docs(c4): add C4-PlantUML diagram files for all architecture views #450

Merged

marcel merged 34 commits from docs/post-refactor-accuracy-audit into main 2026-05-06 22:52:39 +02:00

Conversation 7 Commits 34 Files Changed 18 +927 -97

marcel commented 2026-05-06 22:36:25 +02:00

Owner

Copy Link

Summary

• Adds 15 standalone .puml files in docs/architecture/c4/ — one per C4 diagram (L1 context, L2 containers, 7 L3 backend sub-diagrams, 4 L3 frontend sub-diagrams, 2 sequence diagrams)
• Each file uses !include <C4/C4_*> from the stdlib bundled in the self-hosted PlantUML server (http://heim-nas:8500) — no external fetches
• Adds docs/architecture/c4/README.md with a file index and VS Code rendering instructions
• Configures .vscode/settings.json to point the PlantUML extension at the shared server (Alt+D to preview any .puml file)
• docs/architecture/c4-diagrams.md is left unchanged — Mermaid blocks stay for native Gitea inline rendering; the .puml files exist for layout-accurate C4-PlantUML rendering in VS Code and when browsed directly in Gitea

Why both formats

Gitea's external renderer handles whole files but not code fences inside Markdown. Mermaid renders natively inline; PlantUML does not. The .puml files solve the arrow-layout problem via C4-PlantUML's directional hints while keeping Gitea inline rendering working via Mermaid.

Test plan

• Open any .puml file in VS Code with the PlantUML extension installed → Alt+D renders diagram via http://heim-nas:8500
• Browse any .puml file in Gitea → renders as a diagram (Gitea already configured)
• docs/architecture/c4-diagrams.md still renders Mermaid diagrams inline in Gitea

🤖 Generated with Claude Code

## Summary - Adds 15 standalone `.puml` files in `docs/architecture/c4/` — one per C4 diagram (L1 context, L2 containers, 7 L3 backend sub-diagrams, 4 L3 frontend sub-diagrams, 2 sequence diagrams) - Each file uses `!include <C4/C4_*>` from the stdlib bundled in the self-hosted PlantUML server (`http://heim-nas:8500`) — no external fetches - Adds `docs/architecture/c4/README.md` with a file index and VS Code rendering instructions - Configures `.vscode/settings.json` to point the PlantUML extension at the shared server (`Alt+D` to preview any `.puml` file) - `docs/architecture/c4-diagrams.md` is left unchanged — Mermaid blocks stay for native Gitea inline rendering; the `.puml` files exist for layout-accurate C4-PlantUML rendering in VS Code and when browsed directly in Gitea ## Why both formats Gitea's external renderer handles whole files but not code fences inside Markdown. Mermaid renders natively inline; PlantUML does not. The `.puml` files solve the arrow-layout problem via C4-PlantUML's directional hints while keeping Gitea inline rendering working via Mermaid. ## Test plan - [ ] Open any `.puml` file in VS Code with the PlantUML extension installed → `Alt+D` renders diagram via `http://heim-nas:8500` - [ ] Browse any `.puml` file in Gitea → renders as a diagram (Gitea already configured) - [ ] `docs/architecture/c4-diagrams.md` still renders Mermaid diagrams inline in Gitea 🤖 Generated with [Claude Code](https://claude.com/claude-code)

marcel added 34 commits 2026-05-06 22:36:27 +02:00

docs(c4): split L3 monolith diagrams into five focused sub-diagrams ... aff15fd208

Backend L3 split into 3a (Security & Auth), 3b (Document/File/Import),
3c (People/Users/Groups). Frontend L3 split into 3a (Middleware/Auth/Layout)
and 3b (Pages & Shared Components). Each sub-diagram stays within dagre's
clean-layout range (5–10 components, 6–12 relationships).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): update L1 personas and L2 frontend container description d4eb0edfe1

docs(c4): fix 3a security — email field, permitted endpoints d51c5e9b80

docs(c4): update 3b document domain — descriptions, batch ops, FTS, presigned URLs 1e3423934c

docs(c4): add 3b.2 transcription pipeline — annotations, blocks, comments 04b2b33d7f

docs(c4): restructure 3c users/groups, add 3c.2 persons and family graph dbbb989aa6

docs(c4): add 3d OCR orchestration and 3e supporting domains f744e8c59d

docs(c4): update frontend 3a — hooks layers, add register/forgot/reset routes be40cc0f38

docs(c4): rewrite frontend 3b, add 3c people/stories/discovery, add 3d admin/help ... e1f66e2e65

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): fix diagram 3c service layer and add missing 3e components ... 42c6e58d36

- diagram 3c: GroupController delegates to UserService (not groupRepo directly)
- diagram 3c: add TagService; TagController delegates to TagService (not tagRepo)
- diagram 3e: add DashboardController serving /api/dashboard/resume|pulse|activity
- diagram 3e: add StatsService; StatsController delegates to StatsService

Addresses blocker feedback from Markus, Felix, and Elicit in PR #448 review.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs: remove accidentally committed spec file ... 18a7ee1fa5

Spec file was pre-staged from a prior session and bundled into the previous commit. Specs belong in Gitea issues, not committed to the repo.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): fix service layer relationships in diagrams 3b and 3b.2 ... 83c3d85b00

Diagram 3b: DocumentService calls PersonService and TagService, not
their repositories directly. Replace personRepo/tagRepo cross-ref
stubs with personSvc/tagSvc to accurately reflect the layering rule.

Diagram 3b.2: TranscriptionService, AnnotationService, and
CommentService each use a JPA repository, not JDBC directly. Add
TranscriptionBlockRepository, AnnotationRepository, and
CommentRepository components and route the service→repo→db chain.
TranscriptionQueueService delegates to DocumentService and
AuditLogQueryService (no repo of its own); replace the incorrect
→db arrow with cross-diagram stubs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): fix 3d OCR — route transcription/annotation through domain services ... 35d82814a6

OcrAsyncRunner injects TranscriptionService and AnnotationService; it only
accesses the DB directly for OcrJob state (OcrJobRepository). The previous
Rel arrow incorrectly showed direct JDBC access for transcription blocks and
annotations, contradicting the component description.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): fix 3c.2 — add PersonRelationshipRepository, route through repo ... a20a46b262

Both RelationshipService and RelationshipInferenceService inject
PersonRelationshipRepository. The previous direct db arrows were inaccurate.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): fix 3b frontend — correct docBulkEdit endpoint to /bulk ... 632fb9ef7b

DocumentController maps the batch update to PATCH /api/documents/bulk,
not /api/documents/batch.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): fix 3a — remove AOP @Around from secFilter→permAspect rel label ... e3bfbde8e9

The filter chain doesn't invoke the AOP aspect directly — Spring Security
hands off to the servlet and AOP intercepts at the method level. The label
implied a direct invocation chain that doesn't exist.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): fix 3d frontend — add User actor for /hilfe/transkription ... bbded5b921

The help guide is used by all transcribers, not just administrators. Only
showing admin as the actor was misleading about who accesses this route.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): fix 3a secFilter description — BCrypt validation is in DaoAuthenticationProvider ... 61ca5aacf7

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): add OcrJobRepository intermediary in 3d — route ocrAsync through repo, not bare db ... 83f4f8352c

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): fix 3e DashboardService — add documentSvc and transcriptionSvc cross-domain stubs ... 3fafaf29fc

DashboardService.getResume() calls DocumentService.getDocumentById() and
TranscriptionService.listBlocks() — both missing from the diagram.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): add Email Service to L1 and L2 — NotificationService and PasswordResetService send SMTP ... 818246a26d

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(c4): correct docBulkEdit endpoint /batch → /bulk ... 318d83d2fd

DocumentController has @PatchMapping("/bulk"); the component description
had the wrong path. The Rel in the same diagram was already correct.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(c4): loginPage — username → email in component description ... af24d63176

CustomUserDetailsService loads by email, not username. The component
description had a stale "encodes username:password" label.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(c4): sequence diagram — username → email in auth flow ... caf86b3225

Three stale references: "Enter username + password", Base64 encode
"user:password", and SELECT WHERE username — all updated to email to
match AppUserRepository.findByEmail() and CustomUserDetailsService.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(c4): stammbaum — remove D3 library detail from component description ... 9878810a2a

C4 L3 describes responsibility, not library choice. Removing the D3
reference keeps the description implementation-agnostic.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): add cross-diagram stub convention note to header ... 7ac39541ef

The C4 standard doesn't define this pattern. Adding a one-sentence
explanation so readers unfamiliar with the project's rendering convention
understand what stub components outside System_Boundary blocks mean.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(c4): flatten decimal sub-diagram numbering; note invite gate at L1 ... b60ad66816

- Rename 3b.2→3c, 3c→3d, 3c.2→3e, 3d→3f, 3e→3g to eliminate
  decimal notation that read as version numbers rather than sub-levels
- Update all seven "See diagram X" cross-references to match
- Correct backend intro: "three focused views" → "seven focused sub-diagrams"
- Add "Access by administrator invite." to L1 Family Member description
  to surface the invite-only registration constraint at the context level

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(c4): add L1 context and L2 containers as C4-PlantUML files d2a4707c3e

docs(c4): add L3 backend 3a security and 3b document management f2bb0ca442

docs(c4): add L3 backend 3c transcription and 3d users/groups 63d8065cd8

docs(c4): add L3 backend 3e persons, 3f OCR, 3g supporting domains f9549d7b64

docs(c4): add L3 frontend 3a middleware/auth and 3b document workflows e694b58a81

docs(c4): add L3 frontend 3c/3d and sequence diagrams e46f6cb0af

docs(c4): add VS Code PlantUML server config and diagram index 76eb8a1cf5

marcel commented 2026-05-06 22:39:36 +02:00

Author

Owner

Copy Link

🏛️ Markus Keller — Senior Application Architect

Verdict: ✅ Approved

This is a documentation-only PR. I reviewed it from an architectural documentation hygiene perspective.

What's Good

Dual-format strategy is well-justified. The PR description explains the tradeoff clearly: Mermaid for inline Gitea rendering, PlantUML for layout-accurate C4-PlantUML in VS Code. This is the right call — Gitea's external renderer limitation is real, and keeping both formats rather than fighting the tooling is pragmatic.

Cross-diagram stub pattern is sound. Components placed outside a System_Boundary with "See diagram X" annotations correctly model cross-domain dependencies without duplicating definitions. The c4-diagrams.md even documents this pattern explicitly in the updated header. This is the right architectural convention for split L3 diagrams.

The sub-diagram decomposition maps to the actual module structure. 3a security, 3b documents, 3c transcription, 3d users/groups, 3e persons, 3f OCR, 3g supporting — these align with the package-by-feature structure in the codebase. A new developer can navigate from diagram to package directory without a gap.

The Mermaid updates fix real accuracy issues. The old monolithic L3 backend diagram mixed PersonRepository and TagRepository calls inside DocumentService — that violated the service boundary rules. The new diagrams correctly model DocumentService → PersonService and DocumentService → TagService cross-domain calls. Good catch.

Suggestions (non-blocking)

The PlantUML server URL is environment-specific and committed. .vscode/settings.json now contains http://heim-nas:8500. This works for this team but is a friction point if anyone works from a machine where heim-nas is not resolvable. Consider documenting the local PlantUML server alternative (e.g., docker run -d -p 8500:8080 plantuml/plantuml-server) in docs/architecture/c4/README.md. Not a blocker — the current setup is appropriate for a solo/small-team project.

Missing ADR for the dual-format decision. The PR description is a good explanation, but it lives in git history, not in docs/adr/. If someone later asks "why are there two sets of diagrams?", an ADR would surface the answer without archaeology. Low priority for a solo project — the PR description is sufficient documentation for now.

## 🏛️ Markus Keller — Senior Application Architect **Verdict: ✅ Approved** This is a documentation-only PR. I reviewed it from an architectural documentation hygiene perspective. ### What's Good **Dual-format strategy is well-justified.** The PR description explains the tradeoff clearly: Mermaid for inline Gitea rendering, PlantUML for layout-accurate C4-PlantUML in VS Code. This is the right call — Gitea's external renderer limitation is real, and keeping both formats rather than fighting the tooling is pragmatic. **Cross-diagram stub pattern is sound.** Components placed outside a `System_Boundary` with "See diagram X" annotations correctly model cross-domain dependencies without duplicating definitions. The `c4-diagrams.md` even documents this pattern explicitly in the updated header. This is the right architectural convention for split L3 diagrams. **The sub-diagram decomposition maps to the actual module structure.** 3a security, 3b documents, 3c transcription, 3d users/groups, 3e persons, 3f OCR, 3g supporting — these align with the package-by-feature structure in the codebase. A new developer can navigate from diagram to package directory without a gap. **The Mermaid updates fix real accuracy issues.** The old monolithic L3 backend diagram mixed `PersonRepository` and `TagRepository` calls inside `DocumentService` — that violated the service boundary rules. The new diagrams correctly model `DocumentService → PersonService` and `DocumentService → TagService` cross-domain calls. Good catch. ### Suggestions (non-blocking) **The PlantUML server URL is environment-specific and committed.** `.vscode/settings.json` now contains `http://heim-nas:8500`. This works for this team but is a friction point if anyone works from a machine where `heim-nas` is not resolvable. Consider documenting the local PlantUML server alternative (e.g., `docker run -d -p 8500:8080 plantuml/plantuml-server`) in `docs/architecture/c4/README.md`. Not a blocker — the current setup is appropriate for a solo/small-team project. **Missing ADR for the dual-format decision.** The PR description is a good explanation, but it lives in git history, not in `docs/adr/`. If someone later asks "why are there two sets of diagrams?", an ADR would surface the answer without archaeology. Low priority for a solo project — the PR description is sufficient documentation for now.

marcel commented 2026-05-06 22:39:45 +02:00

Author

Owner

Copy Link

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ✅ Approved

Pure documentation PR — no production code changed. My review focuses on documentation quality, naming conventions, and accuracy of the architectural descriptions.

What's Good

Naming is precise and intent-revealing throughout. File names follow a clear convention (l1-context.puml, l2-containers.puml, l3-backend-3a-security.puml) that maps directly to C4 levels and sub-diagram index. No abbreviations, no ambiguity. A new developer can find the diagram they need from the filename alone.

The c4-diagrams.md accuracy fixes are meaningful. Key corrections I noticed:

• username → email in the login sequence and CustomUserDetailsService description — correctly reflects the actual auth implementation
• DocumentService → PersonService and DocumentService → TagService replacing direct repository calls — correct layering
• ExcelService now handles ODS files too — accurate
• MassImportService state machine (IDLE/RUNNING/DONE/FAILED) added to description — good detail
• New RegisterPage, ForgotPassword, ResetPassword frontend routes added — these were missing from the old diagram

The cross-diagram stub pattern with "See diagram X" comments avoids both duplication and mystery references. Readable, follows the same intent-revealing convention as the code.

Minor Observations (non-blocking)

ContainerDb(db, "PostgreSQL", "PostgreSQL 16") vs ContainerDb(db, "PostgreSQL") inconsistency between the .puml files and the Mermaid versions in c4-diagrams.md. The .puml files add the version as a third argument — that's correct C4-PlantUML syntax and adds useful detail. The Mermaid versions don't have this level of detail which is fine for Mermaid's DSL.

docs/architecture/c4/README.md last row of the file table is truncated in my diff view (the l3-frontend-3b row). Looked fine in the full file read — confirming it renders correctly in Gitea is part of the test plan, so this should be caught.

Nothing here requires changes.

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ✅ Approved** Pure documentation PR — no production code changed. My review focuses on documentation quality, naming conventions, and accuracy of the architectural descriptions. ### What's Good **Naming is precise and intent-revealing throughout.** File names follow a clear convention (`l1-context.puml`, `l2-containers.puml`, `l3-backend-3a-security.puml`) that maps directly to C4 levels and sub-diagram index. No abbreviations, no ambiguity. A new developer can find the diagram they need from the filename alone. **The `c4-diagrams.md` accuracy fixes are meaningful.** Key corrections I noticed: - `username` → `email` in the login sequence and `CustomUserDetailsService` description — correctly reflects the actual auth implementation - `DocumentService → PersonService` and `DocumentService → TagService` replacing direct repository calls — correct layering - `ExcelService` now handles ODS files too — accurate - `MassImportService` state machine (IDLE/RUNNING/DONE/FAILED) added to description — good detail - New `RegisterPage`, `ForgotPassword`, `ResetPassword` frontend routes added — these were missing from the old diagram **The cross-diagram stub pattern with "See diagram X" comments** avoids both duplication and mystery references. Readable, follows the same intent-revealing convention as the code. ### Minor Observations (non-blocking) **`ContainerDb(db, "PostgreSQL", "PostgreSQL 16")` vs `ContainerDb(db, "PostgreSQL")` inconsistency** between the `.puml` files and the Mermaid versions in `c4-diagrams.md`. The `.puml` files add the version as a third argument — that's correct C4-PlantUML syntax and adds useful detail. The Mermaid versions don't have this level of detail which is fine for Mermaid's DSL. **`docs/architecture/c4/README.md` last row of the file table is truncated** in my diff view (the `l3-frontend-3b` row). Looked fine in the full file read — confirming it renders correctly in Gitea is part of the test plan, so this should be caught. Nothing here requires changes.

marcel commented 2026-05-06 22:39:58 +02:00

Author

Owner

Copy Link

🔒 Nora "NullX" Steiner — Application Security Engineer

Verdict: ⚠️ Approved with concerns

Documentation-only PR. My review focuses on what the architecture diagrams reveal about the security model and whether the committed configuration introduces any exposure.

Concern (worth addressing, not blocking)

Hardcoded internal hostname in committed VS Code settings.

docs/architecture/c4/README.md and .vscode/settings.json both reference http://heim-nas:8500 as the PlantUML render server. The concern here is information disclosure, not a direct vulnerability: the hostname heim-nas and port 8500 are now part of the public (or semi-public) git history. For a private family project on a self-hosted Gitea this is low risk, but it's worth noting:

1. If the Gitea instance is ever made public or the repo is mirrored, internal network topology is disclosed.
2. More importantly, http:// (not https://) means the VS Code extension sends PlantUML source over unencrypted HTTP to the render server. The diagrams contain internal component names, API routes, and authentication flow details. On a trusted home LAN this is acceptable; it would not be acceptable over a corporate network or VPN.

Recommendation: Add a note in docs/architecture/c4/README.md that the render server uses HTTP on the internal LAN only, and that contributors should not use this setup over untrusted networks. No code change required — one sentence in the README is sufficient.

What's Correct in the Architecture Descriptions

Reviewing the security-relevant content of the diagrams themselves:

• 3a Security diagram correctly models the PermissionAspect as AOP-enforced and separate from the filter chain — this is the right representation of how @RequirePermission works in this codebase.
• CustomUserDetailsService loads by email (updated from username) — the diagram now matches the actual authentication field.
• Password reset and invite flows are shown as unauthenticated endpoints (correct — they should be permitAll in SecurityConfig).
• CSRF disabled is acknowledged in the SecurityConfig component description — this is appropriate for a Basic Auth + httpOnly cookie setup where CSRF is structurally mitigated.
• SSE notification path shows direct backend-to-browser (Rel(backend, user, "SSE notifications"...)) — this is correct and confirms no sensitive data routing through an intermediary.

No security regressions in this PR.

## 🔒 Nora "NullX" Steiner — Application Security Engineer **Verdict: ⚠️ Approved with concerns** Documentation-only PR. My review focuses on what the architecture diagrams reveal about the security model and whether the committed configuration introduces any exposure. ### Concern (worth addressing, not blocking) **Hardcoded internal hostname in committed VS Code settings.** `docs/architecture/c4/README.md` and `.vscode/settings.json` both reference `http://heim-nas:8500` as the PlantUML render server. The concern here is **information disclosure, not a direct vulnerability**: the hostname `heim-nas` and port `8500` are now part of the public (or semi-public) git history. For a private family project on a self-hosted Gitea this is low risk, but it's worth noting: 1. If the Gitea instance is ever made public or the repo is mirrored, internal network topology is disclosed. 2. More importantly, `http://` (not `https://`) means the VS Code extension sends PlantUML source over unencrypted HTTP to the render server. The diagrams contain internal component names, API routes, and authentication flow details. On a trusted home LAN this is acceptable; it would not be acceptable over a corporate network or VPN. **Recommendation:** Add a note in `docs/architecture/c4/README.md` that the render server uses HTTP on the internal LAN only, and that contributors should not use this setup over untrusted networks. No code change required — one sentence in the README is sufficient. ### What's Correct in the Architecture Descriptions Reviewing the security-relevant content of the diagrams themselves: - **3a Security diagram** correctly models the `PermissionAspect` as AOP-enforced and separate from the filter chain — this is the right representation of how `@RequirePermission` works in this codebase. - **`CustomUserDetailsService` loads by email** (updated from username) — the diagram now matches the actual authentication field. - **Password reset and invite flows** are shown as unauthenticated endpoints (correct — they should be `permitAll` in `SecurityConfig`). - **CSRF disabled** is acknowledged in the `SecurityConfig` component description — this is appropriate for a Basic Auth + httpOnly cookie setup where CSRF is structurally mitigated. - **SSE notification path** shows direct backend-to-browser (`Rel(backend, user, "SSE notifications"...)`) — this is correct and confirms no sensitive data routing through an intermediary. No security regressions in this PR.

marcel commented 2026-05-06 22:40:07 +02:00

Author

Owner

Copy Link

🧪 Sara Holt — Senior QA Engineer

Verdict: ✅ Approved

Documentation-only PR — no test coverage impact. My review covers testability of the test plan items in the PR description.

Test Plan Assessment

The PR's test plan has three items:

• Open any .puml file in VS Code with the PlantUML extension installed → Alt+D renders diagram via http://heim-nas:8500
• Browse any .puml file in Gitea → renders as a diagram
• docs/architecture/c4-diagrams.md still renders Mermaid diagrams inline in Gitea

These are all manual, environment-dependent checks — which is appropriate for tooling configuration PRs. There's nothing to automate here in the standard test pyramid. Confirmed these are the right acceptance criteria for this type of change.

One Observation

The test plan doesn't specify which .puml file to use as a smoke test. Given there are 15 new files spanning C4 levels and diagram types, a more complete test plan would verify:

• One file from each C4 level (L1, L2, L3 component)
• One sequence diagram (different !include — C4_Sequence)
• The l3-backend-3b-document-management.puml file specifically, which has the most Component() and Rel() declarations and is most likely to reveal syntax errors

This is a suggestion for the author's manual verification, not a blocker. The existing test plan is sufficient for a documentation PR.

No Test Coverage Impact

No production code changed. No test files added or modified. The existing test suite is unaffected. ✅

## 🧪 Sara Holt — Senior QA Engineer **Verdict: ✅ Approved** Documentation-only PR — no test coverage impact. My review covers testability of the test plan items in the PR description. ### Test Plan Assessment The PR's test plan has three items: > - [ ] Open any `.puml` file in VS Code with the PlantUML extension installed → `Alt+D` renders diagram via `http://heim-nas:8500` > - [ ] Browse any `.puml` file in Gitea → renders as a diagram > - [ ] `docs/architecture/c4-diagrams.md` still renders Mermaid diagrams inline in Gitea These are all manual, environment-dependent checks — which is appropriate for tooling configuration PRs. There's nothing to automate here in the standard test pyramid. Confirmed these are the right acceptance criteria for this type of change. ### One Observation **The test plan doesn't specify which `.puml` file to use as a smoke test.** Given there are 15 new files spanning C4 levels and diagram types, a more complete test plan would verify: - One file from each C4 level (L1, L2, L3 component) - One sequence diagram (different `!include` — `C4_Sequence`) - The `l3-backend-3b-document-management.puml` file specifically, which has the most `Component()` and `Rel()` declarations and is most likely to reveal syntax errors This is a suggestion for the author's manual verification, not a blocker. The existing test plan is sufficient for a documentation PR. ### No Test Coverage Impact No production code changed. No test files added or modified. The existing test suite is unaffected. ✅

marcel commented 2026-05-06 22:40:17 +02:00

Author

Owner

Copy Link

⚙️ Tobias Wendt — DevOps & Platform Engineer

Verdict: ✅ Approved

Documentation and VS Code configuration PR. Nothing touches the Docker Compose file, CI pipeline, or production infrastructure.

What I Checked

.vscode/settings.json change: Adds plantuml.render and plantuml.server keys pointing at http://heim-nas:8500. This is a developer tooling config — it affects VS Code only, not the build pipeline or deployed services.

• The PlantUML server at heim-nas:8500 is presumably the self-hosted plantuml/plantuml-server container. It's not wired into CI, which is correct — diagram rendering is a dev convenience, not a build step.
• The HTTP (not HTTPS) scheme is fine for an internal LAN service.
• No secrets, no credentials, no infrastructure changes. Clean.

New docs/architecture/c4/ directory: Pure documentation — 15 .puml files and a README.md. No impact on build, test, or deployment.

No CI impact. The Gitea Actions pipeline doesn't build or lint .puml files, and there's nothing here that would break any existing CI job.

Suggestion (non-blocking)

Consider adding a plantuml/plantuml-server service to docker-compose.override.yml for contributors who don't have heim-nas on their network. Something like:

services:
  plantuml:
    image: plantuml/plantuml-server:jetty
    ports:
      - "8500:8080"

With a matching note in the README: "If heim-nas is not reachable, run docker compose up plantuml and point your VS Code setting at http://localhost:8500." This makes the diagrams renderable for any future contributor. Not required for the current solo setup.

## ⚙️ Tobias Wendt — DevOps & Platform Engineer **Verdict: ✅ Approved** Documentation and VS Code configuration PR. Nothing touches the Docker Compose file, CI pipeline, or production infrastructure. ### What I Checked **`.vscode/settings.json` change:** Adds `plantuml.render` and `plantuml.server` keys pointing at `http://heim-nas:8500`. This is a developer tooling config — it affects VS Code only, not the build pipeline or deployed services. - The PlantUML server at `heim-nas:8500` is presumably the self-hosted `plantuml/plantuml-server` container. It's not wired into CI, which is correct — diagram rendering is a dev convenience, not a build step. - The HTTP (not HTTPS) scheme is fine for an internal LAN service. - No secrets, no credentials, no infrastructure changes. Clean. **New `docs/architecture/c4/` directory:** Pure documentation — 15 `.puml` files and a `README.md`. No impact on build, test, or deployment. **No CI impact.** The Gitea Actions pipeline doesn't build or lint `.puml` files, and there's nothing here that would break any existing CI job. ### Suggestion (non-blocking) **Consider adding a `plantuml/plantuml-server` service to `docker-compose.override.yml`** for contributors who don't have `heim-nas` on their network. Something like: ```yaml services: plantuml: image: plantuml/plantuml-server:jetty ports: - "8500:8080" ``` With a matching note in the README: "If `heim-nas` is not reachable, run `docker compose up plantuml` and point your VS Code setting at `http://localhost:8500`." This makes the diagrams renderable for any future contributor. Not required for the current solo setup.

marcel commented 2026-05-06 22:40:26 +02:00

Author

Owner

Copy Link

📋 Elicit — Requirements Engineer

Verdict: ✅ Approved

Reviewing from a requirements documentation perspective: does the architecture documentation accurately reflect what the system does, and is it useful as a communication artifact?

Accuracy Assessment

The diagram updates in c4-diagrams.md fix several requirements-level inaccuracies in the previous version:

User persona descriptions improved:

• "Family Member" persona now correctly includes "transcribes archived documents" — the original omitted transcription as a member capability
• The invite-based access model ("Access by administrator invite") is now explicit at L1 — this is an important access control requirement that was previously invisible in the diagrams

Email service now modelled at L1 and L2:

• The System_Ext(mail, "Email Service") addition surfaces a dependency that was missing. Password reset and mention notifications via SMTP are real functional requirements — they should be visible at the context level.

Auth field corrected (username → email):

• The login sequence diagram now shows email:password in the Basic Auth encoding and SELECT user WHERE email=? in the DB query. Matches actual behavior.

MassImportService now handles ODS in addition to Excel:

• "Excel/ODS workbooks (Apache POI)" — the original said Excel only. Apache POI supports both; the description now matches the actual capability.

Observation

The c4-diagrams.md header now includes a definition of the "cross-diagram stub" pattern. This is good requirements hygiene — defining conventions at the point of use prevents ambiguity for future readers who need to understand why a component appears without a full definition.

No Requirements Gaps Introduced

This PR adds no new system behaviors — it only documents existing ones more accurately. All changes are additive corrections to existing descriptions. LGTM from a requirements perspective.

## 📋 Elicit — Requirements Engineer **Verdict: ✅ Approved** Reviewing from a requirements documentation perspective: does the architecture documentation accurately reflect what the system does, and is it useful as a communication artifact? ### Accuracy Assessment The diagram updates in `c4-diagrams.md` fix several requirements-level inaccuracies in the previous version: **User persona descriptions improved:** - `"Family Member"` persona now correctly includes "transcribes archived documents" — the original omitted transcription as a member capability - The invite-based access model (`"Access by administrator invite"`) is now explicit at L1 — this is an important access control requirement that was previously invisible in the diagrams **Email service now modelled at L1 and L2:** - The `System_Ext(mail, "Email Service")` addition surfaces a dependency that was missing. Password reset and mention notifications via SMTP are real functional requirements — they should be visible at the context level. **Auth field corrected (`username` → `email`):** - The login sequence diagram now shows `email:password` in the Basic Auth encoding and `SELECT user WHERE email=?` in the DB query. Matches actual behavior. **`MassImportService` now handles ODS in addition to Excel:** - `"Excel/ODS workbooks (Apache POI)"` — the original said Excel only. Apache POI supports both; the description now matches the actual capability. ### Observation The `c4-diagrams.md` header now includes a definition of the "cross-diagram stub" pattern. This is good requirements hygiene — defining conventions at the point of use prevents ambiguity for future readers who need to understand why a component appears without a full definition. ### No Requirements Gaps Introduced This PR adds no new system behaviors — it only documents existing ones more accurately. All changes are additive corrections to existing descriptions. LGTM from a requirements perspective.

marcel commented 2026-05-06 22:40:36 +02:00

Author

Owner

Copy Link

🎨 Leonie Voss — UI/UX Design Lead

Verdict: ✅ Approved

This PR contains no frontend component changes, Svelte files, Tailwind classes, or UI-layer modifications. My review is therefore brief.

What I Checked

No .svelte files changed. Zero UI impact — no brand compliance concerns, no accessibility regressions, no touch target or typography changes.

No frontend route changes. The diagram descriptions document existing routes (including the new /enrich, /briefwechsel, /aktivitaeten, /stammbaum, etc.) but don't add or modify them.

The c4-diagrams.md frontend diagrams now correctly show the dual-audience design in the route structure — the split between transcription paths (desktop/tablet-first) and reading paths (mobile-first) is implicitly captured in the component descriptions.

One Positive Note

The new Frontend 3c diagram (/persons, /briefwechsel, /aktivitaeten, /geschichten, /stammbaum) documents routes that exist but weren't in the previous architecture diagram. The family tree (/stammbaum) and stories (/geschichten) are notable for mobile UX — these are reading-path features used by the younger audience on phones. Good that they're now visible at the architecture level.

No UI concerns. LGTM.

## 🎨 Leonie Voss — UI/UX Design Lead **Verdict: ✅ Approved** This PR contains no frontend component changes, Svelte files, Tailwind classes, or UI-layer modifications. My review is therefore brief. ### What I Checked **No `.svelte` files changed.** Zero UI impact — no brand compliance concerns, no accessibility regressions, no touch target or typography changes. **No frontend route changes.** The diagram descriptions document existing routes (including the new `/enrich`, `/briefwechsel`, `/aktivitaeten`, `/stammbaum`, etc.) but don't add or modify them. **The `c4-diagrams.md` frontend diagrams** now correctly show the dual-audience design in the route structure — the split between transcription paths (desktop/tablet-first) and reading paths (mobile-first) is implicitly captured in the component descriptions. ### One Positive Note The new Frontend 3c diagram (`/persons`, `/briefwechsel`, `/aktivitaeten`, `/geschichten`, `/stammbaum`) documents routes that exist but weren't in the previous architecture diagram. The family tree (`/stammbaum`) and stories (`/geschichten`) are notable for mobile UX — these are reading-path features used by the younger audience on phones. Good that they're now visible at the architecture level. No UI concerns. LGTM.

marcel merged commit 66c1998d2f into main 2026-05-06 22:52:39 +02:00

marcel deleted branch docs/post-refactor-accuracy-audit 2026-05-06 22:52:39 +02:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#450