chore: add misc proposals and todo docs for future reference

Author: coopernetes

docs/plan-config-refactor.md

@@ -0,0 +1,89 @@
+# Config Loading Refactor — TODO
+
+## Current state
+
+### Files involved
+
+| File                                                                                                                                                                       | Role                                                                                                     |
+| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- |
+| [jgit-proxy-server/.../JettyConfigurationLoader.java](../jgit-proxy-server/src/main/java/org/finos/gitproxy/jetty/config/JettyConfigurationLoader.java)                    | Loads YAML files, deep-merges them, applies `GITPROXY_*` env var overrides                               |
+| [jgit-proxy-server/.../JettyConfigurationBuilder.java](../jgit-proxy-server/src/main/java/org/finos/gitproxy/jetty/config/JettyConfigurationBuilder.java)                  | Casts raw `Map<String, Object>` tree into domain objects (providers, filters, push store, commit config) |
+| [jgit-proxy-server/.../resources/git-proxy.yml](../jgit-proxy-server/src/main/resources/git-proxy.yml)                                                                     | Base defaults shipped with the JAR                                                                       |
+| [jgit-proxy-server/.../resources/git-proxy-local.yml](../jgit-proxy-server/src/main/resources/git-proxy-local.yml)                                                         | Local dev overrides (not for production)                                                                 |
+| [docker/git-proxy-local.yml](../docker/git-proxy-local.yml)                                                                                                                | Docker-mounted override for local Gitea                                                                  |
+| [docker/git-proxy-postgres.yml](../docker/git-proxy-postgres.yml)                                                                                                          | Docker-mounted override for PostgreSQL                                                                   |
+| [docker/git-proxy-mongo.yml](../docker/git-proxy-mongo.yml)                                                                                                                | Docker-mounted override for MongoDB                                                                      |
+| [jgit-proxy-core/.../config/CommitConfig.java](../jgit-proxy-core/src/main/java/org/finos/gitproxy/config/CommitConfig.java)                                               | Domain object for commit validation rules — candidate for typed binding                                  |
+| [jgit-proxy-core/.../config/GpgConfig.java](../jgit-proxy-core/src/main/java/org/finos/gitproxy/config/GpgConfig.java)                                                     | Domain object for GPG settings — candidate for typed binding                                             |
+| [jgit-proxy-server/.../GitProxyJettyApplication.java](../jgit-proxy-server/src/main/java/org/finos/gitproxy/jetty/GitProxyJettyApplication.java)                           | Server entry point — constructs loader + builder                                                         |
+| [jgit-proxy-dashboard/.../GitProxyWithDashboardApplication.java](../jgit-proxy-dashboard/src/main/java/org/finos/gitproxy/dashboard/GitProxyWithDashboardApplication.java) | Dashboard entry point — also constructs loader + builder                                                 |
+
+`JettyConfigurationLoader` is a hand-rolled 3-tier YAML loader:
+
+1. `git-proxy.yml` (classpath base)
+2. `git-proxy-local.yml` (optional local overrides)
+3. `GITPROXY_*` env vars (highest priority)
+
+`JettyConfigurationBuilder` then casts the resulting `Map<String, Object>` tree into domain objects.
+
+### Pain points
+
+- **Partial env var coverage** — only simple scalar keys (port, base-path, provider enabled flag). Complex structures (whitelist filters, regex patterns) cannot be overridden via env vars.
+- **No profiles** — no `git-proxy-prod.yml` / `git-proxy-dev.yml` activation mechanism.
+- **No type safety** — raw `Map<String, Object>` throughout; type mismatches surface at runtime.
+- **No validation** — bad config silently produces defaults or runtime exceptions; no fail-fast at startup.
+- **No cloud config integration** — no Vault, AWS SSM, or Kubernetes Secrets support.
+
+---
+
+## Recommended replacement: Gestalt
+
+Replace `JettyConfigurationLoader` with [Gestalt](https://github.com/gestalt-config/gestalt).
+
+Gestalt is a lightweight, container-free config library that covers everything the hand-rolled loader lacks:
+
+| Feature                        | Today          | Gestalt                  |
+| ------------------------------ | -------------- | ------------------------ |
+| YAML loading                   | ✅ (SnakeYAML) | ✅ (SnakeYAML module)    |
+| File merging / layering        | ✅ manual      | ✅ native, ordinal-based |
+| Env var overrides              | ⚠️ partial     | ✅ full, any key         |
+| Profile activation             | ❌             | ✅ native                |
+| Type-safe POJO binding         | ❌             | ✅                       |
+| Startup validation (JSR-380)   | ❌             | ✅                       |
+| Hot-reload                     | ❌             | ✅                       |
+| Cloud config (Vault, SSM, K8s) | ❌             | ✅ (extension modules)   |
+
+---
+
+## Migration sketch
+
+1. **Add Gestalt dependency** to [jgit-proxy-server/build.gradle](../jgit-proxy-server/build.gradle):
+
+   ```groovy
+   implementation 'com.github.gestalt-config:gestalt-core:0.x.x'
+   implementation 'com.github.gestalt-config:gestalt-yaml:0.x.x'
+   ```
+
+2. **Define typed config records/POJOs** to replace the `Map<String, Object>` casts in [JettyConfigurationBuilder.java](../jgit-proxy-server/src/main/java/org/finos/gitproxy/jetty/config/JettyConfigurationBuilder.java) (e.g., `ServerConfig`, `ProviderConfig`, `CommitConfig`, `DatabaseConfig`). Annotate with Bean Validation constraints where appropriate. Existing domain objects [CommitConfig.java](../jgit-proxy-core/src/main/java/org/finos/gitproxy/config/CommitConfig.java) and [GpgConfig.java](../jgit-proxy-core/src/main/java/org/finos/gitproxy/config/GpgConfig.java) in `jgit-proxy-core` can be augmented rather than replaced.
+
+3. **Replace [JettyConfigurationLoader.java](../jgit-proxy-server/src/main/java/org/finos/gitproxy/jetty/config/JettyConfigurationLoader.java)** with a `GestaltBuilder` composition:
+
+   ```
+   classpath:git-proxy.yml                  (base defaults, stays as-is)
+   → classpath:git-proxy-{profile}.yml      (profile override, if active)
+   → filesystem:git-proxy-local.yml         (external local override, stays as-is)
+   → environment variables                  (highest priority, full key coverage)
+   ```
+
+4. **Simplify [JettyConfigurationBuilder.java](../jgit-proxy-server/src/main/java/org/finos/gitproxy/jetty/config/JettyConfigurationBuilder.java)** — replace all `(Map) rawConfig.get(...)` casts with `gestalt.getConfig("git-proxy", GitProxyConfig.class)`.
+
+5. **Update entry points** [GitProxyJettyApplication.java](../jgit-proxy-server/src/main/java/org/finos/gitproxy/jetty/GitProxyJettyApplication.java) and [GitProxyWithDashboardApplication.java](../jgit-proxy-dashboard/src/main/java/org/finos/gitproxy/dashboard/GitProxyWithDashboardApplication.java) — swap `new JettyConfigurationLoader()` for the Gestalt-backed equivalent.
+
+6. **Profile activation** — read `GITPROXY_PROFILE` env var (or system property) to select the profile YAML file.
+
+---
+
+## Libraries considered and rejected
+
+- **Apache Commons Configuration 2** — no native profile concept; POJO binding via Beanutils is not first-class.
+- **Owner** — last release 2019, effectively unmaintained, no YAML support.

docs/plan-db-layer-refactor.md

@@ -0,0 +1,166 @@
+# Database Layer Refactor Plan
+
+## Goals
+
+- Remove raw JDBC boilerplate (`PreparedStatement`, `ResultSet`, manual `Connection` try/finally)
+- Remove manual MongoDB `Document` construction/reads
+- Add lightweight query harness without pulling in a full ORM or Spring Boot auto-config
+- Keep the existing `PushStore` interface contract unchanged — this is an internal implementation refactor only
+
+---
+
+## Current State
+
+| Class               | Storage                  | Problem                                                                                                 |
+| ------------------- | ------------------------ | ------------------------------------------------------------------------------------------------------- |
+| `JdbcPushStore`     | H2 / SQLite / PostgreSQL | Raw JDBC: manual statement prep, positional `?` params, no transaction management, exception swallowing |
+| `MongoPushStore`    | MongoDB                  | Manual `Document` key/value construction and extraction                                                 |
+| `PushRecordMapper`  | —                        | Already close to a `RowMapper<T>`, just not implementing the interface                                  |
+| `DataSourceFactory` | HikariCP                 | Already good — wraps `javax.sql.DataSource`, no changes needed                                          |
+
+---
+
+## Recommendation 1 — Add `spring-jdbc` + `spring-tx` to `jgit-proxy-core`
+
+These are standalone Spring modules with no Spring Boot, no Spring Data JPA, no auto-configuration. They give you:
+
+- `NamedParameterJdbcTemplate` — named `:param` SQL with `MapSqlParameterSource`
+- `JdbcTemplate` — positional `?` fallback when needed
+- `TransactionTemplate` — programmatic transactions, no AOP or proxy magic
+- `DataSourceTransactionManager` — wires `DataSource` to the transaction abstraction
+- `RowMapper<T>` — interface for result set → object mapping
+
+Add to `jgit-proxy-core/build.gradle`:
+
+```gradle
+api 'org.springframework:spring-jdbc:6.2.6'
+api 'org.springframework:spring-tx:6.2.6'
+```
+
+Version-aligned with the existing `spring-webmvc:6.2.6` used in the dashboard — no version drift.
+
+---
+
+## Recommendation 2 — Refactor `JdbcPushStore` to `NamedParameterJdbcTemplate`
+
+Replace manual `PreparedStatement` / `ResultSet` / `Connection` lifecycle with template-based calls.
+
+Named parameters (`:status`, `:pushId`) are preferable to positional `?` for column-heavy queries. The existing `find(PushQuery)` dynamic WHERE clause is a direct fit for `MapSqlParameterSource`.
+
+Key construction change:
+
+```java
+private final NamedParameterJdbcTemplate jdbc;
+private final TransactionTemplate tx;
+
+public JdbcPushStore(DataSource ds) {
+    this.jdbc = new NamedParameterJdbcTemplate(ds);
+    this.tx   = new TransactionTemplate(new DataSourceTransactionManager(ds));
+}
+```
+
+`approve()`, `reject()`, and `cancel()` are the only methods that touch multiple tables (status update + attestation insert) and need `tx.execute(...)`. All read paths (`find`, `findById`) are plain queries with no transaction wrapper needed.
+
+---
+
+## Recommendation 3 — Promote `PushRecordMapper` to `RowMapper<PushRecord>`
+
+The existing mapper class already does the right work. Implement the Spring interface so it composes cleanly with the template:
+
+```java
+public class PushRecordMapper implements RowMapper<PushRecord> {
+    @Override
+    public PushRecord mapRow(ResultSet rs, int rowNum) throws SQLException { ... }
+}
+```
+
+Create equivalents for the child entities:
+
+- `PushStepMapper implements RowMapper<PushStep>`
+- `PushCommitMapper implements RowMapper<PushCommit>`
+- `AttestationMapper implements RowMapper<Attestation>`
+
+Each mapper class is trivially unit-testable with a mocked `ResultSet`.
+
+---
+
+## Recommendation 4 — MongoDB: POJO Codec Registry (no `spring-data-mongodb`)
+
+`spring-data-mongodb` gives `MongoTemplate` but drags in `spring-data-commons` (~800KB) and its annotation-driven mapping layer. The MongoDB Java driver already ships a **POJO codec registry** that handles marshalling with zero additional dependencies.
+
+Register domain classes at startup:
+
+```java
+CodecRegistry pojoRegistry = fromRegistries(
+    MongoClientSettings.getDefaultCodecRegistry(),
+    fromProviders(PojoCodecProvider.builder()
+        .register(PushRecord.class, PushCommit.class, PushStep.class, Attestation.class)
+        .automatic(true)
+        .build())
+);
+```
+
+Then `MongoPushStore` works with typed collections instead of raw `Document`:
+
+```java
+MongoCollection<PushRecord> collection = mongoClient
+    .getDatabase("gitproxy")
+    .withCodecRegistry(pojoRegistry)
+    .getCollection("pushes", PushRecord.class);
+
+// clean reads/writes
+collection.find(eq("status", PushStatus.APPROVED)).into(new ArrayList<>());
+collection.findOneAndUpdate(eq("id", id),
+    Updates.combine(Updates.set("status", APPROVED), ...),
+    new FindOneAndUpdateOptions().returnDocument(AFTER));
+```
+
+`Filters`, `Updates`, and `Sorts` from `com.mongodb.client.model` are the Mongo-native equivalent of `MapSqlParameterSource` — composable and readable without string `Document` keys everywhere.
+
+Requires the domain model classes (`PushRecord`, `PushStep`, etc.) to have default constructors and standard getters/setters (or public fields). If they currently use builder/record patterns, a small codec customisation or `@BsonProperty` annotations bridge the gap.
+
+---
+
+## Recommendation 5 — Dashboard Wiring (no Boot, no auto-config)
+
+The dashboard already registers beans manually in `SpringWebConfig`. Expose the JDBC helpers as Spring-managed beans so controllers and any future services receive them by injection rather than constructing templates themselves:
+
+```java
+// in SpringWebConfig (or a new DataConfig @Configuration)
+@Bean
+public NamedParameterJdbcTemplate jdbcTemplate(DataSource dataSource) {
+    return new NamedParameterJdbcTemplate(dataSource);
+}
+
+@Bean
+public DataSourceTransactionManager transactionManager(DataSource dataSource) {
+    return new DataSourceTransactionManager(dataSource);
+}
+```
+
+`DataSource` is already constructed by `DataSourceFactory` and passed in externally — this just promotes it to a Spring bean so the wiring stays explicit and testable without any `@Autowired` magic on construction.
+
+---
+
+## What This Does Not Change
+
+- `PushStore` interface — unchanged, no API break
+- `DataSourceFactory` / HikariCP setup — unchanged
+- `schema.sql` — raw SQL stays as the schema of record, no JPA `@Entity` annotations, no Flyway (unless added separately)
+- `PushStoreFactory` convenience builders — unchanged
+- The MongoDB document structure — POJO codec maps to the same document shape as the current `Document`-based code
+
+---
+
+## Summary
+
+| Concern                    | Approach                                                    |
+| -------------------------- | ----------------------------------------------------------- |
+| SQL connection boilerplate | `NamedParameterJdbcTemplate`                                |
+| Transaction management     | `TransactionTemplate` + `DataSourceTransactionManager`      |
+| Row mapping                | `RowMapper<T>` per entity                                   |
+| MongoDB document mapping   | POJO codec registry (driver-native)                         |
+| Spring Boot / JPA          | Not needed — `spring-jdbc` + `spring-tx` are self-contained |
+| ORM                        | None — schema.sql is the source of truth                    |
+
+New transitive deps (dashboard): `spring-jdbc` + `spring-tx` only. Both are already version-aligned with Spring MVC 6.2.6 in use today.