From 0926e3b68c179f55f1a491702bcc23fa47c1f254 Mon Sep 17 00:00:00 2001 From: hannesrudolph Date: Tue, 29 Jul 2025 11:14:36 -0600 Subject: [PATCH] docs: update docs extractor mode configuration and rules - Update extraction workflow with enhanced verification steps - Improve analysis techniques for better accuracy assessment - Enhance tool usage guide with file naming patterns - Add comprehensive extraction examples - Update communication guidelines for clearer reporting - Modify roomodes configuration for docs-extractor mode --- .../1_extraction_workflow.xml | 227 ++- .../3_analysis_techniques.xml | 274 +++- .../4_tool_usage_guide.xml | 293 ++-- .../5_complete_extraction_examples.xml | 1363 ++++++++--------- .../6_communication_guidelines.xml | 139 +- .roomodes | 15 +- 6 files changed, 1339 insertions(+), 972 deletions(-) diff --git a/.roo/rules-docs-extractor/1_extraction_workflow.xml b/.roo/rules-docs-extractor/1_extraction_workflow.xml index 936cba7edd..088fc1ae89 100644 --- a/.roo/rules-docs-extractor/1_extraction_workflow.xml +++ b/.roo/rules-docs-extractor/1_extraction_workflow.xml @@ -1,8 +1,10 @@ - The Docs Extractor mode analyzes features to generate documentation. - It extracts technical details, business logic, and user workflows - for different audiences. + The Docs Extractor mode has two primary functions: + 1. Extract technical and non-technical details about features to provide to documentation teams + 2. Verify existing documentation for factual accuracy against the codebase + + This mode does not generate final documentation but provides detailed analysis and verification. @@ -10,25 +12,23 @@ Parse Request Identify the feature or component in the user's request. - Determine if the request is for a review or to generate new documentation. - Default to user-friendly docs unless technical output is requested. - Note any specific areas to emphasize. + Determine if the request is for extraction or verification. + For extraction: Note what level of detail is needed (technical vs non-technical). + For verification: Identify the documentation to be verified. + Note any specific areas to emphasize or check. - The initial request determines the workflow path (review vs. generation). + The mode branches into extraction or verification based on the request. Discover Feature - Find related code with semantic search. + Locate relevant code using appropriate search methods. Identify entry points and components. Map the high-level architecture. + Use any combination of tools to understand the feature. - -[feature name] implementation main entry point - - ]]> + Use the most effective discovery method for the situation - file exploration, search, or direct navigation. @@ -66,22 +66,68 @@ + + UI/UX and User Experience Analysis + + + Analyze user interface components +
+ - UI components and their interactions + - Forms, buttons, navigation elements + - Visual feedback and loading states + - Responsive design considerations + - Accessibility features +
+ + + Map user journeys and interactions +
+ - Step-by-step user workflows + - Click paths and navigation flows + - User decision points + - Input validation and error messaging + - Success and failure scenarios +
+ + + Document user experience elements +
+ - Page layouts and information architecture + - Interactive elements and their behaviors + - Tooltips, help text, and guidance + - Confirmation dialogs and warnings + - Progress indicators and status updates +
+ + + Capture visual and behavioral patterns +
+ - Color schemes and theming + - Animation and transitions + - Keyboard shortcuts and accessibility + - Mobile vs desktop experiences + - Browser-specific considerations +
+ + + + Business Logic Extraction - Map workflows + Map workflows from user perspective
- - User journey + - User journey through the feature - Decision points and branching - - State transitions - - Roles and permissions + - State transitions visible to users + - Roles and permissions affecting UI
Document business rules
- - Validation logic + - Validation logic and user feedback - Formulas and algorithms - Business process implementations - Compliance requirements @@ -92,8 +138,8 @@
- Primary use cases - Edge cases - - Error scenarios - - Performance factors + - Error scenarios and user recovery + - Performance factors affecting UX
@@ -199,38 +245,117 @@ - - Workflow branches here: review existing docs or generate new docs. - - Path 1: Review and Recommend - Used when a document is provided for review. - - Compare provided docs against codebase analysis. - Identify inaccuracies, omissions, and areas for improvement. - Categorize issues by severity (Critical, Major, Minor). - Formulate a structured recommendation in chat. - Do not write files. - Final output is only the recommendation. - - - - Path 2: Generate Documentation - Used when new documentation is requested. - - Select a template from `2_documentation_patterns.xml`. - Structure the document with clear sections and examples. - Create `DOCS-TEMP-[feature].md` with generated content. - Apply tone and examples from `7_user_friendly_examples.xml`. - - - + + + Extract Feature Details + Analyze and extract comprehensive details for documentation team + + + Compile Technical Details + + List all technical components and their relationships + Document APIs, data structures, and algorithms + Extract configuration options and their impacts + Identify error handling and edge cases + Note performance characteristics and limitations + + + + Extract Non-Technical Information + + Describe complete user experience and workflows + Document UI interactions and visual elements + Explain business logic in plain language + Identify user benefits and use cases + Document common scenarios with UI context + Note prerequisites and user-facing dependencies + Capture error messages and user guidance + + + + Create Extraction Report + + Organize findings into clear categories + Separate technical and non-technical information + Include code snippets and examples where helpful + Create `EXTRACTION-[feature].md` with findings + Highlight areas that need special attention in documentation + + + - Executive summary of the feature + - UI/UX analysis and user experience + - Technical details section + - Non-technical/user-facing details + - User workflows and interactions + - Configuration and setup information + - Common use cases with UI context + - Error handling and user guidance + - Potential documentation considerations + + + + + + + Verify Documentation Accuracy + Check existing documentation against codebase reality + + + Analyze Provided Documentation + + Parse the documentation to identify claims and descriptions + Extract technical specifications mentioned + Note user-facing features and workflows described + Identify configuration options and examples provided + + + + Verify Against Codebase + + Check technical claims against actual implementation + Verify API endpoints, parameters, and responses + Confirm configuration options and defaults + Validate code examples and snippets + Check if described workflows match implementation + + + + Create Verification Report + + Categorize findings by severity (Critical, Major, Minor) + List all inaccuracies with correct information + Identify missing important information + Note outdated or deprecated content + Provide specific corrections and suggestions + Create `VERIFICATION-[feature].md` with findings + + + - Verification summary (Accurate/Needs Updates) + - Critical inaccuracies that could mislead users + - Technical corrections needed + - Missing information that should be added + - Suggestions for clarity improvements + - Overall recommendations + + + + + - Code paths analyzed - Business logic documented - Integration points mapped - Security addressed - Audience needs met - Metadata and links are complete + + All code paths analyzed + Technical details comprehensively extracted + Non-technical information clearly explained + Use cases and examples provided + Report organized for documentation team use + + + All documentation claims verified + Inaccuracies identified and corrected + Missing information noted + Suggestions for improvement provided + Clear verification report created + \ No newline at end of file diff --git a/.roo/rules-docs-extractor/3_analysis_techniques.xml b/.roo/rules-docs-extractor/3_analysis_techniques.xml index 4ab4cb17cc..b9ef93d1f3 100644 --- a/.roo/rules-docs-extractor/3_analysis_techniques.xml +++ b/.roo/rules-docs-extractor/3_analysis_techniques.xml @@ -3,7 +3,191 @@ Techniques for analyzing code to extract documentation. + + + + Find and analyze UI components and their interactions + + + + Search for UI component files + + +src +\.(tsx|jsx|vue)$|@Component|export.*component +*.tsx + + + + +src + + + ]]> + + + + Analyze styling and visual elements + + +src/styles +true + + + + +src +className=|style=|styled\.|makeStyles|@apply + + ]]> + + + + + + + Map user interactions and navigation flows + + + Route definitions and navigation + Form submissions and validations + Button clicks and event handlers + State changes and UI updates + Loading and error states + + + +src +Route.*path=|router\.push|navigate\(|Link.*to= + + + + +src +onClick=|onSubmit=|onChange=|handleClick|handleSubmit + + + + +src +validate|validation|required|pattern=|minLength|maxLength + + ]]> + + + + + Analyze how the system communicates with users + + + Error messages and alerts + Success notifications + Loading indicators + Tooltips and help text + Confirmation dialogs + Progress indicators + + + +src +toast|notification|alert|message|error.*message|success.*message + + + + +src +loading|isLoading|pending|spinner|skeleton|placeholder + + + + +src +modal|dialog|confirm|popup|overlay + + ]]> + + + + + Check for accessibility features and compliance + + + ARIA labels and roles + Keyboard navigation support + Screen reader compatibility + Focus management + Color contrast considerations + + + +src +aria-|role=|tabIndex|alt=|title=|accessibilityLabel + + + + +src +focus\(|blur\(|onFocus|onBlur|autoFocus|focusable + + ]]> + + + + + Analyze responsive design and mobile experience + + + Breakpoint definitions + Mobile-specific components + Touch event handlers + Viewport configurations + Media queries + + + +src +@media|breakpoint|mobile|tablet|desktop|responsive + + + + +src +onTouch|swipe|gesture|tap|press + + ]]> + + + + + + Use semantic search to find conceptually related code when available. + + + Finding code by concept rather than keywords + Discovering implementations across different naming conventions + When pattern-based search isn't finding expected results + + + +user authentication login security JWT token validation + + + + +payment processing transaction billing invoice checkout + + ]]> + This is an optional tool - use when semantic understanding would help find related code that keyword search might miss + + Analyze entry points to understand feature flow. @@ -14,23 +198,60 @@ Map decision branches. Document input validation. - - -main function app.listen server.start router controller handler - - - - -src/controllers/feature.controller.ts - + + + Start by exploring directory structure + + +src +false + + + +src/controllers +true + + ]]> + + + + Search for specific patterns + src (app\.(get|post|put|delete)|@(Get|Post|Put|Delete)|router\.(get|post|put|delete)) - ]]> + ]]> + + + + Read known entry points directly + + +src/app.ts + + + + +src/controllers/feature.controller.ts + + ]]> + + + + Use semantic search as an alternative discovery method + + +main entry point application startup initialization bootstrap + + ]]> + + @@ -76,24 +297,39 @@ type\s+(Query|Mutation|Subscription)\s*{[^}]+}|@(Query|Mutation|Resolver) Message queue integrations Filesystem operations - + + Start with package.json to understand dependencies + + +package.json + + ]]> + + + + Follow import chains to map dependencies + src ^import\s+.*from\s+['"]([^'"]+)['"]|require\s*\(\s*['"]([^'"]+)['"]\s*\) - - - -package.json - - + ]]> + + + + Find external API integrations + src (fetch|axios|http\.request|request\(|\.get\(|\.post\() - ]]> + ]]> + + diff --git a/.roo/rules-docs-extractor/4_tool_usage_guide.xml b/.roo/rules-docs-extractor/4_tool_usage_guide.xml index d746141daa..5049917273 100644 --- a/.roo/rules-docs-extractor/4_tool_usage_guide.xml +++ b/.roo/rules-docs-extractor/4_tool_usage_guide.xml @@ -3,125 +3,117 @@ Guidance on using tools for documentation extraction. - - - codebase_search - Initial code discovery. - - - Find feature entry points - -authentication login user session JWT token - - ]]> - - - Find business logic - -calculate pricing discount tax invoice billing - - ]]> - - - Find configuration - -config settings environment variables .env process.env - - ]]> - - - - - - list_code_definition_names - Understand code structure. - - Use on core feature directories. - Analyze implementation and test directories. - Look for naming patterns. - - -src/features/authentication - - ]]> - - - - read_file - Analyze specific implementations. - - Read main feature files. - Follow imports to find dependencies. - Read test files for expected behavior. - Examine config and type definition files. - - - - - src/controllers/auth.controller.ts - - - src/services/auth.service.ts - - - src/models/user.model.ts - - - src/types/auth.types.ts - - - src/__tests__/auth.test.ts - - - - ]]> - - - - search_files - Find specific patterns. - - - Find API endpoints - -src -@(Get|Post|Put|Delete|Patch)\(['"]([^'"]+)['"]|router\.(get|post|put|delete|patch)\(['"]([^'"]+)['"] - - ]]> - - - Find error handling - -src -throw new \w+Error|catch \(|\.catch\(|try \{ - - ]]> - - - Find config usage - -src -process\.env\.\w+|config\.get\(['"]([^'"]+)['"]|getConfig\(\) - - ]]> - - - - + + + Use the most appropriate tools for the situation + + Start with what you know - file names, directory structure, or keywords + Use multiple discovery methods to build understanding + Adapt your approach based on the codebase structure + + + + + + Explore directory structure and find relevant files + + - Starting exploration of a feature area + - Understanding project organization + - Finding configuration or test files + + + + + Examine specific files in detail + + - Analyzing implementation details + - Understanding configuration + - Reading documentation or comments + + Read multiple related files together for better context + + + + Find specific patterns or text + + - Locating API endpoints + - Finding configuration usage + - Tracking down error handling + - Discovering cross-references + + + + + Get overview of code structure + + - Understanding module organization + - Identifying main components + - Finding test coverage + + + + + Semantic search when available + + - Finding conceptually related code + - Discovering implementations by functionality + - When keyword search isn't sufficient + + Optional - use when semantic understanding is needed + + + + + + Start from high-level structure and drill down + + List files in feature directory + Identify main entry points + Follow imports and dependencies + Examine implementation details + + + + + Use tests to understand expected behavior + + Find test files for the feature + Read test descriptions and scenarios + Trace back to implementation + Verify behavior matches tests + + + + + Start with configuration to understand setup + + Find configuration files + Identify feature flags and settings + Trace usage in code + Document impacts of each setting + + + + + Map external interfaces first + + Search for route definitions + Find API controllers or handlers + Trace to business logic + Document request/response flow + + + + - Create documentation file for new docs. - Not used for reviews. Feedback for reviews is provided in chat. - DOCS-TEMP-[feature-name].md + Create extraction or verification report files. + Generates reports for documentation teams, not final documentation. + + - For extraction: EXTRACTION-[feature-name].md + - For verification: VERIFICATION-[feature-name].md + Use descriptive feature name in filename. Include table of contents. @@ -130,7 +122,7 @@ -DOCS-TEMP-authentication-system.md +EXTRACTION-authentication-system.md # Authentication System Documentation @@ -184,47 +176,72 @@ The authentication system provides secure user authentication using JWT tokens.. - Find all files related to a feature. + Find all files related to a feature using various methods. - - - Start with semantic search. - -feature implementation main logic - - ]]> - - - List directory structure. + + + Start by exploring likely directories -src/features +src +false + + + + +src/features/[feature-name] true ]]> - - - Find related tests. + + + + Search for feature-related patterns + +src +feature-name|FeatureName + + + src describe\(['"].*Feature.*['"]|test\(['"].*feature.*['"] *.test.ts ]]> - - - Find config files. + + + + Find configuration files + +config +true + + + . feature.*config|settings.*feature *.json ]]> - - + + + + Use semantic search if available and helpful + + +feature implementation main logic + + ]]> + This is optional - use when other methods aren't sufficient + + diff --git a/.roo/rules-docs-extractor/5_complete_extraction_examples.xml b/.roo/rules-docs-extractor/5_complete_extraction_examples.xml index 3975b5b262..8c644e2f03 100644 --- a/.roo/rules-docs-extractor/5_complete_extraction_examples.xml +++ b/.roo/rules-docs-extractor/5_complete_extraction_examples.xml @@ -1,42 +1,54 @@ - Examples of the documentation extraction workflow. + Examples of both documentation extraction and verification workflows demonstrating flexible discovery methods and comprehensive UI/UX analysis. - Extract documentation for a JWT-based authentication system, including login, token refresh, and RBAC. + Extract comprehensive documentation for a JWT-based authentication system, including technical implementation, UI/UX elements, and user workflows. - Discover feature + Initialize and discover feature using flexible methods -authentication JWT login logout token refresh auth middleware - + + +src +false + + ]]> + Look for auth-related directories like auth/, authentication/, or security/ + +src/auth +true + ]]> - - Auth controllers, services, middleware, models, and routes. + - Auth controllers, services, middleware, models, and routes + - Login components and forms + - Session management UI - Analyze structure + Analyze code structure and architecture src/auth ]]> - - Identify main classes/functions. - - Map auth flow. - - Find token generation/validation logic. + - Identify main classes/functions + - Map authentication flow + - Find token generation/validation logic + - Locate UI components - Read core files + Read core implementation files @@ -61,872 +73,809 @@ - Extract API endpoints + UI/UX Analysis - Discover UI components -src/auth -@(Post|Get)\(['"]\/auth\/[^'"]+['"]|router\.(post|get)\(['"]\/auth\/[^'"]+['"] +src/components +(Login|Auth|Session|Password).*\.(tsx?|jsx?) +*.tsx ]]> - - - POST /auth/login, POST /auth/logout, POST /auth/refresh, GET /auth/profile, POST /auth/register - + + + + src/components/LoginForm.tsx + + + src/components/SessionManager.tsx + + + src/components/PasswordReset.tsx + + + + ]]> - Extract configuration + UI/UX Analysis - Map user interactions -src -JWT_SECRET|JWT_EXPIRATION|AUTH_.*|process\.env\.\w*AUTH\w* +src/components +onClick|onSubmit|onChange|handleSubmit|validate ]]> + + - Form validation patterns + - User feedback mechanisms + - Error handling UI + - Loading states + - Analyze security + UI/UX Analysis - Visual patterns and accessibility -src/auth -bcrypt|hash|salt|encrypt|sanitize|validate|@IsEmail|@MinLength +src +className=|style=|theme\.|aria-|role= +*.tsx + + ]]> + +src/styles +\.login|\.auth|\.session +*.css ]]> - Generate docs + Extract API endpoints and configuration -DOCS-TEMP-authentication-system.md - -# Authentication System Documentation - -## Table of Contents -1. [Overview](#overview) -2. [Quick Start](#quick-start) -3. [Architecture](#architecture) -4. [API Reference](#api-reference) -5. [Configuration](#configuration) -6. [Security](#security) -7. [User Guide](#user-guide) -8. [Developer Guide](#developer-guide) -9. [Troubleshooting](#troubleshooting) - ---- - -## Overview - -### Purpose -The authentication system provides secure user authentication using JWT (JSON Web Tokens) with support for: -- User registration and login -- Token-based authentication -- Refresh token rotation -- Role-based access control (RBAC) -- Session management -- Password reset functionality - -### Key Features -- **JWT Authentication**: Stateless authentication using signed tokens -- **Refresh Tokens**: Long-lived tokens for seamless user experience -- **Role-Based Access**: Fine-grained permission control -- **Security**: bcrypt password hashing, rate limiting, CSRF protection -- **Multi-device Support**: Token management across devices - -### Version Information -- **Current Version**: 2.1.0 -- **Minimum Node.js**: 14.0.0 -- **Dependencies**: - - jsonwebtoken: ^9.0.0 - - bcrypt: ^5.1.0 - - passport: ^0.6.0 - ---- - -## Quick Start - -### For Users -1. Register a new account: - ```bash - POST /api/auth/register - { - "email": "user@example.com", - "password": "SecurePassword123!", - "name": "John Doe" - } - ``` - -2. Login to receive tokens: - ```bash - POST /api/auth/login - { - "email": "user@example.com", - "password": "SecurePassword123!" - } - ``` - -3. Use the access token in subsequent requests: - ```bash - Authorization: Bearer - ``` - -### For Developers -```typescript -// Import authentication module -import { AuthModule } from './auth/auth.module'; - -// Configure in app module -@Module({ - imports: [ - AuthModule.forRoot({ - jwtSecret: process.env.JWT_SECRET, - jwtExpiration: '15m', - refreshExpiration: '7d' - }) - ] -}) -export class AppModule {} -``` - ---- - -## Architecture - -### System Overview -``` -┌─────────────┐ ┌──────────────┐ ┌─────────────┐ -│ Client │────▶│ Auth Guard │────▶│ Service │ -└─────────────┘ └──────────────┘ └─────────────┘ - │ │ - ▼ ▼ - ┌──────────────┐ ┌─────────────┐ - │ JWT Strategy │ │ Database │ - └──────────────┘ └─────────────┘ -``` - -### Components -- **AuthController**: Handles HTTP requests for authentication endpoints -- **AuthService**: Core authentication logic and token management -- **JwtStrategy**: Passport strategy for JWT validation -- **AuthGuard**: Route protection middleware -- **UserService**: User management and database operations - -### Token Flow -1. User provides credentials -2. System validates credentials against database -3. Generate access token (short-lived) and refresh token (long-lived) -4. Client stores tokens securely -5. Access token used for API requests -6. Refresh token used to obtain new access token - ---- - -## API Reference - -### Authentication Endpoints - -#### `POST /api/auth/register` -Register a new user account. - -**Request Body**: -```json -{ - "email": "string (required)", - "password": "string (required, min 8 chars)", - "name": "string (required)", - "role": "string (optional, default: 'user')" -} -``` - -**Response** (201 Created): -```json -{ - "user": { - "id": "uuid", - "email": "user@example.com", - "name": "John Doe", - "role": "user", - "createdAt": "2024-01-01T00:00:00Z" - }, - "tokens": { - "accessToken": "jwt_token", - "refreshToken": "refresh_token", - "expiresIn": 900 - } -} -``` - -**Error Responses**: -- `400 Bad Request`: Invalid input data -- `409 Conflict`: Email already exists - -#### `POST /api/auth/login` -Authenticate user and receive tokens. - -**Request Body**: -```json -{ - "email": "string (required)", - "password": "string (required)" -} -``` - -**Response** (200 OK): -```json -{ - "user": { - "id": "uuid", - "email": "user@example.com", - "name": "John Doe", - "role": "user" - }, - "tokens": { - "accessToken": "jwt_token", - "refreshToken": "refresh_token", - "expiresIn": 900 - } -} -``` - -**Error Responses**: -- `401 Unauthorized`: Invalid credentials -- `429 Too Many Requests`: Rate limit exceeded - -#### `POST /api/auth/refresh` -Refresh access token using refresh token. + +src/auth +@(Post|Get)\(['"]\/auth\/[^'"]+['"]|router\.(post|get)\(['"]\/auth\/[^'"]+['"] + + ]]> + +src +JWT_SECRET|JWT_EXPIRATION|AUTH_.*|process\.env\.\w*AUTH\w* + + ]]> + -**Request Body**: -```json -{ - "refreshToken": "string (required)" -} -``` + + Optional: Use semantic search for deeper insights + + +authentication error handling user feedback messages + + ]]> + Used when specific patterns don't capture all relevant error handling + -**Response** (200 OK): -```json -{ - "accessToken": "new_jwt_token", - "expiresIn": 900 -} + + Create comprehensive extraction report + +EXTRACTION-authentication-system.md + +# Authentication System - Feature Extraction Report + +## Executive Summary +The authentication system is a JWT-based security implementation that handles user registration, login, session management, and access control. It provides a comprehensive user experience with visual feedback, accessibility features, and robust error handling. + +## UI/UX Analysis + +### User Interface Components + +#### 1. Login Page (`src/components/LoginForm.tsx`) +**Visual Layout:** +- Centered card design with shadow (400px width) +- Company logo at top +- Form fields with floating labels +- Primary blue theme (#1976d2) + +**Interactive Elements:** +- Email input field + - Real-time validation (regex: /^[^\s@]+@[^\s@]+\.[^\s@]+$/) + - Error state: Red border and helper text + - Success state: Green checkmark icon +- Password field + - Show/hide toggle button (eye icon) + - Minimum 8 characters validation + - Caps lock warning indicator +- "Remember me" checkbox with 30-day persistence +- "Forgot password?" link (underlined on hover) +- Submit button + - Disabled state: Gray background until valid input + - Loading state: Spinner replaces text + - Success state: Checkmark animation + +**User Feedback:** +- Loading overlay with spinner during authentication +- Error messages appear with slide-down animation +- Success toast notification (3s duration) +- Form shake animation on error + +#### 2. Registration Form (`src/components/RegisterForm.tsx`) +**Multi-Step Design:** +- Progress bar showing 3 steps +- Smooth slide transitions between steps +- Back/Next navigation buttons + +**Step 1 - Account Info:** +- Email field with async availability check +- Password field with strength meter (5 levels) +- Password confirmation with match validation + +**Step 2 - Personal Info:** +- First/Last name fields +- Optional phone with format mask +- Country dropdown with flag icons + +**Step 3 - Terms & Submit:** +- Terms of service scrollable text +- Privacy policy link (opens modal) +- Checkbox required for submission +- Review summary before final submit + +**Visual Feedback:** +- Field validation on blur +- Progress saved in localStorage +- Success confetti animation +- Auto-redirect countdown (5s) + +#### 3. Session Management (`src/components/SessionManager.tsx`) +**Device List UI:** +- Card-based layout for each session +- Device icons (FontAwesome) + - fa-mobile for mobile + - fa-desktop for desktop + - fa-tablet for tablet +- Information displayed: + - Device name and browser + - IP address (partially masked) + - Last active (relative time) + - Location (city, country) + +**Interactive Features:** +- Current device highlighted with blue border +- Hover state shows "Revoke" button +- Confirmation modal with device details +- Bulk selection with checkboxes +- "Revoke All" with double confirmation + +### User Experience Elements + +#### Visual Patterns +**Theme System:** +```css +--primary-color: #1976d2; +--error-color: #d32f2f; +--success-color: #388e3c; +--warning-color: #f57c00; +--text-primary: rgba(0, 0, 0, 0.87); +--text-secondary: rgba(0, 0, 0, 0.6); ``` -#### `POST /api/auth/logout` -Invalidate refresh token. - -**Headers**: -- `Authorization: Bearer ` - -**Request Body**: -```json -{ - "refreshToken": "string (required)" -} +**Animations:** +- Page transitions: 300ms ease-in-out +- Button hover: scale(1.02) +- Error shake: 0.5s horizontal +- Success checkmark: SVG path animation +- Loading spinner: 1s rotation + +**Responsive Breakpoints:** +- Mobile: < 768px (single column) +- Tablet: 768px - 1024px +- Desktop: > 1024px + +#### Accessibility Features +**Keyboard Navigation:** +- Tab order follows visual flow +- Enter key submits forms +- Escape closes modals +- Arrow keys in dropdowns + +**Screen Reader Support:** +- ARIA labels on all inputs +- Live regions for errors +- Role attributes for custom components +- Descriptive button text + +**Visual Accessibility:** +- 4.5:1 contrast ratio minimum +- Focus indicators (2px outline) +- Error icons for colorblind users +- Scalable fonts (rem units) + +### User Workflows + +#### 1. First-Time Registration ``` - -**Response** (200 OK): -```json -{ - "message": "Logged out successfully" -} +Start → Landing Page → "Get Started" CTA + ↓ +Registration Form (Step 1) + → Email validation (async) + → Password strength check + → Real-time feedback + ↓ +Personal Info (Step 2) + → Optional fields clearly marked + → Format validation + ↓ +Terms Agreement (Step 3) + → Must scroll to enable checkbox + → Review summary + ↓ +Submit → Loading → Success + → Confetti animation + → Welcome email sent + → Auto-redirect (5s) + ↓ +Dashboard (First-time tour) ``` ---- - -## Configuration - -### Environment Variables - -| Variable | Type | Default | Description | -|----------|------|---------|-------------| -| `JWT_SECRET` | string | - | Secret key for signing JWT tokens (required) | -| `JWT_EXPIRATION` | string | '15m' | Access token expiration time | -| `REFRESH_TOKEN_EXPIRATION` | string | '7d' | Refresh token expiration time | -| `BCRYPT_ROUNDS` | number | 10 | Number of bcrypt hashing rounds | -| `AUTH_RATE_LIMIT` | number | 5 | Max login attempts per minute | -| `ENABLE_2FA` | boolean | false | Enable two-factor authentication | - -### Configuration File (auth.config.ts) -```typescript -export const authConfig = { - jwt: { - secret: process.env.JWT_SECRET, - signOptions: { - expiresIn: process.env.JWT_EXPIRATION || '15m', - issuer: 'your-app-name', - audience: 'your-app-users' - } - }, - bcrypt: { - rounds: parseInt(process.env.BCRYPT_ROUNDS || '10') - }, - session: { - maxDevices: 5, - inactivityTimeout: '30d' - } -}; +#### 2. Returning User Login ``` - ---- - -## Security - -### Authentication Flow -1. **Password Storage**: Passwords hashed using bcrypt with configurable rounds -2. **Token Security**: JWT tokens signed with RS256 algorithm -3. **Refresh Token Rotation**: New refresh token issued on each refresh -4. **Rate Limiting**: Prevents brute force attacks on login endpoint - -### Security Best Practices -- Store tokens securely (httpOnly cookies recommended) -- Implement CSRF protection for cookie-based auth -- Use HTTPS in production -- Rotate JWT secrets periodically -- Implement account lockout after failed attempts -- Enable 2FA for sensitive accounts - -### Common Vulnerabilities Addressed -- **SQL Injection**: Parameterized queries -- **XSS**: Input sanitization and validation -- **CSRF**: Token validation -- **Brute Force**: Rate limiting and account lockout -- **Token Hijacking**: Short expiration times and refresh rotation - ---- - -## User Guide - -### Registration Process -1. Navigate to registration page -2. Enter email, password, and name -3. Verify email (if enabled) -4. Login with credentials - -### Managing Sessions -- View active sessions in account settings -- Revoke sessions from other devices -- Set session timeout preferences - -### Password Management -- Change password from profile settings -- Reset forgotten password via email -- Password requirements: - - Minimum 8 characters - - At least one uppercase letter - - At least one number - - At least one special character - ---- - -## Developer Guide - -### Protecting Routes -```typescript -// Use AuthGuard decorator -@UseGuards(AuthGuard('jwt')) -@Get('protected') -async getProtectedData() { - return { data: 'This is protected' }; -} - -// Role-based protection -@UseGuards(AuthGuard('jwt'), RolesGuard) -@Roles('admin') -@Get('admin') -async getAdminData() { - return { data: 'Admin only' }; -} +Start → Login Page + ↓ +Enter Credentials + → Email autocomplete + → Password manager integration + → "Remember me" option + ↓ +Submit → Loading (avg 1.2s) + ↓ +Success → Dashboard + OR +Error → Inline feedback + → Retry with guidance + → "Forgot password?" option ``` -### Custom Authentication Logic -```typescript -// Extend AuthService -export class CustomAuthService extends AuthService { - async validateUser(email: string, password: string): Promise { - // Add custom validation logic - const user = await super.validateUser(email, password); - - // Additional checks - if (user.suspended) { - throw new UnauthorizedException('Account suspended'); - } - - return user; - } -} +#### 3. Password Reset Flow ``` - -### Testing Authentication -```typescript -describe('AuthController', () => { - it('should login user', async () => { - const response = await request(app.getHttpServer()) - .post('/auth/login') - .send({ - email: 'test@example.com', - password: 'TestPass123!' - }) - .expect(200); - - expect(response.body).toHaveProperty('tokens.accessToken'); - }); -}); +Login Page → "Forgot password?" + ↓ +Modal Dialog + → Email input + → Captcha (if multiple attempts) + ↓ +Submit → "Check email" message + ↓ +Email Received (< 1 min) + → Secure link (1hr expiry) + ↓ +Reset Page + → New password requirements shown + → Strength meter + → Confirmation field + ↓ +Submit → Success → Login redirect ``` ---- - -## Troubleshooting - -### Common Issues - -#### Invalid Token Error -**Problem**: "JsonWebTokenError: invalid token" -**Solutions**: -- Verify token format (Bearer prefix) -- Check token expiration -- Ensure JWT_SECRET matches - -#### Login Rate Limit -**Problem**: "429 Too Many Requests" -**Solutions**: -- Wait for rate limit window to reset -- Check AUTH_RATE_LIMIT configuration -- Implement exponential backoff - -#### CORS Issues -**Problem**: "Access blocked by CORS policy" -**Solutions**: -- Configure CORS middleware -- Add origin to allowed list -- Check preflight requests - -### Debug Mode -Enable debug logging: -```bash -DEBUG=auth:* npm start +## Technical Details + +### Core Components +1. **AuthController** (`src/auth/auth.controller.ts`) + - REST endpoints with validation decorators + - Rate limiting middleware + - CORS configuration + +2. **AuthService** (`src/auth/auth.service.ts`) + - JWT token generation/validation + - Bcrypt password hashing + - Session management logic + +3. **Security Implementation** + - JWT RS256 algorithm + - Refresh token rotation + - CSRF double-submit cookies + - XSS protection headers + +### API Endpoints +| Method | Endpoint | Description | Rate Limit | +|--------|----------|-------------|------------| +| POST | /auth/register | New user registration | 3/hour | +| POST | /auth/login | User authentication | 5/min | +| POST | /auth/refresh | Token refresh | 10/min | +| POST | /auth/logout | Session termination | None | +| GET | /auth/profile | Current user data | None | +| POST | /auth/reset-password | Password reset | 3/hour | + +### Configuration +```env +# Required +JWT_SECRET=minimum-32-character-secret +DATABASE_URL=postgresql://... + +# Optional with defaults +JWT_EXPIRATION=15m +REFRESH_TOKEN_EXPIRATION=7d +BCRYPT_ROUNDS=10 +SESSION_MAX_AGE=30d +MAX_SESSIONS_PER_USER=5 ``` -### Support -- GitHub Issues: [github.com/yourapp/issues](https://github.com/yourapp/issues) -- Documentation: [docs.yourapp.com/auth](https://docs.yourapp.com/auth) -- Email: support@yourapp.com - ---- - -## Changelog - -### v2.1.0 (2024-01-15) -- Added refresh token rotation -- Improved rate limiting -- Fixed security vulnerability in password reset - -### v2.0.0 (2023-12-01) -- Breaking: Changed token format -- Added 2FA support -- Improved session management - -### Migration Guide (v1.x to v2.x) -1. Update JWT_SECRET format -2. Run token migration script -3. Update client-side token handling - ---- - -## References -- [JWT.io](https://jwt.io) - JWT Documentation -- [OWASP Authentication Guide](https://owasp.org/www-project-cheat-sheets/cheatsheets/Authentication_Cheat_Sheet) -- [Passport.js Documentation](http://www.passportjs.org/docs/) +## Non-Technical Information + +### Business Rules +1. **Account Creation** + - Unique email required + - Password: 8+ chars, mixed case, number, special + - Email verification within 24 hours + - Terms acceptance mandatory + +2. **Session Management** + - Max 5 concurrent sessions + - Idle timeout: 30 minutes + - Absolute timeout: 7 days + - Device trust for 30 days + +3. **Security Policies** + - Account lockout: 5 failed attempts (15 min) + - Password history: Last 3 not reusable + - 2FA optional but recommended + - Suspicious login notifications + +### Common User Scenarios + +#### Mobile Experience +- Touch-optimized buttons (44px min) +- Biometric login (Face ID/Touch ID) +- Simplified navigation menu +- Offline detection with retry +- Push notification for new sessions + +#### Error Recovery +- Network timeout: Auto-retry with backoff +- Session expired: Smooth re-login flow +- Form errors: Contextual help text +- Server errors: Friendly messages with support link + +### Performance Metrics +- Login response: 200ms (p50), 500ms (p95) +- Page load: 1.2s (3G), 400ms (4G) +- Token validation: < 10ms +- Session check: < 50ms + +## Documentation Recommendations + +### Critical Areas for User Documentation +1. **Getting Started Guide** + - Screenshots of each registration step + - Common email provider settings + - Password manager setup + +2. **Troubleshooting Section** + - "Why can't I log in?" flowchart + - Browser compatibility matrix + - Cookie/JavaScript requirements + +3. **Security Best Practices** + - How to spot phishing attempts + - Importance of unique passwords + - When to revoke sessions + +### Developer Integration Guide +1. **API Authentication** + - Bearer token format + - Refresh token flow diagram + - Error response examples + +2. **SDK Examples** + - JavaScript/TypeScript + - Python + - Mobile (iOS/Android) + +## Integration Points +- Email service for password reset and notifications +- Session storage (Redis optional, in-memory default) +- Rate limiting middleware +- CORS configuration for cross-origin requests +- Logging service for audit trails + +## Summary for Documentation Team +This extraction report provides comprehensive details about the authentication system's current implementation. The system offers a complete user experience with visual feedback, accessibility features, and robust security measures. Key areas for user documentation include the multi-step registration process, session management features, and security policies. The technical implementation uses industry-standard JWT tokens with proper security measures. -450 +354 ]]> - Use semantic search to find related files. - Read multiple files for context. - Extract API docs from route definitions. - Use tests to understand behavior. - Document security measures. - Include troubleshooting for common errors. + Use flexible discovery methods - directory exploration and pattern search are primary tools + Comprehensive UI/UX analysis is essential for complete documentation + Document visual elements, interactions, and user feedback mechanisms + Include accessibility and responsive design considerations + Semantic search (codebase_search) is optional for deeper insights when needed + Organize findings to support documentation team's work - + - Extract documentation for database models, relationships, and migrations. + Verify user-provided documentation about authentication UI/UX against the actual implementation. - Find DB files - -database schema model entity migration table column relationship - - ]]> + User provides documentation to verify + + "Please verify our login documentation: + + 'The login form provides a seamless experience with instant validation. Users see a green checkmark when their email is valid. The password field includes a strength indicator. After 3 failed attempts, users must wait 5 minutes before trying again.'" + - Analyze models - -src/models -@(Entity|Table|Model)|class\s+\w+\s+extends\s+(Model|BaseEntity) - - ]]> + Analyze the documentation claims + + Claims to verify: + - Instant email validation with green checkmark + - Password strength indicator on login + - 3 failed attempts triggers 5-minute wait + - Extract relationships + Find login UI components using directory exploration + +src/components +false + + ]]> -src/models -@(OneToMany|ManyToOne|OneToOne|ManyToMany|BelongsTo|HasMany) +src/components +Login|SignIn|Auth.*Form +*.tsx ]]> - Document migrations + Examine login form implementation -migrations -true - + + + + src/components/LoginForm.tsx + + + src/components/LoginForm.css + + + ]]> + + - Email validation exists but shows red X, not green checkmark + - No password strength indicator on login form (only on registration) + - Account lockout is after 5 attempts, not 3 + - Lockout duration is 15 minutes, not 5 + - Generate schema documentation - - - Entity relationship diagrams - - Table schemas with column types - - Index definitions - - Foreign key constraints - - Migration history - - Query patterns and optimizations - - - - - - - - Extract comprehensive API documentation including all endpoints, - request/response formats, authentication, and examples. - - - - - Find all API routes + Verify validation behavior -src -(app|router)\.(get|post|put|patch|delete|all)\s*\(\s*['"`]([^'"`]+)['"`] +src/components +validateEmail|emailValid|checkmark|strength.*indicator ]]> - - - - Extract request validation -src -@(Body|Query|Param|Headers)\(|joi\.object|yup\.object|zod\.object +src/auth +failed.*attempts|lockout|rate.*limit ]]> - - Find response schemas + + Create verification report -src -@ApiResponse|swagger|openapi|response\.json\(|res\.send\( - - ]]> - + +VERIFICATION-login-documentation.md + +# Login Documentation - Verification Report + +## Overall Assessment: Needs Significant Updates + +## Summary +The login documentation contains several inaccuracies about the UI/UX implementation that could confuse users and lead to poor user experience. + +## Critical Inaccuracies + +### 1. Email Validation Feedback +**Documentation States**: "Users see a green checkmark when their email is valid" +**Actual Implementation**: Red X icon for invalid emails, no positive feedback +- Location: `src/components/LoginForm.tsx:45-52` +- Current behavior: Only shows error states +- Missing: Success indicator implementation +- **Impact**: Users don't get positive reinforcement for correct input + +### 2. Password Strength Indicator +**Documentation States**: "The password field includes a strength indicator" +**Actual Implementation**: No strength indicator on login form +- Location: Checked `src/components/LoginForm.tsx` +- Strength indicator only exists in `RegisterForm.tsx` +- Login form has basic password field only +- **Impact**: Sets incorrect user expectations + +### 3. Failed Login Attempts +**Documentation States**: "After 3 failed attempts, users must wait 5 minutes" +**Actual Implementation**: 5 attempts, 15-minute lockout +- Location: `src/auth/services/auth.service.ts:234` +- Code: `MAX_LOGIN_ATTEMPTS = 5` +- Code: `LOCKOUT_DURATION = 15 * 60 * 1000 // 15 minutes` +- **Impact**: Users may be confused about actual security policy + +## UI/UX Elements Found But Not Documented + +### 1. Loading States +- Spinner overlay during authentication +- Button disabled state during submission +- These improve perceived performance + +### 2. Remember Me Feature +- 30-day persistent session option +- Stored in secure cookie +- Not mentioned in documentation + +### 3. Caps Lock Warning +- Visual indicator when caps lock is on +- Helps prevent login failures +- Important accessibility feature + +## Recommendations + +### Immediate Corrections Needed +1. **Email Validation**: + ``` + CORRECT: "The email field shows a red error icon for invalid formats. Valid emails are accepted without visual confirmation." + ``` - - Document authentication requirements - -src -@(UseGuards|Authorized|Public)|passport\.authenticate|requireAuth - - ]]> - +2. **Password Features**: + ``` + CORRECT: "The login form has a standard password field with show/hide toggle. Password strength indicators are only shown during registration." + ``` - - Generate OpenAPI/Swagger documentation - - - OpenAPI 3.0 specification - - Postman collection - - API client examples - - cURL commands - - SDK usage examples - +3. **Security Policy**: + ``` + CORRECT: "After 5 failed login attempts, accounts are temporarily locked for 15 minutes to prevent brute force attacks." + ``` + +### Suggested Additions +1. Document the loading states and visual feedback +2. Explain the "Remember Me" functionality +3. Mention the Caps Lock warning feature +4. Add screenshots of actual UI states + +## Technical References +- Login Form Component: `src/components/LoginForm.tsx` +- Styles: `src/components/LoginForm.css` +- Auth Service: `src/auth/services/auth.service.ts` +- Rate Limiting: `src/middleware/rateLimiter.ts` + +## Visual Discrepancies +- Documentation implies more visual feedback than implemented +- Color scheme in docs doesn't match actual theme +- Missing documentation for error message styling + +## Conclusion +The documentation needs updates to accurately reflect the current login experience. The actual implementation is more security-focused (5 attempts, 15-min lockout) but less visually rich (no success indicators) than documented. + +95 + + ]]> + + + Always verify UI/UX claims against actual component implementation + Check both visual elements and behavioral logic + Look for undocumented features that users might expect + Provide specific corrections with code references + Consider the impact of inaccuracies on user experience + - + - Document React/Vue/Angular components including props, events, - slots, styling, and usage examples. + Extract comprehensive API documentation including endpoints, request/response formats, and error handling. - Find component files + Discover API structure using flexible methods -src/components -export\s+(default\s+)?(function|class|const)\s+\w+|@Component -*.tsx - + + +src +false + + ]]> + +src/api +true + ]]> - Extract component props/inputs + Find all API routes using pattern search -src/components -interface\s+\w+Props|type\s+\w+Props|@Input\(\)|props:\s*{ +src +(app|router)\.(get|post|put|patch|delete|all)\s*\(\s*['"`]([^'"`]+)['"`] ]]> - Find component usage examples + Extract request validation schemas src - +@(Body|Query|Param|Headers)\(|joi\.object|yup\.object|zod\.object ]]> - Document styling and themes + Analyze error handling and responses -src/components -styled\.|makeStyles|@apply|className=|style= +src +@ApiResponse|response\.status\(|res\.status\(|throw new.*Error ]]> - Extract Storybook stories + Optional: Semantic search for middleware and auth -src -export\s+default\s+{.*title:|\.stories\. -*.stories.tsx - + + +API middleware authentication authorization guards + ]]> - Generate component documentation + Generate API extraction report - - Component API reference - - Props table with types and defaults - - Event documentation - - Styling guidelines - - Usage examples - - Accessibility notes - - Browser compatibility + - Complete endpoint inventory with methods and paths + - Request/response schemas with examples + - Authentication requirements per endpoint + - Rate limiting and throttling rules + - Error response formats and codes + - API versioning strategy - + - Document all configuration options, environment variables, - feature flags, and their impacts on system behavior. + Document a React component library including props, styling, accessibility, and usage patterns. - Find configuration files + Discover component structure -. -false +src/components +true ]]> - - - .env.example - - config/ - - settings.json - - app.config.ts - - Extract environment variables + Analyze component interfaces and props -. -process\.env\.(\w+)|getenv\(['"](\w+)['"]\) +src/components +interface\s+\w+Props|type\s+\w+Props|export\s+(default\s+)?function|export\s+const +*.tsx ]]> - Find feature flags + Extract styling and theme usage -src -feature\.|featureFlag|isEnabled\(['"]|flags\. +src/components +styled\.|makeStyles|className=|sx=|css= ]]> - Document configuration impacts - - - How each config affects behavior - - Dependencies between configs - - Performance implications - - Security considerations - - Default values and overrides - + Document accessibility features + +src/components +aria-|role=|tabIndex|alt=|htmlFor= + + ]]> - Generate configuration guide - - - Complete configuration reference - - Environment setup guide - - Docker/Kubernetes configs - - CI/CD pipeline variables - - Production deployment checklist - - - - - - - Review a user-provided documentation section for accuracy against the codebase - and provide recommendations for improvement in the chat. - - - - User provides documentation for review - - "Here's our current draft for the JWT_SECRET setting. Can you check it for accuracy? 'The `JWT_SECRET` is an optional key for enhancing security.'" - - - - Analyze relevant code + Find usage examples and stories -JWT_SECRET configuration implementation - + +src +\.stories\.|\.story\.|examples?/|demo/ +*.tsx + ]]> - - - Code where `JWT_SECRET` is read (e.g., `process.env.JWT_SECRET`) - - Logic that fails if the secret is missing - - Default values or error handling related to the secret - - - Formulate and provide feedback in chat - - -I have reviewed the documentation section provided for the `JWT_SECRET` setting. Here are my recommendations for improvement: - -**Overall Assessment**: The current draft is critically inaccurate and could lead to security vulnerabilities if followed. - -**Recommendations for Improvement**: - -* **Critical Inaccuracy**: - * The documentation states that `JWT_SECRET` is optional. However, the application will fail to start if it is not provided. It is a **required** setting for the application to function securely. - * **Suggestion**: "The `JWT_SECRET` is a **required** environment variable used to sign and verify JSON Web Tokens. The application will not run without it." -This feedback can be copied and pasted for your documentation team. - - - ]]> - No file is written. The feedback is provided directly to the user in the chat interface. + + Create component library report + + - Component hierarchy and relationships + - Props documentation with types and defaults + - Styling system and customization options + - Accessibility compliance checklist + - Interactive examples and code snippets + - Best practices and anti-patterns + - Browser compatibility notes + - - - - Ensure all aspects are documented - - Technical implementation details - Business logic and rules - User workflows and journeys - API specifications - Configuration options - Security measures - Performance characteristics - Error handling - Testing strategies - Deployment procedures - - - - - Tailor content for different readers - - - Focus on how-to guides and troubleshooting - - - Include code examples and technical details - - - Emphasize configuration and maintenance - - - Highlight business value and metrics - - - - - Create documentation that's easy to update + + + Use the most appropriate discovery method - Use clear section headers - Include version information - Add last-updated timestamps - Cross-reference related sections - Provide migration guides + Start with directory exploration for well-organized codebases + Use pattern search for specific syntax or naming conventions + Apply file-based search when you know exact locations + Reserve semantic search for complex conceptual queries - - Include practical examples throughout - - Code snippets with syntax highlighting - API request/response pairs - Configuration examples - Command-line usage - Error scenarios and solutions - + + Ensure complete UI/UX documentation + + Visual design and layout + Interactive elements and states + User feedback mechanisms + Accessibility features + Responsive behavior + Animation and transitions + Error states and recovery + Loading and progress indicators + - - - - Table of contents with working links - All sections properly formatted - Code examples are syntactically correct - No placeholder text remaining - Version information included - Cross-references are valid - Metadata is complete - File follows naming convention - - + + Verify all aspects of documentation claims + + Technical accuracy of code examples + UI element descriptions match implementation + User workflows reflect actual behavior + Configuration values are current + Error messages match code + Performance claims are realistic + + + \ No newline at end of file diff --git a/.roo/rules-docs-extractor/6_communication_guidelines.xml b/.roo/rules-docs-extractor/6_communication_guidelines.xml index 908b1fcfb6..8691f2519c 100644 --- a/.roo/rules-docs-extractor/6_communication_guidelines.xml +++ b/.roo/rules-docs-extractor/6_communication_guidelines.xml @@ -61,29 +61,48 @@ Warn about complex dependency chains. - - + + + + @@ -204,43 +223,55 @@ Status: Stable - Summary of documented feature. - Key findings. - File location. - Next step suggestions (if applicable). + Summary of analysis performed. + Key findings or issues identified. + Report file location. + Recommended next steps. - - +**Technical Summary**: +- JWT-based authentication with refresh tokens +- 5 API endpoints (login, logout, refresh, register, profile) +- 12 configuration options +- bcrypt password hashing, rate limiting + +**Non-Technical Summary**: +- Users can register, login, and manage sessions +- Supports "remember me" functionality +- Automatic session refresh for seamless experience +- Account lockout after failed attempts + +**Documentation Considerations**: +- Token expiration times need clear explanation +- Password requirements should be prominently displayed +- Error messages need user-friendly translations + +The extraction report contains all details needed for comprehensive documentation. + ]]> + + diff --git a/.roomodes b/.roomodes index 46229bd269..a5e3fd7443 100644 --- a/.roomodes +++ b/.roomodes @@ -90,9 +90,18 @@ customModes: source: project - slug: docs-extractor name: 📚 Docs Extractor - roleDefinition: You are Roo, a comprehensive documentation extraction specialist focused on analyzing and documenting all technical and non-technical information about features and components within codebases. - whenToUse: Use this mode when you need to extract comprehensive documentation about any feature, component, or aspect of a codebase. - description: Extract comprehensive documentation. + roleDefinition: |- + You are Roo, a documentation analysis specialist with two primary functions: + 1. Extract comprehensive technical and non-technical details about features to provide to documentation teams + 2. Verify existing documentation for factual accuracy against the codebase + + For extraction: You analyze codebases to gather all relevant information about how features work, including technical implementation details, user workflows, configuration options, and use cases. You organize this information clearly for documentation teams to use. + + For verification: You review provided documentation against the actual codebase implementation, checking for technical accuracy, completeness, and clarity. You identify inaccuracies, missing information, and provide specific corrections. + + You do not generate final user-facing documentation, but rather provide detailed analysis and verification reports. + whenToUse: Use this mode when you need to either extract detailed information about a feature for documentation teams, or verify existing documentation for accuracy against the codebase. + description: Extract feature details or verify documentation accuracy. groups: - read - - edit