diff --git a/prompt/prompt-v1.0.0-planning.md b/prompt/prompt-v1.0.0-planning.md new file mode 100644 index 0000000..4f6a038 --- /dev/null +++ b/prompt/prompt-v1.0.0-planning.md @@ -0,0 +1,699 @@ +# Prompt: Pianificazione v1.0.0 - Production Ready + +> **Progetto:** mockupAWS - Backend Profiler & Cost Estimator +> **Versione Target:** v1.0.0 +> **Obiettivo:** Production Ready Release +> **Data Analisi:** 2026-04-07 +> **Stato Attuale:** v0.5.0 completata, codebase analizzata + +--- + +## 📊 ANALISI CODEBASE ATTUALE + +### Stato Corrente (v0.5.0) +- **Backend:** ~150+ file Python (senza node_modules) +- **Frontend:** ~100+ file TypeScript/React +- **Database:** 8 tabelle (scenarios, logs, metrics, pricing, reports, users, api_keys, report_schedules) +- **Tests:** 100+ test cases E2E (Playwright) +- **Documentazione:** README, Architecture, SECURITY, CHANGELOG + +### Architettura Esistente +``` +✅ Frontend: React 18 + Vite + TypeScript + Tailwind +✅ Backend: FastAPI + SQLAlchemy 2.0 + PostgreSQL +✅ Auth: JWT (HS256) + bcrypt (cost=12) + API Keys +✅ Reports: PDF/CSV generation (ReportLab, Pandas) +✅ Charts: Recharts integration +✅ Testing: Playwright E2E +✅ DevOps: Docker Compose +``` + +### Cosa Manca per Produzione +❌ Redis caching layer +❌ Backup/restore automatizzato +❌ Monitoring e alerting +❌ Multi-tenant completo (isolation tra tenant) +❌ Production deployment guide +❌ Performance optimization +❌ Security audit completa +❌ SLA monitoring + +--- + +## 🎯 OBIETTIVI v1.0.0 - PRODUCTION READY + +### Definition of Done +Un sistema è "Production Ready" quando: +1. **Performance:** <200ms response time (p95), supporta 1000+ utenti concorrenti +2. **Reliability:** 99.9% uptime, backup automatici, disaster recovery +3. **Security:** Audit completo, pen test, vulnerabilità 0 critiche +4. **Observability:** Monitoring, alerting, logging centralizzato +5. **Scalability:** Horizontal scaling ready, caching layer +6. **Documentation:** Deployment guide, runbooks, SLA + +--- + +## 👥 ASSEGNAZIONE TASK TEAM + +### @spec-architect - Architecture & Planning (Lead) - 3 task + +#### SPEC-001: Production Architecture Design +**Priorità: P0 - DA COMPLETARE PRIMA** + +Analizzare e progettare: +- [ ] **Scalability Architecture:** + - Load balancer (Nginx/Traefik) configuration + - Horizontal scaling strategy (multiple backend instances) + - Database read replicas + - Connection pooling optimization + +- [ ] **High Availability Design:** + - Multi-region deployment strategy + - Failover mechanisms + - Circuit breaker patterns + - Graceful degradation + +- [ ] **Data Architecture:** + - Database partitioning strategy (per tenant? per data?) + - Archive strategy per dati vecchi (>1 anno) + - CDN per assets statici + +**Output:** +- `export/architecture-v1.0.0.md` - Architecture document completo +- Diagrammi architettura (PNG/SVG) +- Capacity planning (utenti, storage, banda) + +#### SPEC-002: Security Audit Plan +- [ ] **Security Checklist Completa:** + - OWASP Top 10 review + - Dependency vulnerability scan (safety, npm audit) + - Secrets management audit + - API security review (rate limiting, auth) + - Data encryption (at rest, in transit) + - Network security (firewall, VPC) + +- [ ] **Penetration Testing Plan:** + - Scope definition + - Test cases (SQL injection, XSS, CSRF, auth bypass) + - Tools: Burp Suite, OWASP ZAP + +- [ ] **Compliance Review:** + - GDPR compliance (data retention, right to be forgotten) + - SOC 2 readiness assessment + +**Output:** +- `docs/SECURITY-AUDIT-v1.0.0.md` +- Vulnerability report +- Remediation plan + +#### SPEC-003: Technical Debt Assessment +- [ ] **Code Quality Analysis:** + - Backend: radon (complexity), pylint, mypy strict + - Frontend: ESLint rules, TypeScript strict mode + - Test coverage: target >80% + +- [ ] **Refactoring Plan:** + - Identificare codice duplicato + - Ottimizzare query N+1 + - Migliorare error handling + +- [ ] **Documentation Debt:** + - API docs completeness + - Architecture decision records (ADR) + - Runbooks + +**Output:** +- `docs/TECH-DEBT-v1.0.0.md` +- Refactoring priority list + +--- + +### @db-engineer - Database & Storage - 3 task + +#### DB-001: Database Optimization +- [ ] **Indexing Strategy:** + - Analisi query lente (pg_stat_statements) + - Aggiungere indici mancanti + - Composite indexes per query frequenti + - Partial indexes per filtri comuni + +- [ ] **Query Optimization:** + - Ottimizzare query N+1 (eager loading) + - Materialized views per report pesanti + - Query refactoring + +- [ ] **Connection Pooling:** + - Configurare PgBouncer + - Ottimizzare pool size (base su concorrenza) + - Test carico + +**Output:** +- Migration per nuovi indici +- Performance benchmark (prima/dopo) +- PgBouncer configuration + +#### DB-002: Backup & Restore System +- [ ] **Automated Backups:** + - Daily full backup (pg_dump) + - Continuous WAL archiving (Point-in-Time Recovery) + - Backup retention policy (30 giorni) + - Backup encryption (AES-256) + +- [ ] **Backup Storage:** + - S3/GCS integration + - Multi-region backup replication + - Backup integrity verification + +- [ ] **Disaster Recovery:** + - Recovery Time Objective (RTO): <1 ora + - Recovery Point Objective (RPO): <5 minuti + - DR runbook e procedure + - Test restore mensile + +**Output:** +- `scripts/backup.sh` - Backup automation +- `scripts/restore.sh` - Restore procedure +- `docs/BACKUP-RESTORE.md` - Runbook completo +- Cron configuration + +#### DB-003: Data Archiving Strategy +- [ ] **Archive Policy:** + - Scenario logs > 1 anno → archive + - Scenario metrics > 2 anni → aggregate → archive + - Reports > 6 mesi → compress → S3 + +- [ ] **Archive Implementation:** + - Archive table: `scenario_logs_archive` + - Partitioning by date (monthly) + - Archive job (nightly cron) + - Query transparency (UNION con archive) + +**Output:** +- Migration per tabelle archive +- Archive job implementation +- Space saved estimation + +--- + +### @backend-dev - Performance & API - 5 task + +#### BE-PERF-004: Redis Caching Layer +- [ ] **Redis Setup:** + - Docker Compose service + - Redis configuration (persistence, maxmemory) + - Connection pooling (redis-py) + +- [ ] **Caching Strategy:** + - Cache livello 1: DB query results (scenario list, metrics) + - Cache livello 2: Report generation (cache PDF per 1 ora) + - Cache livello 3: AWS pricing (cache 24 ore) + - Cache invalidation strategy + +- [ ] **Caching Implementation:** + - Decorator `@cached(ttl=300)` per funzioni + - Cache key generation (hash params) + - Cache warming per dati frequenti + +**Output:** +- `src/core/cache.py` - Cache service +- Redis configuration +- Performance benchmark (hit/miss ratio) + +#### BE-PERF-005: Async Optimization +- [ ] **Database Async:** + - Verificare tutte le query siano async + - Connection pool optimization + - Query parallelization dove possibile + +- [ ] **Background Jobs:** + - Celery integration per task pesanti + - Report generation async + - Email sending async + - Queue monitoring (Flower) + +**Output:** +- Celery configuration +- Background tasks implementation +- Queue monitoring setup + +#### BE-API-006: API Versioning & Documentation +- [ ] **API Versioning:** + - Prefix: `/api/v2/` (mantenere v1 per retrocompatibilità) + - Deprecation headers + - Version negotiation + +- [ ] **OpenAPI Completeness:** + - Tutti gli endpoint documentati + - Schemas complete con examples + - Error responses documentate + - Authentication flows documentati + +- [ ] **API Rate Limiting Avanzato:** + - Tiered limits (free/premium/enterprise) + - Per-user, per-API-key limits + - Burst allowance + +**Output:** +- API v2 implementation +- OpenAPI spec completa +- Rate limiting configuration + +#### BE-MON-007: Monitoring & Observability +- [ ] **Application Monitoring:** + - Prometheus metrics integration + - Custom metrics (request duration, error rate, business metrics) + - Health check endpoints approfonditi + +- [ ] **Logging:** + - Structured logging (JSON) + - Log levels appropriati + - Correlation IDs per request + - Centralized logging (ELK/Loki) + +- [ ] **Tracing:** + - Distributed tracing (OpenTelemetry/Jaeger) + - Trace database queries + - Trace external API calls + +**Output:** +- Prometheus metrics endpoint +- Logging configuration +- Tracing setup +- Grafana dashboards (base) + +#### BE-SEC-008: Security Hardening +- [ ] **Security Headers:** + - HSTS, CSP, X-Frame-Options, etc. + - CORS strict configuration + +- [ ] **Input Validation:** + - Strict validation su tutti gli input + - SQL injection prevention (già fatto con SQLAlchemy) + - XSS prevention + +- [ ] **Secrets Management:** + - Vault integration (HashiCorp Vault/AWS Secrets Manager) + - Secret rotation automatica + +- [ ] **Audit Logging:** + - Log tutte le operazioni sensibili (login, API key create, delete) + - Immutable audit log + - Audit log retention (1 anno) + +**Output:** +- Security middleware +- Audit logging implementation +- Secrets management integration + +--- + +### @frontend-dev - Performance & UX - 4 task + +#### FE-PERF-009: Frontend Optimization +- [ ] **Bundle Optimization:** + - Code splitting (lazy loading routes) + - Tree shaking optimization + - Vendor chunk separation + - Target: <200KB main bundle + +- [ ] **Rendering Performance:** + - React.memo per componenti pesanti + - useMemo/useCallback optimization + - Virtual scrolling per lista scenari (react-window) + - Lazy loading charts (import dinamico) + +- [ ] **Caching:** + - Service Worker per offline capability + - Cache API per dati frequenti + - Stale-while-revalidate strategy + +**Output:** +- Optimized bundle +- Lighthouse score >90 +- Performance audit report + +#### FE-UX-010: Advanced UX Features +- [ ] **Onboarding Tutorial:** + - First-time user tour (react-joyride) + - Feature highlights + - Interactive guides + +- [ ] **Keyboard Shortcuts:** + - Ctrl/Cmd+K: Command palette + - N: New scenario + - C: Compare + - R: Reports + - Esc: Close modal + +- [ ] **Bulk Operations:** + - Multi-select scenari + - Bulk delete + - Bulk export + +- [ ] **Drag & Drop:** + - Reorder scenari in dashboard + - Drag files per import + +**Output:** +- Onboarding component +- Keyboard shortcuts implementation +- Bulk operations UI + +#### FE-ANALYTICS-011: Usage Analytics Dashboard +- [ ] **Analytics Collection:** + - Track page views, feature usage + - Track performance metrics (load time, TTI) + - Privacy-compliant (no PII) + +- [ ] **Analytics Dashboard:** + - Monthly active users (MAU) + - Feature adoption rates + - Performance metrics over time + - Error tracking dashboard + +- [ ] **Cost Predictions:** + - Trend analysis + - Cost forecasting (ML-based semplice) + - Anomaly detection in costs + +**Output:** +- Analytics tracking +- Analytics dashboard page +- Cost prediction component + +#### FE-A11Y-012: Accessibility & i18n +- [ ] **Accessibility:** + - WCAG 2.1 AA compliance + - Screen reader testing + - Keyboard navigation + - Focus management + - Color contrast verification + +- [ ] **Internationalization (i18n):** + - i18next integration + - Lingue: English, Italian (base) + - RTL support (futuro) + - Date/number formatting locale-aware + +**Output:** +- A11y audit report +- i18n setup +- Translation files + +--- + +### @devops-engineer - Production Deployment - 4 task + +#### DEV-DEPLOY-013: Production Deployment Guide +- [ ] **Deployment Options:** + - Docker Compose (single server) + - Kubernetes (k8s) manifests + - AWS ECS/Fargate + - AWS Elastic Beanstalk + - Heroku (per demo) + +- [ ] **Infrastructure as Code:** + - Terraform per AWS resources + - Ansible per server configuration + - Environment-specific configs + +- [ ] **CI/CD Pipeline:** + - GitHub Actions workflow + - Automated testing + - Automated deployment (staging → production) + - Blue-green deployment strategy + - Rollback procedures + +**Output:** +- `docs/DEPLOYMENT-GUIDE.md` - Complete guide +- Terraform configurations +- GitHub Actions workflows +- Deployment scripts + +#### DEV-INFRA-014: Cloud Infrastructure +- [ ] **AWS Setup:** + - VPC, Subnets, Security Groups + - RDS PostgreSQL (Multi-AZ) + - ElastiCache Redis + - S3 per backups e assets + - CloudFront CDN + - Route53 DNS + - Application Load Balancer + - Auto Scaling Group + +- [ ] **Security:** + - AWS WAF (Web Application Firewall) + - AWS Shield (DDoS protection) + - Secrets Manager + - KMS per encryption + +**Output:** +- Terraform modules +- AWS architecture diagram +- Cost estimation + +#### DEV-MON-015: Production Monitoring +- [ ] **Monitoring Stack:** + - Prometheus + Grafana (o AWS CloudWatch) + - Uptime monitoring (Pingdom/UptimeRobot) + - Error tracking (Sentry) + - Log aggregation (ELK o AWS OpenSearch) + +- [ ] **Alerting:** + - PagerDuty/Opsgenie integration + - Alert rules: + - Error rate >1% + - Response time >500ms (p95) + - 5xx errors >10/min + - Disk usage >80% + - Memory usage >85% + - On-call rotation + +**Output:** +- Monitoring configuration +- Grafana dashboards +- Alert rules +- Runbooks + +#### DEV-SLA-016: SLA & Support Setup +- [ ] **SLA Definition:** + - Uptime: 99.9% (massimo 43 minuti down/mese) + - Response time: <200ms (p50), <500ms (p95) + - Support response: <4 ore (business hours) + +- [ ] **Support Infrastructure:** + - Help desk (Zendesk/Intercom) + - Status page (Statuspage.io) + - Documentation pubblica + - FAQ/Knowledge base + +- [ ] **Incident Management:** + - Incident response procedure + - Post-mortem template + - Communication templates + +**Output:** +- SLA document +- Support process documentation +- Status page setup +- Incident response runbook + +--- + +### @qa-engineer - Testing & Quality - 3 task + +#### QA-PERF-017: Performance Testing +- [ ] **Load Testing:** + - k6/Locust scripts + - Scenarios: 100, 500, 1000 utenti concorrenti + - Test endpoints critici + - Database load testing + +- [ ] **Stress Testing:** + - Find breaking point + - Test recovery + - Test degradation + +- [ ] **Benchmarks:** + - Response time baselines + - Throughput baselines + - Memory/CPU usage baselines + +**Output:** +- Performance test suite +- Benchmark results +- Performance report + +#### QA-E2E-018: E2E Test Completeness +- [ ] **Test Coverage:** + - Target: >80% feature coverage + - Critical paths: 100% coverage + - Cross-browser testing (Chrome, Firefox, Safari) + - Mobile testing (iOS, Android) + +- [ ] **Test Stability:** + - Fix flaky tests + - Parallel test execution + - Test data management + +- [ ] **Visual Regression:** + - Percy/Chromatic integration + - Component-level testing + +**Output:** +- E2E test suite completo +- Cross-browser test results +- Visual regression baseline + +#### QA-SEC-019: Security Testing +- [ ] **Automated Security Tests:** + - Dependency scanning (Snyk) + - SAST (SonarQube) + - Container scanning (Trivy) + - Secret scanning (GitLeaks) + +- [ ] **Penetration Testing:** + - OWASP ZAP automated scan + - Manual penetration testing + - API security testing + +**Output:** +- Security test suite +- Vulnerability report +- Security sign-off + +--- + +## 📅 TIMELINE v1.0.0 (6-8 settimane) + +### Week 1: Planning & Architecture +- **@spec-architect:** SPEC-001, SPEC-002 (Architecture + Security audit plan) +- **@db-engineer:** DB-001 (Database optimization) +- **Team:** Kickoff meeting, scope finalization + +### Week 2-3: Core Performance & Backend +- **@backend-dev:** BE-PERF-004 (Redis), BE-PERF-005 (Async) +- **@db-engineer:** DB-002 (Backup), DB-003 (Archive) +- **@frontend-dev:** FE-PERF-009 (Frontend optimization) + +### Week 4: Security & Monitoring +- **@backend-dev:** BE-SEC-008 (Security), BE-MON-007 (Monitoring) +- **@spec-architect:** SPEC-003 (Tech debt) +- **@qa-engineer:** QA-SEC-019 (Security testing) + +### Week 5: UX & Frontend Polish +- **@frontend-dev:** FE-UX-010 (UX features), FE-ANALYTICS-011 (Analytics) +- **@frontend-dev:** FE-A11Y-012 (A11y + i18n) + +### Week 6: Deployment & Infrastructure +- **@devops-engineer:** DEV-DEPLOY-013 (Deployment guide), DEV-INFRA-014 (AWS) +- **@devops-engineer:** DEV-MON-015 (Monitoring) + +### Week 7: Testing & QA +- **@qa-engineer:** QA-PERF-017 (Performance testing), QA-E2E-018 (E2E completeness) +- **Team:** Bug fixing + +### Week 8: Documentation & Launch Prep +- **@devops-engineer:** DEV-SLA-016 (SLA & Support) +- **@spec-architect:** Final review, sign-offs +- **Team:** Documentation finalization +- **Launch:** Release v1.0.0! 🎉 + +--- + +## ✅ CHECKLIST PRE-LAUNCH v1.0.0 + +### Performance +- [ ] Load testing: 1000 utenti concorrenti OK +- [ ] Response time <200ms (p95) +- [ ] Lighthouse score >90 +- [ ] Redis cache hit ratio >80% + +### Reliability +- [ ] Automated backups tested +- [ ] DR tested (RTO <1 ora) +- [ ] Zero data loss verified +- [ ] 99.9% uptime in staging (1 settimana) + +### Security +- [ ] Security audit passed +- [ ] Penetration test: 0 critiche +- [ ] Dependencies: 0 vulnerabilità critiche +- [ ] Audit logging attivo + +### Observability +- [ ] Monitoring: tutte le metriche visibili +- [ ] Alerting: test alert ricevuti +- [ ] Logging: searchable e correlato +- [ ] Runbooks: testati e validi + +### Documentation +- [ ] Deployment guide: testato da terzi +- [ ] API docs: complete e accurate +- [ ] Runbooks: chiari e completi +- [ ] SLA: definito e comunicato + +### Legal/Compliance +- [ ] Privacy policy +- [ ] Terms of service +- [ ] GDPR compliance verificato +- [ ] Cookie consent + +--- + +## 🎯 SUCCESS CRITERIA v1.0.0 + +Il progetto è v1.0.0 quando: +1. ✅ Tutti i task completati +2. ✅ Tutti i test passano (>80% coverage) +3. ✅ Performance benchmarks raggiunti +4. ✅ Security audit passed +5. ✅ Deployment guide testato +6. ✅ Documentazione completa +7. ✅ Monitoring e alerting funzionanti +8. ✅ SLA definito + +--- + +## 🚀 COMANDO DI AVVIO + +Per ogni membro del team: + +```bash +# @spec-architect +cd /home/google/Sources/LucaSacchiNet/mockupAWS +# Inizia analisi architettura esistente +# Crea architecture-v1.0.0.md + +# @db-engineer +cd /home/google/Sources/LucaSacchiNet/mockupAWS +# Analizza query performance (pg_stat_statements) +# Inizia ottimizzazione indici + +# @backend-dev +cd /home/google/Sources/LucaSacchiNet/mockupAWS +# Aggiungi Redis a docker-compose +# Inizia implementazione cache layer + +# @frontend-dev +cd /home/google/Sources/LucaSacchiNet/mockupAWS/frontend +# Analizza bundle size (npm run build --analyze) +# Inizia code splitting + +# @devops-engineer +cd /home/google/Sources/LucaSacchiNet/mockupAWS +# Crea Terraform directory structure +# Inizia deployment guide + +# @qa-engineer +cd /home/google/Sources/LucaSacchiNet/mockupAWS/frontend +# Setup k6/Locust +# Inizia performance test planning +``` + +--- + +**Team, la v1.0.0 è la nostra major release! Portiamo mockupAWS in produzione con performance, sicurezza e affidabilità enterprise-grade! 🚀🔐📊** + +*Prompt v1.0.0 planning generato il 2026-04-07* +*Stato codebase: v0.5.0 completa, analizzata e pronta per evoluzione*