|
| 1 | +# AGENTS.md |
| 2 | + |
| 3 | +## Purpose |
| 4 | + |
| 5 | +This repository contains a Java OAuth 2.0 / FAPI 2.0 client library plus generated OpenAPI test clients used only by tests. Prefer repository-specific changes over generic refactors. |
| 6 | + |
| 7 | +## Repository Layout |
| 8 | + |
| 9 | +- `pom.xml`: root aggregator for `test-clients` and `library`. |
| 10 | +- `library/`: the publishable artifact `com.mastercard.developer:oauth2-client-java`. |
| 11 | +- `library/src/main/java/com/mastercard/developer/oauth2/`: |
| 12 | + - `config/`: `OAuth2Config`, `SecurityProfile`, and config validation. |
| 13 | + - `core/`: auth flow logic, token handling, DPoP, and scope resolution. |
| 14 | + - `http/`: HTTP-client integrations for OkHttp, Java `HttpClient`, Apache HttpClient, Feign, Spring RestClient, and Spring WebClient. |
| 15 | + - `internal/`: JOSE and JSON-provider internals. Treat as implementation detail unless the task is explicitly internal. |
| 16 | + - `keys/`: key generation and loading utilities. |
| 17 | +- `library/src/test/java/com/mastercard/developer/oauth2/`: |
| 18 | + - unit tests next to the corresponding package areas. |
| 19 | + - `test/fixtures`, `test/helpers`, `test/mocks`: shared test scaffolding, fake servers, and environment-backed integration config. |
| 20 | +- `library/src/test/resources/keys/`: test keys and fixtures. |
| 21 | +- `test-clients/`: Maven module that generates OpenAPI clients into `target/generated-sources` during build. Do not add hand-edited source files there unless the build setup itself is changing. |
| 22 | +- `.github/workflows/`: CI definitions. Use them as the source of truth for targeted compatibility test commands. |
| 23 | +- `res/`: README assets only. |
| 24 | + |
| 25 | +## Baseline Expectations |
| 26 | + |
| 27 | +- Java baseline is 17. CI also runs on Java 21 and 25. |
| 28 | +- Maven is the build tool. |
| 29 | +- The library intentionally uses `provided` scope for HTTP client and JSON dependencies. Preserve that zero-dependency runtime model unless the task explicitly changes packaging strategy. |
| 30 | +- Runtime JSON support is intentionally pluggable. Do not hard-wire one provider unless required. |
| 31 | + |
| 32 | +## Editing Guidance |
| 33 | + |
| 34 | +- Keep public API changes deliberate. Most consumer-facing entry points live under `config`, `core`, `http`, and `keys`. |
| 35 | +- When changing one HTTP client integration, inspect the sibling adapters to preserve cross-client behavior. |
| 36 | +- Avoid editing generated output under `target/`. |
| 37 | +- Preserve the existing package structure and naming. This repo is organized by capability and transport, not by framework layer. |
| 38 | +- Keep changes ASCII unless a file already requires otherwise. |
| 39 | + |
| 40 | +## Tests And Verification |
| 41 | + |
| 42 | +- Root smoke test: |
| 43 | + - `mvn -B test` |
| 44 | +- Formatting check: |
| 45 | + - `cd library && mvn spotless:check` |
| 46 | +- Apply formatting when needed: |
| 47 | + - `cd library && mvn spotless:apply` |
| 48 | + |
| 49 | +`library` tests include both fake-server coverage and optional real Mastercard API coverage. |
| 50 | + |
| 51 | +- Real-service tests read `.env` from the repository root via `dotenv-java`. |
| 52 | +- Copy `.env.example` to `.env` and fill in `CLIENT_ID`, `KID`, `TOKEN_ENDPOINT`, `ISSUER`, `API_BASE_URL`, `READ_SCOPES`, `WRITE_SCOPES`, and `PRIVATE_KEY` to enable them. |
| 53 | +- If those values are missing, the real-service tests self-disable via JUnit assumptions, so local `mvn test` remains safe. |
| 54 | + |
| 55 | +For narrow changes, prefer the CI-style targeted commands that isolate one integration: |
| 56 | + |
| 57 | +- OkHttp: |
| 58 | + - `mvn -B test "-Dtest=com.mastercard.developer.oauth2.http.okhttp3.OAuth2InterceptorTest" "-Dsurefire.failIfNoSpecifiedTests=false"` |
| 59 | +- Java HTTP Client: |
| 60 | + - `mvn -B test "-Dtest=com.mastercard.developer.oauth2.http.java.OAuth2HttpClientTest" "-Dsurefire.failIfNoSpecifiedTests=false"` |
| 61 | +- Apache HttpClient: |
| 62 | + - `mvn -B test "-Dtest=com.mastercard.developer.oauth2.http.apache.OAuth2HttpClientTest" "-Dsurefire.failIfNoSpecifiedTests=false"` |
| 63 | +- Feign: |
| 64 | + - `mvn -B test "-Dtest=com.mastercard.developer.oauth2.http.feign.OAuth2ClientTest" "-Dsurefire.failIfNoSpecifiedTests=false"` |
| 65 | +- Spring RestClient: |
| 66 | + - `mvn -B test "-Dtest=com.mastercard.developer.oauth2.http.spring.restclient.OAuth2ClientHttpRequestInterceptorTest" "-Dsurefire.failIfNoSpecifiedTests=false"` |
| 67 | +- Spring WebClient: |
| 68 | + - `mvn -B test "-Dtest=com.mastercard.developer.oauth2.http.spring.webclient.OAuth2FilterTest" "-Dsurefire.failIfNoSpecifiedTests=false"` |
| 69 | + |
| 70 | +If you change dependency compatibility, mirror the property overrides used in `.github/workflows/` rather than inventing new ad hoc commands. |
| 71 | + |
| 72 | +## Build Details Worth Knowing |
| 73 | + |
| 74 | +- `test-clients` runs OpenAPI Generator during the Maven build and provides generated clients consumed by `library` tests. |
| 75 | +- `library` uses: |
| 76 | + - `maven-compiler-plugin` with `release` 17 |
| 77 | + - `spotless-maven-plugin` with Prettier Java formatting |
| 78 | + - `jacoco-maven-plugin` during test runs |
| 79 | + - `flatten-maven-plugin`, source/javadoc packaging, and GPG signing for publishing |
| 80 | +- A `VERSION` file is generated into `library` build output during `generate-resources`. |
| 81 | + |
| 82 | +## Practical Agent Workflow |
| 83 | + |
| 84 | +- Read `README.md`, the relevant module `pom.xml`, and the package under change before editing. |
| 85 | +- Run the smallest meaningful test set first, then widen to `mvn -B test` if the change touches shared logic. |
| 86 | +- When changing behavior in `core` or `config`, expect multiple HTTP integrations to be affected and test accordingly. |
| 87 | +- When changing OpenAPI-related compatibility behavior, inspect both `test-clients/pom.xml` and the matching workflow file in `.github/workflows/`. |
0 commit comments