Records the alignment review of all project docs and the point-by-point
decision session: drop commande_event, English naming convention, VAT
carried by product (after BOFiP fact-check), real menu customization,
full ingredient configurator, allergen modal. Lists open points D4-D8.
Baseline of the P1 conception work produced over sessions 5-7 (was
uncommitted in the working tree). 11-entity model, French naming.
Superseded next by the prod-like revision (English, ~16 entities) per
the 2026-06-04 decision session - this commit preserves the baseline
in history before that rewrite.
Switch from Mermaid to drawio for MCD diagrams to gain manual layout
control on the global view (10 entites + 10 associations, planarite
intrinseque non resolue par Mermaid auto-layout).
- mcd-global.drawio : 10 entites + 8 associations (vue compacte sans attributs)
- mcd-catalogue.drawio : Categorie / Produit / Menu / MenuProduit avec attributs
- mcd-commande.drawio : Commande / LigneCommande + polymorphisme vers Produit/Menu
- mcd-rbac.drawio : User / Role / Permission / RolePermission
Notation Merise (min,max) sur chaque cote d'association. Layout de
depart a affiner manuellement dans drawio web (Edit Diagram -> XML).
SVG a regenerer en exportant depuis drawio web.
Bottom-up derivation from school JSON sources + PROJECT_CONTEXT business rules.
Covers : Categorie, Produit, Menu, MenuProduit, Commande, LigneCommande,
User, Role, Permission, RolePermission. Decisions documented :
prices in INT cents, VAT in per-mille, polymorphic FK with snapshots
on ligne_commande, dynamic roles vs static permissions for RBAC.
Three changes bundled because the stubs surfaced two pre-existing infra bugs
that had never been hit (the smoke test only exercised PHP via 'docker exec',
not via the full Apache->PHP-FPM FastCGI path).
- src/public/borne/index.html : minimal HTML stub for the kiosk vhost
(200 OK with the imported logo)
- src/public/admin/index.php : minimal PHP stub that proves the full
FastCGI chain works end-to-end (renders PHP_VERSION + current timestamp)
- docker/apache/vhost.conf : add 'DirectoryIndex index.php index.html' on
the admin vhost. Without it, hitting / returned 403 because the default
Apache DirectoryIndex is index.html only, and the existing RewriteRule
did not apply to the directory request (\!-d cond was false).
- docker/php-fpm/www.conf : comment out 'listen.allowed_clients = any'.
PHP-FPM 8.3 rejects 'any' with 'Wrong IP address' and ends up dropping
every connection from Apache. With the directive absent, all connections
are accepted, which is acceptable in our isolated Docker network.
- docs/merise/_sources/ : raw JSON sources (categories + produits)
preserved unchanged for jury traceability, plus provenance note
documenting 7 typos in image refs and gaps to address at the MCD
phase (no FK, float prices, missing menu composition, etc.)
- docs/design/ : Figma maquette PDF (renamed without accent) plus
README pointing to the live Figma URL
- src/public/borne/assets/images/ : 71 visual assets (53 produits +
9 categories + 9 UI) normalized to kebab-case lowercase to avoid
the case-sensitive Linux pitfall in Docker production
The 'wacdo' naming from the school brief is preserved only inside
docs/merise/_sources/ for traceability. The rest of the project keeps
the canonical 'Wakdo' naming.
TODO P1: rename cheesecake-choconuts-m&m-s.png (the & breaks URLs
without percent-encoding); will be fixed during seed normalization.
Captures the full bottom-end-to-bottom-end validation of the Docker
stack on the deployment host: env file merge with the BYAN tooling,
FQDN switch from acadenice.fr to stark.a3n.fr (using the existing
wildcard DNS), and three corrective fixes that surfaced during
'make init' (explicit IPAM subnet for the saturated host, init: true
on the cron service for dcron PID 1, static healthz file outside the
src bind-mount).
Documents 4 reasoned decisions with alternatives, 5 anticipated jury
questions, 5 conscious points of improvement, and maps 6 RNCP 37805
criteria (1.e.4, 5.b, 7.a.1, 7.a.2, 7.b.3, 7.c.4).
Three issues surfaced when running 'make init' on the deployment host
and were fixed in place:
- wakdo_internal network: explicit subnet 192.168.148.0/24 (RFC 1918,
in the free 192.168.144-159 gap). The host's Docker daemon has its
default address pools saturated by other stacks, so auto-allocation
failed. An explicit subnet bypasses the allocator and isolates Wakdo
from neighbour churn.
- wakdo-cron: init: true added so Docker injects tini as PID 1. Without
it, dcron loops on 'setpgid: Operation not permitted' because PID 1
in a container without an init system cannot change process groups
for its children.
- healthz vhost: served as a static file from /usr/local/apache2/htdocs/
instead of a RewriteRule [R=200] that triggered Apache's ErrorDocument
template (and leaked 'internal error' wording into a 200 response).
The file lives outside /var/www/html/ which is bind-mounted at runtime
and would otherwise mask the COPY.
The acadenice.fr zone has no wildcard and no records pointing to this
host. The stark.a3n.fr zone has a wildcard A record on the deployment
host, so any subdomain resolves automatically without DNS provisioning.
Switching the canonical FQDNs (corentin-wakdo and corentin-wakdo-admin)
to stark.a3n.fr removes the DNS prerequisite and lets Traefik provision
Let's Encrypt certs via HTTP-01 challenge immediately.
Deliver the full Docker stack for Bloc 5 DevOps (Cr 7.c.3 and 7.c.4):
- docker/apache/ Custom httpd:2.4-alpine with hardened main config,
MPM event tuning and 3 vhosts (healthz, kiosk static,
admin reverse FCGI to wakdo-app:9000). Kiosk vhost
explicitly denies .php to enforce Bloc 1 isolation.
- docker/php-fpm/ Custom php:8.3-fpm-alpine3.20 with pdo_mysql, opcache,
intl, exif, zip and tini for signal handling.
Dynamic pool 3-10 workers listening on TCP 9000.
- docker/cron/ Custom alpine:3.20 with dcron, mariadb-client, gzip.
Nightly mysqldump at 03h00 with 14-day rotation and
512-byte sanity check. Purge and stats jobs templated.
- docker-compose.yml 4 services orchestrated on 2 networks (internal
bridge + external reverse-proxy). 2 named volumes
for DB and uploads, bind-mount for backups.
Traefik labels for 2 routers with HTTPS redirect.
Makefile adds `make backup` (manual dump) and `make backup-ls`.
.gitignore adds /var/ for backup bind-mount path.
docs/journal/2026-04-24--infra-docker.md documents 5 decisions with
alternatives, maps 16 RNCP criteria to artefacts and prepares 6 jury Q&A.
Validated: `docker compose config --quiet` passes. Smoke test deferred
to next session (requires server .env).
Add official RNCP 37805 PDF source and a searchable text index of all
92 criteres across Bloc 1, Bloc 2 and Bloc 5 (DevOps option).
Correct Cr 4.f.1 / Cr 4.f.4 mappings in the journal and PROJECT_CONTEXT
section 8: only Cr 4.f.2 covers Git as a tool-mastery artefact. The
other three Cr 4.f criteria are soft skills evaluated at the oral
(knowledge sharing, self-review, individual contribution report).
Correction applied after reading the primary source end to end.
.env.example : template neutre (kiosk.example.com / admin.example.com /
traefik_proxy, RFC 2606 pour le domaine), a editer par l'utilisateur.
Variables DB_*, SESSION_*, CORS_*, APP_URL_*, TRAEFIK_DOMAIN_*,
REVERSE_PROXY_NETWORK. Aucune information de prod (FQDN, noms de reseau)
n'est exposee dans ce template committe.
.dockerignore : exclusion du contexte de build des artefacts non
pertinents ou sensibles (git, docs, tests, .claude, _byan, secrets,
node_modules, logs, volumes locaux).
Makefile : orchestration en une seule commande conforme Cr RNCP 7.c.4.
- Charge .env automatiquement avec export vers l'environnement shell
- Cible check-env valide la presence des 8 variables critiques Wakdo
et guide l'utilisateur vers un merge plutot qu'un ecrasement si un
.env pre-existant (tooling externe) est detecte incomplet
- Cible init enchaine .env check -> check-env -> reseau proxy ->
build -> up -> wait-db -> migrate -> status final
- Verification du reseau REVERSE_PROXY_NETWORK avec message d'aide
precis si absent (sans auto-creation silencieuse : l'utilisateur
decide soit d'adapter la variable soit de creer le reseau)
- Cibles secondaires : up / down / stop / restart / build / rebuild,
logs(-app|-web|-db), shell-(app|db|cron), wait-db, migrate, seed,
backup, test(-unit|-integration), lint, clean (interactif),
clean-force (CI), install-hooks. Aide auto-generee via make help.
Les cibles marquees [a venir] seront completees lors des phases
correspondantes (P2 back squelette, P6 tests, P7 DevOps finalisation).
Premier README du projet, oriente jury et contributeur :
- Apercu metier (borne Wakdo, 3 canaux, statuts commande)
- Section methodologie declarant l'usage de BYAN (Builder of YAN) et
la politique no Co-Authored-By (renvoi section 17 PROJECT_CONTEXT)
- Stack technique recapitulee en tableau
- Schema ASCII de l'architecture runtime (Traefik + 4 services)
- Quickstart oriente deploiement serveur derriere Traefik :
- Pas de localhost ni de port bind local
- Nom du reseau configurable via REVERSE_PROXY_NETWORK (valeurs
neutres type traefik_proxy dans .env.example, adaptable selon
l'infrastructure cible)
- Procedure d'installation Docker Engine + Compose v2 pour un hote
neuf (distribution Debian stable en exemple)
- Avertissement explicite sur le .env pre-existant : merge manuel au
lieu de cp .env.example .env (protection contre l'ecrasement d'un
tooling externe type BYAN API token sur la meme racine)
- Conventions Git et liens vers docs/PROJECT_CONTEXT, docs/journal,
.claude/CLAUDE.md et rules/
Ajout de la section 17 "Transparence methodologie et usage d'assistants IA"
avec scope precis (ce que l'IA fait, ce qu'elle ne fait pas), dispositifs de
tracabilite, politique de commit et declaration d'honnetete intellectuelle.
- Declaration d'ouverture : projet developpe avec l'appui de BYAN (Builder of
YAN) appliquant la methodologie Merise Agile enrichie de 64 Mantras
- Scope IA precise par categorie d'action : redaction, co-programmation,
relecture critique, tests, debug
- Modelisation Merise : formalisation par l'IA, arbitrage et validation par
l'auteur
- Politique no Co-Authored-By explicitee et justifiee
- Renumerotation : "Regles invariantes" passe en section 18
- Bump version document : 1.0 -> 1.1
Ajout de la structure docs/journal/ pour les retrospectives par feature,
destinees a la preparation de l'oral RNCP et a la tracabilite de la demarche
pour le jury.
Contenu :
- docs/journal/README.md : index + template d'entree (what/why/how/criteres
RNCP/Q&A jury/ameliorations conscientes)
- docs/journal/2026-04-23--cadrage-projet.md : retrospective complete de la
session de cadrage (brief RNCP, PROJECT_CONTEXT, bootstrap Git, decisions
d'architecture, transparence methodologie IA)
- .gitignore : ajout de /docs/notes/ pour la couche de notes techniques
personnelles (revisions oral, non versionnees)
