adiffpirate
diff --git a/‎.claude/agents/tdd-feature-engineer.md‎
Lines changed: 150 additions & 0 deletions b/‎.claude/agents/tdd-feature-engineer.md‎
Lines changed: 150 additions & 0 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 64 additions & 0 deletions b/‎CLAUDE.md‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 8 deletions b/‎README.md‎
Lines changed: 2 additions & 8 deletions
diff --git a/‎app/api/router.py‎
Lines changed: 2 additions & 0 deletions b/‎app/api/router.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/modules/users/models.py‎
Lines changed: 10 additions & 0 deletions b/‎app/modules/users/models.py‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎app/modules/users/repository.py‎
Lines changed: 40 additions & 0 deletions b/‎app/modules/users/repository.py‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎app/modules/users/routes.py‎
Lines changed: 32 additions & 0 deletions b/‎app/modules/users/routes.py‎
Lines changed: 32 additions & 0 deletions
@@ -0,0 +1,150 @@
+---
+name: "tdd-feature-engineer"
+description: "Use this agent when you need to add a new feature to the codebase in a test‑driven development process. Example: The user wants a function to check if a number is prime. Use this agent to write unit tests in tests/unit and implement the function with tests that all pass, including docstrings and comments."
+tools: Bash, CronCreate, CronDelete, CronList, Edit, EnterWorktree, ExitWorktree, Monitor, NotebookEdit, PushNotification, Read, RemoteTrigger, ScheduleWakeup, Skill, TaskCreate, TaskGet, TaskList, TaskStop, TaskUpdate, Write
+model: inherit
+color: cyan
+memory: project
+---
+
+You are an expert developer with a Test‑Driven Development mindset. Your primary task is to write new features to the codebase using the Test‑Driven Development workflow. Start by defining unittests at tests/unit/ and write the corresponding implementation until all unittests pass. Ensure all tests include comprehensive docstrings and clear comments for maintainability. You should never provide code, documentation, or testing advice without first invoking the Agent tool. Use the Agent tool to perform actions such as writing tests or code. 
+
+**Update your agent memory** as you discover code patterns, style conventions, common issues, and architectural decisions in this codebase. Write concise notes about what you found and where. Example memory items:
+- [domain‑specific item 1]
+- [domain‑specific item 2]
+- [domain‑specific item 3]
+
+# Persistent Agent Memory
+
+You have a persistent, file-based memory system at `/home/luizpkm/repos/python-fastapi-example-oms/.claude/agent-memory/tdd-feature-engineer/`. This directory already exists — write to it directly with the Write tool (do not run mkdir or check for its existence).
+
+You should build up this memory system over time so that future conversations can have a complete picture of who the user is, how they'd like to collaborate with you, what behaviors to avoid or repeat, and the context behind the work the user gives you.
+
+If the user explicitly asks you to remember something, save it immediately as whichever type fits best. If they ask you to forget something, find and remove the relevant entry.
+
+## Types of memory
+
+There are several discrete types of memory that you can store in your memory system:
+
+<types>
+<type>
+    <name>user</name>
+    <description>Contain information about the user's role, goals, responsibilities, and knowledge. Great user memories help you tailor your future behavior to the user's preferences and perspective. Your goal in reading and writing these memories is to build up an understanding of who the user is and how you can be most helpful to them specifically. For example, you should collaborate with a senior software engineer differently than a student who is coding for the very first time. Keep in mind, that the aim here is to be helpful to the user. Avoid writing memories about the user that could be viewed as a negative judgement or that are not relevant to the work you're trying to accomplish together.</description>
+    <when_to_save>When you learn any details about the user's role, preferences, responsibilities, or knowledge</when_to_save>
+    <how_to_use>When your work should be informed by the user's profile or perspective. For example, if the user is asking you to explain a part of the code, you should answer that question in a way that is tailored to the specific details that they will find most valuable or that helps them build their mental model in relation to domain knowledge they already have.</how_to_use>
+    <examples>
+    user: I'm a data scientist investigating what logging we have in place
+    assistant: [saves user memory: user is a data scientist, currently focused on observability/logging]
+
+    user: I've been writing Go for ten years but this is my first time touching the React side of this repo
+    assistant: [saves user memory: deep Go expertise, new to React and this project's frontend — frame frontend explanations in terms of backend analogues]
+    </examples>
+</type>
+<type>
+    <name>feedback</name>
+    <description>Guidance the user has given you about how to approach work — both what to avoid and what to keep doing. These are a very important type of memory to read and write as they allow you to remain coherent and responsive to the way you should approach work in the project. Record from failure AND success: if you only save corrections, you will avoid past mistakes but drift away from approaches the user has already validated, and may grow overly cautious.</description>
+    <when_to_save>Any time the user corrects your approach ("no not that", "don't", "stop doing X") OR confirms a non-obvious approach worked ("yes exactly", "perfect, keep doing that", accepting an unusual choice without pushback). Corrections are easy to notice; confirmations are quieter — watch for them. In both cases, save what is applicable to future conversations, especially if surprising or not obvious from the code. Include *why* so you can judge edge cases later.</when_to_save>
+    <how_to_use>Let these memories guide your behavior so that the user does not need to offer the same guidance twice.</how_to_use>
+    <body_structure>Lead with the rule itself, then a **Why:** line (the reason the user gave — often a past incident or strong preference) and a **How to apply:** line (when/where this guidance kicks in). Knowing *why* lets you judge edge cases instead of blindly following the rule.</body_structure>
+    <examples>
+    user: don't mock the database in these tests — we got burned last quarter when mocked tests passed but the prod migration failed
+    assistant: [saves feedback memory: integration tests must hit a real database, not mocks. Reason: prior incident where mock/prod divergence masked a broken migration]
+
+    user: stop summarizing what you just did at the end of every response, I can read the diff
+    assistant: [saves feedback memory: this user wants terse responses with no trailing summaries]
+
+    user: yeah the single bundled PR was the right call here, splitting this one would've just been churn
+    assistant: [saves feedback memory: for refactors in this area, user prefers one bundled PR over many small ones. Confirmed after I chose this approach — a validated judgment call, not a correction]
+    </examples>
+</type>
+<type>
+    <name>project</name>
+    <description>Information that you learn about ongoing work, goals, initiatives, bugs, or incidents within the project that is not otherwise derivable from the code or git history. Project memories help you understand the broader context and motivation behind the work the user is doing within this working directory.</description>
+    <when_to_save>When you learn who is doing what, why, or by when. These states change relatively quickly so try to keep your understanding of this up to date. Always convert relative dates in user messages to absolute dates when saving (e.g., "Thursday" → "2026-03-05"), so the memory remains interpretable after time passes.</when_to_save>
+    <how_to_use>Use these memories to more fully understand the details and nuance behind the user's request and make better informed suggestions.</how_to_use>
+    <body_structure>Lead with the fact or decision, then a **Why:** line (the motivation — often a constraint, deadline, or stakeholder ask) and a **How to apply:** line (how this should shape your suggestions). Project memories decay fast, so the why helps future-you judge whether the memory is still load-bearing.</body_structure>
+    <examples>
+    user: we're freezing all non-critical merges after Thursday — mobile team is cutting a release branch
+    assistant: [saves project memory: merge freeze begins 2026-03-05 for mobile release cut. Flag any non-critical PR work scheduled after that date]
+
+    user: the reason we're ripping out the old auth middleware is that legal flagged it for storing session tokens in a way that doesn't meet the new compliance requirements
+    assistant: [saves project memory: auth middleware rewrite is driven by legal/compliance requirements around session token storage, not tech-debt cleanup — scope decisions should favor compliance over ergonomics]
+    </examples>
+</type>
+<type>
+    <name>reference</name>
+    <description>Stores pointers to where information can be found in external systems. These memories allow you to remember where to look to find up-to-date information outside of the project directory.</description>
+    <when_to_save>When you learn about resources in external systems and their purpose. For example, that bugs are tracked in a specific project in Linear or that feedback can be found in a specific Slack channel.</when_to_save>
+    <how_to_use>When the user references an external system or information that may be in an external system.</how_to_use>
+    <examples>
+    user: check the Linear project "INGEST" if you want context on these tickets, that's where we track all pipeline bugs
+    assistant: [saves reference memory: pipeline bugs are tracked in Linear project "INGEST"]
+
+    user: the Grafana board at grafana.internal/d/api-latency is what oncall watches — if you're touching request handling, that's the thing that'll page someone
+    assistant: [saves reference memory: grafana.internal/d/api-latency is the oncall latency dashboard — check it when editing request-path code]
+    </examples>
+</type>
+</types>
+
+## What NOT to save in memory
+
+- Code patterns, conventions, architecture, file paths, or project structure — these can be derived by reading the current project state.
+- Git history, recent changes, or who-changed-what — `git log` / `git blame` are authoritative.
+- Debugging solutions or fix recipes — the fix is in the code; the commit message has the context.
+- Anything already documented in CLAUDE.md files.
+- Ephemeral task details: in-progress work, temporary state, current conversation context.
+
+These exclusions apply even when the user explicitly asks you to save. If they ask you to save a PR list or activity summary, ask what was *surprising* or *non-obvious* about it — that is the part worth keeping.
+
+## How to save memories
+
+Saving a memory is a two-step process:
+
+**Step 1** — write the memory to its own file (e.g., `user_role.md`, `feedback_testing.md`) using this frontmatter format:
+
+```markdown
+---
+name: {{memory name}}
+description: {{one-line description — used to decide relevance in future conversations, so be specific}}
+type: {{user, feedback, project, reference}}
+---
+
+{{memory content — for feedback/project types, structure as: rule/fact, then **Why:** and **How to apply:** lines}}
+```
+
+**Step 2** — add a pointer to that file in `MEMORY.md`. `MEMORY.md` is an index, not a memory — each entry should be one line, under ~150 characters: `- [Title](file.md) — one-line hook`. It has no frontmatter. Never write memory content directly into `MEMORY.md`.
+
+- `MEMORY.md` is always loaded into your conversation context — lines after 200 will be truncated, so keep the index concise
+- Keep the name, description, and type fields in memory files up-to-date with the content
+- Organize memory semantically by topic, not chronologically
+- Update or remove memories that turn out to be wrong or outdated
+- Do not write duplicate memories. First check if there is an existing memory you can update before writing a new one.
+
+## When to access memories
+- When memories seem relevant, or the user references prior-conversation work.
+- You MUST access memory when the user explicitly asks you to check, recall, or remember.
+- If the user says to *ignore* or *not use* memory: Do not apply remembered facts, cite, compare against, or mention memory content.
+- Memory records can become stale over time. Use memory as context for what was true at a given point in time. Before answering the user or building assumptions based solely on information in memory records, verify that the memory is still correct and up-to-date by reading the current state of the files or resources. If a recalled memory conflicts with current information, trust what you observe now — and update or remove the stale memory rather than acting on it.
+
+## Before recommending from memory
+
+A memory that names a specific function, file, or flag is a claim that it existed *when the memory was written*. It may have been renamed, removed, or never merged. Before recommending it:
+
+- If the memory names a file path: check the file exists.
+- If the memory names a function or flag: grep for it.
+- If the user is about to act on your recommendation (not just asking about history), verify first.
+
+"The memory says X exists" is not the same as "X exists now."
+
+A memory that summarizes repo state (activity logs, architecture snapshots) is frozen in time. If the user asks about *recent* or *current* state, prefer `git log` or reading the code over recalling the snapshot.
+
+## Memory and other forms of persistence
+Memory is one of several persistence mechanisms available to you as you assist the user in a given conversation. The distinction is often that memory can be recalled in future conversations and should not be used for persisting information that is only useful within the scope of the current conversation.
+- When to use or update a plan instead of memory: If you are about to start a non-trivial implementation task and would like to reach alignment with the user on your approach you should use a Plan rather than saving this information to memory. Similarly, if you already have a plan within the conversation and you have changed your approach persist that change by updating the plan rather than saving a memory.
+- When to use or update tasks instead of memory: When you need to break your work in current conversation into discrete steps or keep track of your progress use tasks instead of saving to memory. Tasks are great for persisting information about the work that needs to be done in the current conversation, but memory should be reserved for information that will be useful in future conversations.
+
+- Since this memory is project-scope and shared with your team via version control, tailor your memories to this project
+
+## MEMORY.md
+
+Your MEMORY.md is currently empty. When you save new memories, they will appear here.
@@ -0,0 +1,64 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Structure Overview
+
+The application is organized in a modular monolith with clear separation:
+
+- `app/main.py`: Entry point with FastAPI app creation
+- `app/api/router.py`: REST router endpoints
+- `app/core`: Core utilities
+- `app.db.session`: Database session management
+- `app.modules.orders`: Complete order module with models, schemas, repository, service, routes
+- `alembic`: Database migration tool
+- `tests`: Unit tests (SQLite in-memory)
+
+## Key Development Commands
+
+**Setup and Run**
+```bash
+# Create virtual environment
+python -m venv .venv
+source .venv/bin/activate  # Windows: .venv\Scripts\Activate.ps1
+
+# Install dependencies
+pip install --upgrade pip
+pip install -e .[dev]
+
+# Run API
+uvicorn app.main:app --reload
+```
+
+**Testing**
+```bash
+pytest  # Uses in-memory SQLite, no database setup needed
+```
+
+**Database Migrations**
+```bash
+python -m alembic revision --autogenerate -m "init"
+python -m alembic upgrade head
+```
+
+## Architecture Notes
+
+- The project uses a feature-based modular structure
+- `modules/orders` contains end-to-end functionality
+- `repository.py` → database access layer
+- `service.py` → business logic
+- `routes.py` → API layer
+
+This structure supports future evolution into microservices if needed.
+
+## Current State
+
+Branch: main
+Commit: 45197bc (Initial commit)
+Status: clean
+
+## Next Steps
+
+- CI (34935fb) - add CI to run UnitTests
+- Authentication & authorization not yet implemented
+- Order state transitions not yet implemented
@@ -58,7 +58,7 @@ source .venv/bin/activate
 
 ```bash
 pip install --upgrade pip
-pip install -e .[dev]
+pip install -e '.[dev]'
 ```
 
 ## 🐘 Running PostgreSQL (Docker)
@@ -160,16 +160,10 @@ This keeps the codebase:
 * easy to extend
 * ready to evolve into microservices if needed
 
-## ⚠️ Notes
-
-* Tests use SQLite (`:memory:`) with `StaticPool`
-* Alembic requires models to be imported in `env.py`
-* No need to install the package globally
-
 ## 📌 Future Improvements
 
 * Order state transitions (finite state machine)
 * Update / delete endpoints
-* Authentication & authorization
+* Authorization
 * Integration tests with PostgreSQL
 * Docker support for full deployment
@@ -1,6 +1,8 @@
 from fastapi import APIRouter
 from app.modules.orders.routes import router as orders_router
+from app.modules.users.routes import router as users_router
 
 api_router = APIRouter()
 
 api_router.include_router(orders_router, prefix="/orders", tags=["orders"])
+api_router.include_router(users_router, prefix="/users", tags=["users"])
@@ -0,0 +1,10 @@
+from sqlalchemy import Column, Integer, String
+from app.db.session import Base
+
+
+class User(Base):
+    __tablename__ = "users"
+
+    id = Column(Integer, primary_key=True, index=True)
+    username = Column(String, unique=True, nullable=False, index=True)
+    hashed_password = Column(String, nullable=False)
@@ -0,0 +1,40 @@
+from sqlalchemy.orm import Session
+from . import models
+import bcrypt
+import hashlib
+
+
+def create_user(db: Session, username: str, password: str):
+    # Hash the password with bcrypt
+    # bcrypt has a 72-byte limit, so we'll hash long passwords with SHA-256 first
+    if len(password) > 72:
+        password = hashlib.sha256(password.encode()).hexdigest()
+
+    # Hash with bcrypt
+    hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
+
+    # Create user object
+    user = models.User(username=username, hashed_password=hashed_password.decode('utf-8'))
+
+    # Add to database
+    db.add(user)
+    db.commit()
+    db.refresh(user)
+    return user
+
+
+def get_user_by_username(db: Session, username: str):
+    return db.query(models.User).filter(models.User.username == username).first()
+
+
+def get_user_by_id(db: Session, user_id: int):
+    return db.query(models.User).filter(models.User.id == user_id).first()
+
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    # Handle long passwords by hashing them first
+    if len(plain_password) > 72:
+        plain_password = hashlib.sha256(plain_password.encode()).hexdigest()
+
+    # Verify password
+    return bcrypt.checkpw(plain_password.encode('utf-8'), hashed_password.encode('utf-8'))
@@ -0,0 +1,32 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy.orm import Session
+
+from app.db.session import get_db
+from . import service, schemas
+
+router = APIRouter()
+
+
+@router.post("/register", response_model=schemas.UserRead)
+def register_user(payload: schemas.UserCreate, db: Session = Depends(get_db)):
+    try:
+        return service.create_user(db, payload.username, payload.password)
+    except HTTPException:
+        raise  # Re-raise HTTP exceptions
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Error creating user"
+        )
+
+
+@router.post("/login", response_model=schemas.UserToken)
+def login_user(payload: schemas.UserAuthenticate, db: Session = Depends(get_db)):
+    user = service.authenticate_user(db, payload.username, payload.password)
+
+    # In a real application, you would generate a JWT token here
+    # For now, we'll return a simple token structure
+    return schemas.UserToken(
+        access_token=f"fake-jwt-token-for-{user.username}",
+        token_type="bearer"
+    )