Merge pull request #7187 from Countly/ar2rsawseen/master2

More docs

Author: ar2rsawseen

.github/AI_PR_REVIEW_GUIDELINES.md

@@ -0,0 +1,62 @@
+# AI Pull Request Review Guidelines for Countly Server
+
+These guidelines are for AI-based review bots (e.g., GitHub Copilot) to ensure all pull requests (PRs) to Countly Server meet project standards for quality, security, and maintainability.
+
+---
+
+## 1. General Code Quality
+- **Linting:** All code must pass ESLint and shellcheck validation. Reject PRs with lint errors.
+- **Comments:** Public functions must use JSDoc. Complex logic should be commented, but avoid redundant comments.
+- **Error Handling:** All errors must be handled and surfaced to the frontend or logs.
+
+## 2. Backend (Node.js)
+- **API Security:** All endpoints must use validation from `api/utils/rights.js` (e.g., `validateRead`, `validateCreate`).
+- **Parameter Validation:** All input parameters must be validated and type-checked. Reject PRs with missing or unsafe validation.
+- **Cross-App Security:** All write/delete operations must check `app_id` to prevent cross-app access.
+- **MongoDB:** Use projections to limit returned fields. Use batchers for frequent/bulk operations. Create indexes for new collections.
+- **Audit Logging:** All create/update/delete actions must dispatch `/systemlogs` events.
+
+## 3. Frontend (Vue.js)
+- **Component Naming:** Use PascalCase for JS, kebab-case for templates.
+- **Props/Events:** Use props down, events up. Do not modify parent state directly.
+- **Security:** Never use `v-html` with user input. Use `countlyCommon.encodeHtml()` for manual sanitization.
+- **Testing:** All interactive elements must have `data-test-id` attributes for UI testing.
+- **Computed Properties:** Prefer computed properties over watchers for derived state.
+
+## 4. CSS & Styling
+- **SASS:** Use SCSS syntax and `@use` for imports. Do not use `@import`.
+- **BEM:** All new classes must use BEM naming with `cly-vue-` prefix.
+- **Bulma:** Use Bulma classes with `bu-` prefix for layout.
+- **No Deprecated Paths:** Do not add CSS to deprecated directories.
+
+## 5. Security
+- **XSS:** All API output must be escaped. Frontend must treat API data as text. Never use `v-html` with unsanitized input.
+- **MongoDB Injection:** Always cast credentials to strings. Validate objects for MongoDB operators.
+- **File Uploads:** Only allow whitelisted file types. Sanitize all filenames.
+- **Command Line:** Use `spawn` with argument arrays, never `exec` with user input.
+
+## 6. Testing & Documentation
+- **Tests:** PRs must include tests for new features, edge cases, and cleanup. Plugins must test app lifecycle hooks.
+- **Docs:** Update or add documentation for new/changed features, including JSDoc for public functions.
+
+## 7. Plugin Development
+- **Structure:** Plugins must follow the standard structure (`api/api.js`, `frontend/app.js`, etc.).
+- **Lifecycle:** Plugins with collections must handle app create/delete and user data deletion events.
+
+## 8. Pull Request Hygiene
+- **No Secrets:** PRs must not include credentials, secrets, or sensitive data.
+- **Changelogs:** Update `CHANGELOG.md` for user-facing changes.
+- **License:** All code must comply with AGPL-3.0 and Countly's Section 7 modifications.
+
+---
+
+**References:**
+- [CODING_GUIDELINES.md](../CODING_GUIDELINES.md)
+- [SECURITY.md](../docs/SECURITY.md)
+- [VUEJS_GUIDELINES.md](../docs/VUEJS_GUIDELINES.md)
+- [CSS_STYLE_GUIDE.md](../docs/CSS_STYLE_GUIDE.md)
+- [UI_TESTING.md](../docs/UI_TESTING.md)
+
+---
+
+**If a PR does not meet these requirements, request changes with specific feedback.**

bin/README.md

@@ -1,4 +1,2 @@
 
 Use `bash countly.install.sh` to install Countly.
-
-Run `bash config/countly_user.sh` script which converts Countly process and files under `countly` user.

docs/OBSERVABILITY_GUIDELINES.md

@@ -0,0 +1,100 @@
+# Countly Server Observability Guidelines
+
+This document describes best practices for logging, debugging, and error reporting in Countly Server. All contributors must follow these guidelines to ensure robust observability and traceability.
+
+---
+
+## 1. Logging Library
+- **Always use** `api/utils/log.js` for all logging. Do **not** use `console.log` or similar.
+- The logger provides levels: `debug`, `info`, `warn`, `error`.
+- Example usage:
+  ```js
+  const log = require('../../../api/utils/log.js')('crashes:api');
+  log.d('Debug message');
+  log.e('Error occurred: %j', error);
+  ```
+
+## 2. Module Naming Convention
+- **Plugin files:** Use the plugin name as the logger prefix. Example: `crashes`, `push`, `views`.
+- **Submodules:** Separate submodules with `:`. Example: `crashes:api`, `crashes:render`.
+- **Core files:** Prefix with `core:`. Example: `core:render`, `core:auth`.
+- **Job files:** Prefix with `job:`. Example: `job:crashes`, `job:push`. This allows enabling/disabling logging for all jobs at once.
+
+## 3. Logging Practices
+- **Log all errors** and error handling with `error` level (`log.e`).
+- **Add debug logs** (`log.d`) at every major step of execution to trace code flow.
+- Use `log.i` for important state changes, and `log.w` for warnings.
+- Use the logger's `callback` and `logdb` helpers for error logging in async/database operations.
+- Example:
+  ```js
+  log.d('Starting job execution');
+  // ...
+  log.e('Failed to process job: %j', err);
+  ```
+
+## 4. Enabling Logging
+- **Via Dashboard:** Go to Management → Settings → Logs to configure log levels and modules.
+- **Via Environment Variables:**
+  - Set `DEBUG=*` to enable all debug logs.
+  - Set `DEBUG=crashes:*,job:*` to enable debug logs for all crashes and job modules.
+  - Example:
+    ```bash
+    DEBUG=core:*,crashes:api npm run start:all:dev
+    ```
+
+## 5. Log Level Configuration
+- Log levels can be set in `api/config.js` under the `logging` section.
+- Example:
+  ```js
+  logging: {
+    info: ['core', 'crashes'],
+    debug: ['job:*'],
+    default: 'warn'
+  }
+  ```
+- You can also set log levels at runtime:
+  ```js
+  require('api/utils/log.js').setLevel('job:crashes', 'debug');
+  ```
+
+## 6. Error Handling
+- **Always log errors** with `log.e`.
+- Use logger's `callback` and `logdb` for async/database error handling.
+- Example:
+  ```js
+  someAsyncOperation(log.callback((result) => {
+    log.d('Operation completed', result);
+  }));
+  ```
+
+## 7. Debugging Flow
+- Add debug logs at:
+  - Function entry/exit
+  - Major state changes
+  - Before/after external calls (DB, API, etc.)
+  - All error handling branches
+- This enables tracing execution in debug mode.
+
+## 8. References
+- See `api/utils/log.js` for advanced usage (sub-loggers, logdb, callback, etc.).
+- See [CODING_GUIDELINES.md](../CODING_GUIDELINES.md) for general code standards.
+
+---
+
+
+## Log Message Formatting
+
+- **Be clear and concise:** Log messages should be easy to understand and provide enough context for debugging.
+- **Use structured formatting:** Prefer format specifiers (`%s`, `%j`, `%d`, etc.) for variables and objects. Example:
+  ```js
+  log.d('Processing user %s with data: %j', userId, userData);
+  ```
+- **Include relevant identifiers:** Always log IDs, error objects, and key parameters to help trace issues.
+- **Timestamp and level:** The logger automatically adds timestamps and log levels to each message.
+- **Consistent style:** Use similar phrasing for similar events across modules (e.g., "Starting job", "Job completed", "Error processing job").
+- **Avoid sensitive data:** Never log credentials, secrets, or personal data.
+- **Multi-line logs:** For complex objects, use `%j` to pretty-print JSON. For multi-step flows, use separate log statements for each step.
+
+---
+
+**Consistent, structured logging is required for all new code.**

docs/README.md

@@ -0,0 +1,53 @@
+
+# Countly Server Documentation Index
+
+This README provides a table of contents for all markdown documentation files in the repository, including those in the root, docs, .github, plugins, bin, and other folders.
+
+---
+
+## Top-Level Documentation
+- [README.md](../README.md): Project overview, installation, and quick links.
+- [CODING_GUIDELINES.md](../CODING_GUIDELINES.md): General coding standards and best practices.
+- [CHANGELOG.md](../CHANGELOG.md): Summary of user-facing changes and releases.
+- [CONTRIBUTING.md](../CONTRIBUTING.md): How to contribute to Countly Server.
+- [SECURITY.md](../SECURITY.md): (Legacy) Security guidelines.
+- [CLAUDE.md](../CLAUDE.md): Claude-specific notes.
+
+## docs/ Folder
+- [README.md](README.md): This documentation index.
+- [SECURITY.md](SECURITY.md): Security requirements and best practices.
+- [VUEJS_GUIDELINES.md](VUEJS_GUIDELINES.md): Vue.js frontend development standards.
+- [CSS_STYLE_GUIDE.md](CSS_STYLE_GUIDE.md): SASS, BEM, and Bulma CSS conventions.
+- [UI_TESTING.md](UI_TESTING.md): Cypress UI testing and data-test-id usage.
+- [OBSERVABILITY_GUIDELINES.md](OBSERVABILITY_GUIDELINES.md): Logging, debugging, and error reporting standards.
+
+## .github/ Folder
+- [AI_PR_REVIEW_GUIDELINES.md](../.github/AI_PR_REVIEW_GUIDELINES.md): Guidelines for AI-based PR review bots.
+- [issue_template.md](../.github/issue_template.md): Issue template for GitHub.
+- [copilot-instructions.md](../.github/copilot-instructions.md): Copilot agent instructions.
+
+## test/ Folder
+- [README.md](../test/README.md): Test suite documentation and instructions.
+
+## ui-tests/ Folder
+- [README.md](../ui-tests/README.md): UI test suite documentation.
+
+## bin/ Folder
+- [README.md](../bin/README.md): Installation scripts documentation.
+- [scripts/README.md](../bin/scripts/README.md): Bin scripts documentation.
+- [scripts/sharding/README.md](../bin/scripts/sharding/README.md): Sharding scripts documentation.
+- [upgrade/18.08/mongo.upgrade.instructions.md](../bin/upgrade/18.08/mongo.upgrade.instructions.md): Mongo upgrade instructions.
+
+## api/parts/jobs/ Folder
+- [README.md](../api/parts/jobs/README.md): Jobs system documentation.
+- [job_flow.md](../api/parts/jobs/job_flow.md): Job flow documentation.
+
+## plugins/guides/ Folder
+- [README.md](../plugins/guides/README.md): Plugin guides documentation.
+
+## Other Markdown Files
+- Any other .md files found in the repository can be referenced directly by their path.
+
+---
+
+**Tip:** For coding standards, always start with [CODING_GUIDELINES.md](../CODING_GUIDELINES.md). For specialized topics, see the relevant docs above.