tokens and network failures
- Response parsing for biometric data structures
Why: External API integration robustness is now fully tested

P3.7: Error Handling Improvements

Add consistent error responses across all API routes
Files:
- All route files - Standardize error format, add logging
Why: Better debugging and user experience

P3.8: Loading States

Add loading indicators to all pages
Files:
- All page files - Add loading.tsx or Suspense boundaries
Why: Better perceived performance

P3.9: Token Expiration Warnings

Email warnings at 14 and 7 days before Garmin token expiry
Current State: sendTokenExpirationWarning() function does not exist in email.ts
Files:
- src/lib/email.ts - Add sendTokenExpirationWarning()
- src/app/api/cron/garmin-sync/route.ts - Check expiry, trigger warnings
Tests:
- Test warning triggers at exactly 14 days and 7 days
Why: Users need time to refresh tokens (per spec requirement in specs/email.md)

P3.10: E2E Test Suite (AUTHORIZED SKIP)

Comprehensive end-to-end tests
Files:
- tests/e2e/*.spec.ts - Full user flows
Test Scenarios:
- Login flow
- Period logging and phase calculation
- Override toggle functionality
- Settings update flow
- Garmin connection flow
- Calendar subscription
Why: Confidence in production deployment
Status: Per specs/testing.md: "End-to-end tests are not required for MVP (authorized skip)"

P3.11: Missing Component Tests

Add unit tests for untested components
Components Needing Tests (6 total):
- src/components/dashboard/decision-card.tsx - Tests for rendering decision status, icon, and reason
- src/components/dashboard/data-panel.tsx - Tests for biometrics display (BB, HRV, intensity)
- src/components/dashboard/nutrition-panel.tsx - Tests for seeds, carbs, keto guidance display
- src/components/dashboard/override-toggles.tsx - Tests for toggle states and callbacks (has interactive state)
- src/components/dashboard/mini-calendar.tsx - Tests for header rendering (partial implementation)
- src/components/calendar/day-cell.tsx - Tests for phase coloring and click handler
Test Files to Create:
- src/components/dashboard/decision-card.test.tsx
- src/components/dashboard/data-panel.test.tsx
- src/components/dashboard/nutrition-panel.test.tsx
- src/components/dashboard/override-toggles.test.tsx
- src/components/dashboard/mini-calendar.test.tsx
- src/components/calendar/day-cell.test.tsx
Why: Component isolation ensures UI correctness and prevents regressions

P4: UX Polish and Accessibility

Enhancements from spec requirements that improve user experience.

P4.1: Dashboard Onboarding Banners

Show setup prompts for missing configuration
Spec Reference: specs/dashboard.md mentions onboarding banners
Features Needed:
- Banner when Garmin not connected
- Banner when period date not set
- Banner when notification time not configured
- Dismissible after user completes setup
Files:
- src/app/page.tsx - Add conditional banner rendering
- src/components/dashboard/onboarding-banner.tsx - New component
Why: Helps new users complete setup for full functionality

P4.2: Accessibility Improvements

Keyboard navigation and focus indicators
Spec Reference: specs/dashboard.md accessibility requirements
Requirements:
- Keyboard navigation for all interactive elements
- Visible focus indicators (focus:ring styles)
- 4.5:1 minimum contrast ratio
- Screen reader labels where needed
Files:
- All component files - Add focus:ring classes, aria-labels
Why: Required for accessibility compliance

P4.3: Dark Mode Configuration

Complete dark mode support
Current State: Partial Tailwind support via dark: classes exists in some components
Needs:
- Configure prefers-color-scheme detection in tailwind.config.js
- Theme toggle in settings (optional)
- Ensure all components have dark: variants
- Test contrast ratios in dark mode
Files:
- tailwind.config.js - Add darkMode configuration
- Component files - Verify dark: class coverage
Why: User preference for dark mode

P4.4: Loading Performance

Loading states within 100ms target
Spec Reference: specs/dashboard.md performance requirements
Features:
- Skeleton loading states
- Optimistic UI updates (partially done with overrides)
- Suspense boundaries for code splitting
Files:
- Page files - Add loading.tsx skeletons
Why: Perceived performance improvement

P4.5: Period Prediction Accuracy Feedback

Mark predicted vs confirmed period dates
Spec Reference: specs/calendar.md mentions predictions marked with "Predicted" suffix
Features:
- Visual distinction between logged and predicted periods
- Calendar events show "Predicted" label for future periods
Files:
- src/lib/ics.ts - Add "Predicted" suffix to future phase events
- src/components/calendar/day-cell.tsx - Visual indicator for predictions
Why: Helps users understand prediction accuracy

P4.6: Rate Limiting

Login attempt rate limiting
Spec Reference: specs/email.md mentions 5 login attempts per minute
Features:
- Rate limit login attempts by IP/email
- Show remaining attempts on error
- Temporary lockout after exceeding limit
Files:
- src/app/api/auth/route.ts or PocketBase config - Rate limiting logic
Why: Security requirement from spec

Implementation Order

P0.1 PocketBase Auth ──┬──> P0.2 Auth Middleware ──> P0.4 GET /api/user
                       │
P0.3 Override Logic ───┴──> P1.4 GET /api/today ──> P1.7 Dashboard

P1.1 PATCH /api/user ────> P2.9 Settings Page
P1.2 POST period ────────> P1.3 GET current ────> P1.7 Dashboard
P1.5 Overrides API ──────> P1.7 Dashboard
P1.6 Login Page ─────────> P2.18 OIDC Auth (upgrade)

P2.1 Garmin fetchers ──> P2.2 Garmin tokens ──> P2.4 Cron sync ──> P2.5 Notifications
                                                         │
                                                         └──> P3.9 Token Warnings
P2.3 Garmin status ────> P2.10 Garmin settings

P2.6 ICS endpoint ─────> P2.11 Calendar page
P2.7 Regen token

P2.8 History API ──────> P2.12 History page
P2.13 Plan page
P2.14 Mini calendar

P2.15 Health endpoint (independent - HIGH PRIORITY for deployment)
P2.16 Metrics endpoint (independent)
P2.17 Structured logging (independent, but should be done before other items for proper logging)

P3.11 Component tests ─> Can be done in parallel with other work
P4.* UX Polish ────────> After core functionality complete

Remaining Work Priority

Priority	Task	Effort	Notes
HIGH	P3.9 Token Warnings	Small	Spec requirement, security-related
Medium	P2.13 Plan Page	Medium	Placeholder exists, needs content
Medium	P2.14 MiniCalendar	Small	Can reuse DayCell, ~70% remaining
Medium	P2.16 Metrics	Medium	Production monitoring
Medium	P2.17 Logging	Medium	Should be done early for coverage
Medium	P2.18 OIDC Auth	Large	Production auth requirement
Medium	P3.11 Component Tests	Medium	6 components need tests
Low	P3.7 Error Handling	Small	Polish
Low	P3.8 Loading States	Small	Polish
Low	P4.* UX Polish	Various	After core complete

Dependency Summary

Task	Blocked By	Blocks
P0.1	-	P0.2, P0.4, P1.1-P1.6, P2.2-P2.3, P2.7-P2.8
P0.2	P0.1	P0.4, P1.1-P1.5, P2.2-P2.3, P2.7-P2.8
P0.3	-	P1.4, P1.5
P0.4	P0.1, P0.2	P1.7, P2.9, P2.10, P2.13
P2.16	-	-
P2.17	-	- (recommended early for logging coverage)
P2.18	P1.6	-
P3.9	P2.4	-
P3.11	-	-

Completed

Library

cycle.ts - Complete with 9 tests (getCycleDay, getPhase, getPhaseConfig, getPhaseLimit)
decision-engine.ts - Complete with 24 tests (getTrainingDecision + getDecisionWithOverrides)
pocketbase.ts - Complete with 9 tests (createPocketBaseClient, isAuthenticated, getCurrentUser, loadAuthFromCookies)
nutrition.ts - Complete with 17 tests (getNutritionGuidance, getSeedSwitchAlert, phase-specific carb ranges, keto guidance) (P3.2)
email.ts - Complete with 14 tests (sendDailyEmail, sendPeriodConfirmationEmail, email formatting) (P3.3)
ics.ts - Complete with 23 tests (generateIcsFeed, ICS format validation, 90-day event generation) (P3.4)
encryption.ts - Complete with 14 tests (AES-256-GCM encrypt/decrypt, round-trip validation, error handling) (P3.5)
garmin.ts - Complete with 33 tests (fetchGarminData, fetchHrvStatus, fetchBodyBattery, fetchIntensityMinutes, isTokenExpired, daysUntilExpiry, error handling) (P2.1, P3.6)
auth-middleware.ts - Complete with 6 tests (withAuth() wrapper)
middleware.ts - Complete with 12 tests (Next.js page protection)

Components

DecisionCard - Displays decision status, icon, and reason
DataPanel - Shows body battery, HRV, intensity data
NutritionPanel - Shows seeds, carbs, keto guidance
OverrideToggles - Toggle buttons for flare/stress/sleep/pms
DayCell - Phase-colored calendar day cell with click handler
MonthView - Calendar grid with DayCell integration, navigation controls (prev/next month, Today button), phase legend, 21 tests

API Routes (16 complete, 1 not implemented)

GET /api/user - Returns authenticated user profile, 4 tests (P0.4)
PATCH /api/user - Updates user profile (cycleLength, notificationTime, timezone), 17 tests (P1.1)
POST /api/cycle/period - Logs period start date, updates user, creates PeriodLog, 8 tests (P1.2)
GET /api/cycle/current - Returns cycle day, phase, phaseConfig, daysUntilNextPhase, cycleLength, 10 tests (P1.3)
GET /api/today - Returns complete daily snapshot with decision, biometrics, nutrition, 22 tests (P1.4)
POST /api/overrides - Adds override to user.activeOverrides array, 14 tests (P1.5)
DELETE /api/overrides - Removes override from user.activeOverrides array, 14 tests (P1.5)
POST /api/garmin/tokens - Stores encrypted Garmin OAuth tokens, 15 tests (P2.2)
DELETE /api/garmin/tokens - Clears tokens and disconnects Garmin, 15 tests (P2.2)
GET /api/garmin/status - Returns connection status, expiry, warning level, 11 tests (P2.3)
POST /api/cron/garmin-sync - Daily sync of Garmin data for all connected users, creates DailyLogs, 22 tests (P2.4)
POST /api/cron/notifications - Sends daily email notifications with timezone matching, DailyLog handling, nutrition guidance, 20 tests (P2.5)
GET /api/calendar/[userId]/[token].ics - Returns ICS feed with 90-day phase events, token validation, caching headers, 10 tests (P2.6)
POST /api/calendar/regenerate-token - Generates new 32-char calendar token, returns URL, 9 tests (P2.7)
GET /api/history - Paginated historical daily logs with date filtering, validation, 19 tests (P2.8)
GET /api/health - Health check endpoint with PocketBase connectivity check, 14 tests (P2.15)

Pages (6 complete, 1 placeholder)

Login Page - Email/password form with PocketBase auth, error handling, loading states, redirect, 14 tests (P1.6)
Dashboard Page - Complete daily interface with /api/today integration, DecisionCard, DataPanel, NutritionPanel, OverrideToggles, 23 tests (P1.7)
Settings Page - Form for cycleLength, notificationTime, timezone with validation, loading states, error handling, 28 tests (P2.9)
Settings/Garmin Page - Token input form, connection status, expiry warnings, disconnect functionality, 27 tests (P2.10)
Calendar Page - MonthView with navigation controls, ICS subscription section with URL display, copy button, token regeneration, 23 tests (P2.11)
History Page - Table view of DailyLogs with date filtering, pagination, decision styling, 26 tests (P2.12)

Test Infrastructure

test-setup.ts - Global test setup with @testing-library/jest-dom matchers and cleanup

Discovered Issues

Bugs and inconsistencies found during implementation

~~src/lib/auth-middleware.ts does not exist~~ - CREATED in P0.2
~~src/middleware.ts does not exist~~ - CREATED in P0.2
~~~garmin.ts is only ~~30% complete - missing specific biometric fetchers~~~~ - FIXED in P2.1 (added fetchHrvStatus, fetchBodyBattery, fetchIntensityMinutes)
~~pocketbase.ts missing all auth helper functions~~ - FIXED in P0.1
~~src/app/api/today/route.ts type error with null body battery values~~ - FIXED (added null coalescing)

Notes

TDD Approach: Each implementation task should follow TDD - write failing tests first, then implement
Auth First: P0 items unlock all other work; prioritize ruthlessly
Incremental Delivery: P1 completion = usable app without Garmin (manual data entry fallback)
P2 Completion: Full feature set with automation
P3: Quality and polish for production confidence
P4: UX polish and accessibility improvements from spec requirements
Component Reuse: Dashboard components are complete and can be used directly in P1.7
HRV Rule: HRV Unbalanced status ALWAYS forces REST - this is the highest algorithmic priority and cannot be overridden by manual toggles
Override Order: When multiple overrides are active, apply in order: flare > stress > sleep > pms
Token Warnings: Per spec, warnings must be sent at exactly 14 days and 7 days before expiry (P3.9 NOT IMPLEMENTED)
Health Check Priority: P2.15 (GET /api/health) should be implemented early - it's required for deployment monitoring and load balancer health probes
Structured Logging: P2.17 (pino logger) should be implemented before other P2 items if possible, so new code can use proper logging from the start
OIDC vs Email/Password: Current email/password login (P1.6) works for development. P2.18 upgrades to OIDC for production security per specs/authentication.md
E2E Tests: Authorized skip per specs/testing.md - unit and integration tests are sufficient for MVP
Dark Mode: Partial Tailwind support exists via dark: classes but may need prefers-color-scheme configuration in tailwind.config.js (see P4.3)
Component Tests: 6 components lack unit tests (P3.11) - DecisionCard, DataPanel, NutritionPanel, OverrideToggles, MiniCalendar, DayCell

48 KiB Raw Blame History

PhaseFlow Implementation Plan

Current State Summary

Overall Status: 517 tests passing across 30 test files

Library Implementation

Infrastructure Gaps (from specs/ - pending implementation)

API Routes (17 total)

Pages (7 total)

Components

Test Coverage

Critical Business Rules (from Spec)

P0: Critical Blockers ✅ ALL COMPLETE

P0.1: PocketBase Auth Helpers ✅ COMPLETE

P0.2: Auth Middleware for API Routes ✅ COMPLETE

P0.3: Decision Engine Override Handling ✅ COMPLETE

P0.4: GET /api/user Implementation ✅ COMPLETE

P1: Core Functionality ✅ ALL COMPLETE

P1.1: PATCH /api/user Implementation ✅ COMPLETE

P1.2: POST /api/cycle/period Implementation ✅ COMPLETE

P1.3: GET /api/cycle/current Implementation ✅ COMPLETE

P1.4: GET /api/today Implementation ✅ COMPLETE

P1.5: POST/DELETE /api/overrides Implementation ✅ COMPLETE

P1.6: Login Page Implementation ✅ COMPLETE

P1.7: Dashboard Page Implementation ✅ COMPLETE

P2: Important Features

P2.1: Garmin Data Fetching Functions ✅ COMPLETE

P2.2: POST/DELETE /api/garmin/tokens Implementation ✅ COMPLETE

P2.3: GET /api/garmin/status Implementation ✅ COMPLETE

P2.4: POST /api/cron/garmin-sync Implementation ✅ COMPLETE

P2.5: POST /api/cron/notifications Implementation ✅ COMPLETE

P2.6: GET /api/calendar/[userId]/[token].ics Implementation ✅ COMPLETE

P2.7: POST /api/calendar/regenerate-token Implementation ✅ COMPLETE

P2.8: GET /api/history Implementation ✅ COMPLETE

P2.9: Settings Page Implementation ✅ COMPLETE

P2.10: Settings/Garmin Page Implementation ✅ COMPLETE

P2.11: Calendar Page Implementation ✅ COMPLETE

P2.12: History Page Implementation ✅ COMPLETE

P2.13: Plan Page Implementation

P2.14: Mini Calendar Component

P2.15: Health Check Endpoint ✅ COMPLETE

P2.16: Prometheus Metrics Endpoint

P2.17: Structured Logging with Pino

P2.18: OIDC Authentication

P3: Polish and Quality

P3.1: Decision Engine Tests ✅ COMPLETE

P3.2: Nutrition Tests ✅ COMPLETE

P3.3: Email Tests ✅ COMPLETE

P3.4: ICS Tests ✅ COMPLETE

P3.5: Encryption Tests ✅ COMPLETE

P3.6: Garmin Tests ✅ COMPLETE

P3.7: Error Handling Improvements

P3.8: Loading States

P3.9: Token Expiration Warnings

P3.10: E2E Test Suite (AUTHORIZED SKIP)

P3.11: Missing Component Tests

P4: UX Polish and Accessibility

P4.1: Dashboard Onboarding Banners

P4.2: Accessibility Improvements

P4.3: Dark Mode Configuration

P4.4: Loading Performance

P4.5: Period Prediction Accuracy Feedback

P4.6: Rate Limiting

Implementation Order

Remaining Work Priority

Dependency Summary

Completed

Library

Components

API Routes (16 complete, 1 not implemented)

Pages (6 complete, 1 placeholder)

Test Infrastructure

Discovered Issues

Notes

48 KiB

Raw Blame History