Complex domain: products, cart, checkout, payments โ story splitting and security
โฑ ~90 min ยท 3 Sprints ยท Advanced
Projects 01-03 had simple domains. E-commerce has interconnected concerns: inventory, pricing, cart state, checkout validation, payment processing. You'll split complex stories multiple times using different strategies, and run a full security audit before shipping payment code.
| Role | What they do in this project | When |
|---|---|---|
๐ @po | Creates stories, splits oversized epics using multiple strategies, accepts completed work | Story creation, splitting, sprint review, acceptance |
๐๏ธ @arch | Evaluates monolith vs modular monolith vs microservices, runs architecture health check after 3 sprints | Brainstorm, architecture audit |
๐ก๏ธ @sec | STRIDE threat model on checkout flow, OWASP Top 10 audit on payment code, validates security fixes | Sprint 3 security phase |
๐๏ธ @dba | Designs products, carts, cart_items, orders, order_items schema with proper foreign keys and indexes | Setup, each sprint as schema evolves |
โจ๏ธ @dev | Implements features with TDD, refactors oversized modules using Tidy First | Implementation, refactoring |
๐จโ๐ป @lead | Reviews code quality, plans implementations, oversees refactoring | Code review, story planning, refactor review |
๐งช @qa | Verifies Definition of Done across 10+ stories and 3 sprints | DoD verification |
๐ @sm | Facilitates 3 sprints, tracks velocity trends, mid-sprint status checks, flags at-risk stories | Sprint ceremonies, status tracking |
E-commerce has more moving parts than a todo API. The architecture decision matters more here โ get it wrong and you'll pay for it across 3 sprints.
"I want to build an e-commerce cart system: product catalog, shopping cart, checkout, payment processing."
/agile-explore-brainstorm/agile-explore-brainstorm I need an e-commerce system with product catalog, shopping cart, checkout, and payment processing. Needs to handle inventory, pricing, and order management. Should be maintainable across multiple sprints.
๐๏ธ @arch evaluates 3 architectural approaches โ this time the choice has real consequences because the domain is complex:
๐๏ธ @arch responds with a scoring matrix:
## /agile-explore-brainstorm โ Results
### Problem Statement
E-commerce cart system with catalog, cart, checkout, payments.
Constraints: maintainable across 3 sprints, clear module boundaries,
testable in isolation.
### Scoring Matrix
| Approach | Feasibility | Maintainability | Performance | Risk | Total |
|----------------------|------------|-----------------|-------------|------|-------|
| Monolith (single module) | 9/10 | 5/10 | 8/10 | 7/10 | 29 |
| Modular Monolith | 8/10 | 9/10 | 8/10 | 8/10 | 33 |
| Microservices | 5/10 | 9/10 | 7/10 | 4/10 | 25 |
### Recommendation
Modular Monolith โ clear module boundaries (catalog, cart, checkout,
payment) but single deployable. Best balance of maintainability and
complexity for a solo developer.
### What Would Change This
- If team has 4+ devs โ consider microservices
- If prototype/throwaway โ plain monolith is fine
- If each module scales independently โ microservices"Let's go with the modular monolith. Clear boundaries but one deployment."
๐๏ธ @dba designs the initial schema before any code is written. E-commerce needs careful data modeling โ products, carts, and orders are interconnected:
๐๏ธ @dba designs the schema:
## Initial Schema Design
### Tables
products
id INTEGER PRIMARY KEY
name TEXT NOT NULL
description TEXT
price DECIMAL(10,2) NOT NULL
stock INTEGER NOT NULL DEFAULT 0
category TEXT
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
carts
id INTEGER PRIMARY KEY
session_id TEXT UNIQUE NOT NULL
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
cart_items
id INTEGER PRIMARY KEY
cart_id INTEGER NOT NULL โ carts(id) ON DELETE CASCADE
product_id INTEGER NOT NULL โ products(id)
quantity INTEGER NOT NULL DEFAULT 1
UNIQUE(cart_id, product_id)
orders
id INTEGER PRIMARY KEY
cart_id INTEGER NOT NULL โ carts(id)
status TEXT NOT NULL DEFAULT 'pending'
total DECIMAL(10,2) NOT NULL
shipping_address TEXT NOT NULL
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
order_items
id INTEGER PRIMARY KEY
order_id INTEGER NOT NULL โ orders(id) ON DELETE CASCADE
product_id INTEGER NOT NULL โ products(id)
quantity INTEGER NOT NULL
unit_price DECIMAL(10,2) NOT NULL
### Indexes
- idx_products_category ON products(category)
- idx_cart_items_cart ON cart_items(cart_id)
- idx_orders_status ON orders(status)/agile-setup-init โ Memory populated (project, architecture, conventions)
/agile-setup-onboard โ Coding rules generated from detected conventions
/agile-setup-health โ โ
All checks passPhase 1 complete. Modular monolith architecture chosen, schema designed, framework initialized. Now we plan 3 sprints of work.
Start with the foundation: products. No cart, no checkout โ just a solid catalog module.
/agile-story-create I need CRUD endpoints for products: create a product with name, description, price, stock quantity, and category. Update and delete products. Return proper error codes.
๐ @po responds:
## /agile-story-create โ Story Created
### Story US-001
**As a** store administrator,
**I want** to create, read, update, and delete products,
**so that** I can manage the product catalog.
### Acceptance Criteria
**AC-1: Create product with all fields**
- **Given** the API is running
- **When** I send POST /products with name, description, price,
stock, and category
- **Then** I receive 201 with the created product including an ID
**AC-2: Validation โ missing required fields**
- **Given** the API is running
- **When** I send POST /products without name or price
- **Then** I receive 400 with specific validation errors
**AC-3: Update product**
- **Given** a product exists with ID 1
- **When** I send PUT /products/1 with updated fields
- **Then** I receive 200 with the updated product
**AC-4: Delete product**
- **Given** a product exists with ID 1
- **When** I send DELETE /products/1
- **Then** I receive 204 and the product is removed
### INVEST Check: โ
All criteria pass
### Metadata: 3 points | Status: Unrefined๐ฌ /agile-story-create I need to search products by name
and filter by category. Support pagination for large catalogs.
โ ๐ @po creates US-002: "Search and filter products" โ 5 pts
๐ฌ /agile-story-create I need to organize products into
categories and list all available categories.
โ ๐ @po creates US-003: "Product categories" โ 2 pts/agile-sprint-planning/agile-sprint-planning
๐ @sm facilitates:
## Sprint Planning Output
### Sprint Goal
"Deliver a working product catalog with CRUD, search, and categories"
### Sprint Backlog
| Story | Title | Points | Priority |
|--------|-------------------------|--------|----------|
| US-001 | Product CRUD | 3 | P1 |
| US-002 | Search and filter | 5 | P1 |
| US-003 | Product categories | 2 | P2 |
### Capacity Check
- Team velocity (first sprint): 10 points (conservative)
- Committed this sprint: 10 points
- Capacity utilization: 100%/agile-code-branch feature US-001 product-crud
/agile-story-plan US-001
/agile-code-tdd US-001
๐ด Test: POST /products creates product โ โ
๐ข Implement create handler with validation โ โ
๐ด Test: POST /products without name returns 400 โ โ
๐ข Add field validation โ โ
๐ด Test: PUT /products/:id updates product โ โ
๐ข Implement update handler โ โ
๐ด Test: DELETE /products/:id removes product โ โ
๐ข Implement delete handler โ โ
/agile-code-ci โ โ
All green (8/8 tests passing)
/agile-code-commit โ feat(catalog): add product CRUD endpoints
/agile-code-pr โ PR created
/agile-code-pr-review โ โ
Approved (๐ก S2: extract validation to middleware)
/agile-code-merge โ Squash merged to develop
/agile-story-dod โ โ
DONE
/agile-story-accept โ โ
ACCEPTED (3 points)/agile-code-branch feature US-002 product-search
/agile-story-plan US-002
/agile-code-tdd US-002
๐ด Test: GET /products?q=shirt returns matching products โ โ
๐ข Implement text search with LIKE query โ โ
๐ด Test: GET /products?category=electronics filters โ โ
๐ข Add category filter to query builder โ โ
๐ด Test: GET /products?page=2&limit=10 paginates โ โ
๐ข Add pagination with offset/limit โ โ
/agile-code-ci โ โ
All green
/agile-code-commit โ feat(catalog): add product search, filter, pagination
/agile-code-pr โ PR created
/agile-code-pr-review โ โ
Approved
/agile-code-merge โ Squash merged to develop
/agile-story-dod โ โ
DONE
/agile-story-accept โ โ
ACCEPTED (5 points)/agile-code-branch feature US-003 categories
/agile-story-plan US-003
/agile-code-tdd US-003
๐ด Test: GET /categories returns distinct categories โ โ
๐ข Implement categories endpoint โ โ
๐ด Test: GET /products?category=shoes filters correctly โ โ
๐ข Verify integration with search filter โ โ
/agile-code-ci โ โ
All green
/agile-code-commit โ feat(catalog): add category listing endpoint
/agile-code-pr โ PR created
/agile-code-pr-review โ โ
Approved
/agile-code-merge โ Squash merged to develop
/agile-story-dod โ โ
DONE
/agile-story-accept โ โ
ACCEPTED (2 points)/agile-sprint-review
Sprint Goal: "Deliver a working product catalog" โ โ
Met
Velocity: 10/10 points (100%)
All 3 stories accepted.
/agile-sprint-retro
What went well: clean module boundaries from day 1
What to improve: need shared validation middleware
Action: extract common validation before Sprint 2
/agile-memory-learn
โ Sprint 1 velocity baseline: 10 pointsSprint 2 introduces the hardest skill in agile: breaking down complex features into small, independent stories. You'll see what happens when a story is too big, and learn to split it using /agile-story-split with different strategies.
/agile-story-create I need a complete checkout flow: add items to cart, update quantities, validate stock availability, calculate total with tax, collect shipping address, process payment
๐ @po creates the story โ but flags a serious problem:
๐ @po responds:
## /agile-story-create โ Story Created
### Story US-007
**As a** shopper,
**I want** to add items to my cart, manage quantities, validate
stock, calculate totals with tax, enter my shipping address,
and process payment,
**so that** I can purchase products from the store.
### Acceptance Criteria
AC-1: Add product to cart
AC-2: Update item quantity in cart
AC-3: Remove item from cart
AC-4: Validate stock availability before checkout
AC-5: Calculate total with tax
AC-6: Collect and validate shipping address
AC-7: Process payment and create order
AC-8: Reduce stock after successful payment
AC-9: Handle payment failure gracefully
### INVEST Check
| Criterion | Status |
|-------------|--------|
| Independent | โ
|
| Negotiable | โ
|
| Valuable | โ
|
| Estimable | โ ๏ธ |
| Small | โ FAIL |
| Testable | โ
|
### Metadata
- **Estimate**: 21 points
- **Status**: Unrefined
- โ ๏ธ WARNING: This story violates the "Small" criterion.
21 points is too large for a single sprint.INVEST says stories must be Small. A 21-point story can't be estimated with confidence, can't be completed in one sprint, and can't be tested in isolation. This needs /agile-story-split.
/agile-story-split with workflow-steps strategy/agile-story-split US-007 --strategy workflow-steps
๐ @po decomposes US-007 along the natural workflow: cart management โ validation โ checkout form โ payment. Each step is independently valuable:
๐ @po responds:
## /agile-story-split โ Results
### Strategy: workflow-steps
Split along the user's natural workflow through checkout.
### Original Story
US-007: Complete checkout flow โ 21 points โ Too large
### Split Into
**US-007a: Cart management (add/remove/update quantities)**
- **As a** shopper, **I want** to add products to my cart,
update quantities, and remove items,
**so that** I can build my order before checking out.
- ACs: add item, update quantity, remove item, view cart
- **Estimate**: 5 points
**US-007b: Stock validation (check availability before checkout)**
- **As a** shopper, **I want** the system to verify items are
in stock before I proceed to checkout,
**so that** I don't pay for unavailable products.
- ACs: block checkout if out of stock, show availability warning
- **Estimate**: 3 points
**US-007c: Checkout form (shipping address, total with tax)**
- **As a** shopper, **I want** to enter my shipping address
and see the order total including tax,
**so that** I know exactly what I'm paying before confirming.
- ACs: address form validation, tax calculation, order summary
- **Estimate**: 5 points
**US-007d: Payment processing (charge card, create order)**
- **As a** shopper, **I want** to submit payment and receive
an order confirmation,
**so that** my purchase is completed.
- ACs: process payment, create order record, reduce stock,
handle payment failure
- **Estimate**: 5 points
### INVEST Validation (each sub-story)
| Story | I | N | V | E | S | T |
|---------|----|----|----|----|----|----|
| US-007a | โ
| โ
| โ
| โ
| โ
| โ
|
| US-007b | โ
| โ
| โ
| โ
| โ
| โ
|
| US-007c | โ
| โ
| โ
| โ
| โ
| โ
|
| US-007d | โ
| โ
| โ
| โ
| โ ๏ธ | โ
|
### Note on US-007d
US-007d includes payment processing AND stock reduction AND
error handling โ still 5 points but at the upper boundary.
Consider splitting further if complexity grows during
implementation.The workflow-steps strategy follows the user's natural journey: first they fill a cart, then they validate, then they checkout, then they pay. Each step delivers independent value โ a cart without checkout is still useful for "save for later" functionality. Other strategies (business-rules, data-variations) split differently. The right strategy depends on the domain.
/agile-sprint-planning/agile-sprint-planning
๐ @sm facilitates:
## Sprint Planning Output
### Sprint Goal
"Deliver cart management and checkout โ from add-to-cart to payment"
### Sprint Backlog
| Story | Title | Points | Priority |
|---------|-------------------------------|--------|----------|
| US-007a | Cart management | 5 | P1 |
| US-007b | Stock validation | 3 | P1 |
| US-007c | Checkout form + tax | 5 | P1 |
| US-007d | Payment processing | 5 | P2 |
### Capacity Check
- Historical velocity: 10 points (Sprint 1)
- Committed this sprint: 18 points
- Capacity utilization: 180% โ ๏ธ OVER-COMMITTED
### Risk Mitigation
- US-007d marked P2 โ can be deferred to Sprint 3 if needed
- Core flow (US-007a โ US-007c) is 13 points โ within reach๐๏ธ @dba designs the cart_items table with proper foreign keys before implementation begins:
๐๏ธ @dba validates schema for cart module:
cart_items table:
- cart_id FK โ carts(id) ON DELETE CASCADE
- product_id FK โ products(id) โ no cascade (preserve history)
- UNIQUE(cart_id, product_id) โ prevents duplicate entries
- quantity CHECK(quantity > 0) โ no zero-quantity items
Index: idx_cart_items_cart_product ON cart_items(cart_id, product_id)
โ Covers the most common query pattern/agile-code-branch feature US-007a cart-management
/agile-story-plan US-007a
/agile-code-tdd US-007a
๐ด Test: POST /cart/items adds product to cart โ โ
๐ข Implement add-to-cart with cart creation โ โ
๐ด Test: PUT /cart/items/:id updates quantity โ โ
๐ข Implement quantity update โ โ
๐ด Test: DELETE /cart/items/:id removes item โ โ
๐ข Implement remove from cart โ โ
๐ด Test: GET /cart returns all items with subtotals โ โ
๐ข Implement cart summary with price calculation โ โ
/agile-code-ci โ โ
All green (12/12 tests)
/agile-code-commit โ feat(cart): add cart management endpoints
/agile-code-pr โ PR created
/agile-code-pr-review โ โ
Approved
/agile-code-merge โ Squash merged to develop
/agile-story-dod โ โ
DONE
/agile-story-accept โ โ
ACCEPTED (5 points)/agile-sprint-status/agile-sprint-status
๐ @sm provides a real-time dashboard of sprint progress:
๐ @sm responds:
## /agile-sprint-status โ Sprint 2 Dashboard
### Burndown
Day 1: โโโโโโโโโโโโโโโโโโ 18 pts remaining
Day 2: โโโโโโโโโโโโโ 13 pts remaining (US-007a done)
Day 3: โโโโโโโโโโ 10 pts remaining โ YOU ARE HERE
### Stories by Status
| Story | Title | Points | Status |
|---------|------------------------|--------|--------------|
| US-007a | Cart management | 5 | โ
Accepted |
| US-007b | Stock validation | 3 | ๐จ In Progress|
| US-007c | Checkout form + tax | 5 | ๐ To Do |
| US-007d | Payment processing | 5 | ๐ To Do |
### Velocity Tracking
- Completed: 5/18 points (28%)
- Sprint progress: 50% of time elapsed
- Projected: ~14 points by sprint end
### Blockers
โ ๏ธ US-007d at risk โ may not fit in this sprint.
Recommendation: focus on US-007b and US-007c first.
Defer US-007d to Sprint 3 if needed./agile-code-branch feature US-007b stock-validation
/agile-story-plan US-007b
/agile-code-tdd US-007b
๐ด Test: checkout blocked when item out of stock โ โ
๐ข Add stock check before checkout proceeds โ โ
๐ด Test: warning shown when stock is low โ โ
๐ข Add low-stock threshold check โ โ
/agile-code-ci โ โ
All green
/agile-code-commit โ feat(cart): add stock validation on checkout
/agile-code-pr โ PR created
/agile-code-pr-review โ โ
Approved
/agile-code-merge โ Squash merged to develop
/agile-story-dod โ โ
DONE
/agile-story-accept โ โ
ACCEPTED (3 points)/agile-code-branch feature US-007c checkout-form
/agile-story-plan US-007c
/agile-code-tdd US-007c
๐ด Test: POST /checkout validates shipping address โ โ
๐ข Add address validation (required fields) โ โ
๐ด Test: checkout calculates tax correctly โ โ
๐ข Implement tax calculation by region โ โ
๐ด Test: order summary shows items + tax + total โ โ
๐ข Build order summary endpoint โ โ
/agile-code-ci โ โ
All green
/agile-code-commit โ feat(checkout): add checkout form with tax calculation
/agile-code-pr โ PR created
/agile-code-pr-review โ โ
Approved
(๐ก S2: tax rates should come from config, not hardcoded)
/agile-code-merge โ Squash merged to develop
/agile-story-dod โ โ
DONE
/agile-story-accept โ โ
ACCEPTED (5 points)๐ @sm: US-007d deferred to Sprint 3.
Sprint 2 committed 18 points but velocity is 10.
Core checkout flow (US-007aโc) complete at 13 points.
Payment processing moves to Sprint 3 alongside security work./agile-sprint-review
## Sprint Review Report
### Sprint Goal: "Deliver cart management and checkout"
### Sprint Goal Met: โ ๏ธ Partial โ cart + checkout delivered,
payment deferred to Sprint 3
| Story | Title | Points | Status |
|---------|------------------------|--------|-------------|
| US-007a | Cart management | 5 | โ
Accepted |
| US-007b | Stock validation | 3 | โ
Accepted |
| US-007c | Checkout form + tax | 5 | โ
Accepted |
| US-007d | Payment processing | 5 | โณ Deferred |
### Velocity
- Committed: 18 points
- Completed: 13 points (72%)
- Running average: (10 + 13) / 2 = 11.5 points/agile-sprint-retro
What went well: story splitting prevented a 21-point disaster
What to improve: over-committed by 80% โ use velocity data
Action: Sprint 3 commit to โค12 points
/agile-memory-learn
โ Sprint 2 velocity: 13 points
โ Lesson: workflow-steps splitting worked well for checkoutSprint 3 completes the payment flow and then hardens everything. Payment code without security review is a liability.
/agile-code-branch feature US-007d payment-processing
/agile-story-plan US-007d
/agile-code-tdd US-007d
๐ด Test: POST /checkout/pay processes payment โ โ
๐ข Implement payment gateway integration โ โ
๐ด Test: successful payment creates order record โ โ
๐ข Create order + order_items on success โ โ
๐ด Test: successful payment reduces stock โ โ
๐ข Decrement product stock after payment โ โ
๐ด Test: payment failure returns error, no order created โ โ
๐ข Add transaction rollback on failure โ โ
/agile-code-ci โ โ
All green (24/24 tests)
/agile-code-commit โ feat(payment): add payment processing with order creation
/agile-code-pr โ PR created
/agile-code-pr-review โ โ
Approved
/agile-code-merge โ Squash merged to develop
/agile-story-dod โ โ
DONE
/agile-story-accept โ โ
ACCEPTED (5 points)/agile-security-threat-model (STRIDE)Before shipping payment code, ๐ก๏ธ @sec analyzes the attack surface using the STRIDE framework.
/agile-security-threat-model Analyze the checkout and payment flow for security threats
๐ก๏ธ @sec responds:
## /agile-security-threat-model โ STRIDE Analysis
### Scope: Checkout and Payment Flow
Components analyzed: cart โ stock validation โ checkout form โ
payment processing โ order creation
### STRIDE Threat Table
| Category | Threat | Risk | Mitigation |
|----------------------|-------------------------------|--------|---------------------------------|
| **S**poofing | Fake user places order | ๐ Med | Session validation, CSRF tokens |
| | with someone else's cart | | |
| **T**ampering | Price manipulated client-side | ๐ด High| Server-side price calculation |
| | before payment submission | | |
| **R**epudiation | User denies placing order | ๐ก Low | Audit log with timestamps |
| **I**nfo Disclosure | Payment data leaked in logs | ๐ด High| Never log card numbers, |
| | or error messages | | mask in responses |
| **D**enial of Service| Cart bombing โ thousands | ๐ Med | Rate limiting on cart/checkout |
| | of items added via script | | endpoints |
| **E**levation of | Regular user accesses admin | ๐ Med | Role-based access control on |
| Privilege | product management endpoints | | product CRUD |
### Priority Actions
1. ๐ด Verify price is calculated server-side (not from client)
2. ๐ด Ensure payment data is never logged
3. ๐ Add rate limiting to checkout endpoints
4. ๐ Implement CSRF protection
5. ๐ก Add audit logging for orders/agile-security-audit (OWASP Top 10)/agile-security-audit Scan the payment and checkout code
๐ก๏ธ @sec scans the codebase against the OWASP Top 10 and finds real vulnerabilities:
๐ก๏ธ @sec responds:
## /agile-security-audit โ OWASP Top 10 Scan
### Scope: src/modules/checkout/, src/modules/payment/
### Findings
๐ด S0 โ CRITICAL: Price calculated client-side
File: src/modules/checkout/checkoutHandler.js:42
Issue: Total is taken from request body (req.body.total)
instead of calculated from cart_items ร product prices.
Risk: Attacker can submit total: 0.01 for a $500 order.
Fix: Calculate total server-side from DB prices. Never trust
client-submitted totals.
OWASP: A04 โ Insecure Design
๐ S1 โ HIGH: SQL injection in product search
File: src/modules/catalog/searchHandler.js:18
Issue: Query uses string concatenation:
`WHERE name LIKE '%${req.query.q}%'`
Risk: Attacker can extract or modify database contents.
Fix: Use parameterized queries:
`WHERE name LIKE ?` with `%${q}%` as parameter.
OWASP: A03 โ Injection
๐ก S2 โ MEDIUM: No rate limiting on checkout endpoint
File: src/modules/checkout/routes.js
Issue: POST /checkout has no rate limiting.
Risk: Automated scripts can spam checkout attempts.
Fix: Add express-rate-limit middleware (e.g., 5 req/min).
OWASP: A05 โ Security Misconfiguration
### Summary
| Severity | Count | Action Required |
|----------|-------|-------------------------|
| ๐ด S0 | 1 | MUST FIX before release |
| ๐ S1 | 1 | MUST FIX before release |
| ๐ก S2 | 1 | Should fix |
| ๐ต S3 | 0 | โ |
### Verdict: โ BLOCKED โ 2 critical/high findings must be fixedSecurity fixes get the same TDD treatment as features. Write a test that exploits the vulnerability, then fix it.
๐ด RED โ Write test that exploits the vulnerability
test('POST /checkout/pay ignores client-submitted total', async () => {
// Add item worth $50.00 to cart
await addToCart(cart.id, product.id, 1);
const res = await request(app)
.post('/checkout/pay')
.send({ total: 0.01, shippingAddress: validAddress });
// Should charge $50.00 + tax, NOT $0.01
expect(res.body.total).toBeCloseTo(53.50); // $50 + 7% tax
});
// Result: โ FAIL โ currently accepts client total of $0.01
๐ข GREEN โ Calculate total server-side
// checkoutHandler.js โ FIXED
const cartItems = db.getCartItems(cartId);
const subtotal = cartItems.reduce(
(sum, item) => sum + (item.price * item.quantity), 0
);
const tax = subtotal * TAX_RATE;
const total = subtotal + tax;
// NEVER use req.body.total
// Result: โ
PASS โ attacker's $0.01 is ignored๐ด RED โ Write test that attempts SQL injection
test('GET /products?q= handles SQL injection safely', async () => {
const res = await request(app)
.get("/products?q=' OR 1=1 --");
expect(res.status).toBe(200);
expect(res.body.length).toBe(0); // No results, not all rows
});
// Result: โ FAIL โ returns ALL products (injection works!)
๐ข GREEN โ Switch to parameterized query
// searchHandler.js โ FIXED
const products = db.prepare(
'SELECT * FROM products WHERE name LIKE ?'
).all(`%${q}%`);
// Result: โ
PASS โ injection attempt returns empty results/agile-code-ci โ โ
All green (28/28 tests)
/agile-code-commit โ fix(security): server-side pricing, parameterized queries
/agile-code-pr โ PR created
/agile-code-pr-review โ โ
Approved by ๐จโ๐ป @lead and ๐ก๏ธ @sec/agile-security-audit Re-scan after security fixes
๐ก๏ธ @sec: Re-audit Results
| Finding | Previous | Current | Status |
|---------|----------|---------|------------|
| S0 | ๐ด Open | โ
Fixed | Server-side pricing verified |
| S1 | ๐ Open | โ
Fixed | Parameterized queries confirmed |
| S2 | ๐ก Open | ๐ก Open | Rate limiting โ deferred to backlog |
### Verdict: โ
PASSED โ No S0/S1 findings remaining/agile-code-refactorAfter 3 sprints, the checkout module has grown organically. Time to clean up.
/agile-code-refactor The checkout module has grown to 400 lines. Apply Tidy First to break it down.
โจ๏ธ @dev responds:
## /agile-code-refactor โ Tidy First Analysis
### Current State
src/modules/checkout/checkoutHandler.js โ 400 lines
Responsibilities: cart logic, validation, tax calculation,
payment processing, order creation, stock management
### Violations
- Single Responsibility: 6 concerns in one file
- God Object: handler knows about cart, products, orders,
payments, tax, AND stock
- Hard to test: each test needs full checkout context
### Refactoring Plan (Tidy First)
Step 1: Extract CartService
โ addItem(), removeItem(), getCart(), calculateSubtotal()
โ 85 lines extracted
Step 2: Extract CheckoutValidator
โ validateStock(), validateAddress(), validateCart()
โ 60 lines extracted
Step 3: Extract PaymentGateway
โ processPayment(), handleFailure(), createRefund()
โ 70 lines extracted
### Before/After Metrics
| Metric | Before | After |
|-----------------------|--------|--------|
| Largest file (lines) | 400 | 120 |
| Number of modules | 1 | 4 |
| Avg cyclomatic complexity | 12 | 4 |
| Test isolation | Poor | Strong |
All existing tests pass after refactoring โ
No behavior changes โ purely structural improvement./agile-explore-audit/agile-explore-audit scope=architecture Check overall architecture health after 3 sprints
๐๏ธ @arch responds:
## /agile-explore-audit โ Architecture Health Report
### Module Coupling Analysis
| Module | Dependencies | Coupling |
|------------|-------------------------|----------|
| catalog | (none โ independent) | โ
Low |
| cart | catalog (reads prices) | โ
Low |
| checkout | cart, catalog | ๐ก Medium|
| payment | checkout (via interface) | โ
Low |
### Dependency Graph
catalog โ cart โ checkout โ payment
โ
orders
### Patterns Detected
โ
Repository pattern for DB access
โ
Service layer separation after refactor
โ
Interface-based payment gateway (swappable)
โ ๏ธ Checkout still has direct dependency on cart internals
### Recommendations
1. Introduce cart interface to decouple checkout โ cart
2. Consider event-driven pattern for stock updates
3. Overall: healthy modular monolith โ boundaries are clear
### Health Score: 8/10/agile-sprint-review
## Sprint Review Report
### Sprint Goal: "Complete payment flow, security audit, refactoring"
### Sprint Goal Met: โ
Yes
| Story/Task | Points | Status |
|------------------|--------|-------------|
| US-007d Payment | 5 | โ
Accepted |
| Security fixes | 3 | โ
Accepted |
| Code refactoring | 2 | โ
Accepted |
### Velocity
- Sprint 1: 10 points
- Sprint 2: 13 points
- Sprint 3: 10 points
- Average velocity: 11 points/agile-sprint-retro
What went well: STRIDE caught price tampering before it shipped,
refactoring improved testability significantly
What to improve: security audit should happen earlier in the project
Action: in future projects, run threat model during Sprint 1
/agile-memory-learn
โ Sprint 3 velocity: 10 points
โ Lesson: security audit found 2 critical issues that would
have shipped without it## /agile-ship-changelog โ v1.0.0
### Added
- Product catalog with CRUD, search, filter, categories (US-001โ003)
- Shopping cart: add, remove, update quantities (US-007a)
- Stock validation before checkout (US-007b)
- Checkout with shipping address and tax calculation (US-007c)
- Payment processing with order creation (US-007d)
### Security
- Server-side price calculation (prevents price tampering)
- Parameterized queries (prevents SQL injection)
- STRIDE threat model documented
- OWASP Top 10 audit passed (0 S0/S1 findings)
### Improved
- Checkout module refactored: CartService, CheckoutValidator,
PaymentGateway extracted (400 โ 120 lines)/agile-ship-release
๐ @devops: Release v1.0.0
Branch: release/v1.0.0 from develop
CI: โ
Green (28 tests passing)
Merged to main โ
Tagged: v1.0.0 โ
Back-merged to develop โ
/agile-ship-deploy
๐ @devops: Deployed v1.0.0
Smoke tests: โ
All endpoints responding
Security scan: โ
No vulnerabilities
Health check: โ
| Metric | Value |
|---|---|
| Sprints completed | 3 |
| Stories completed | 7 (US-001โ003, US-007aโd) |
| Story points delivered | 33 |
| Average velocity | 11 points/sprint |
| Security findings fixed | 2 critical (S0 + S1) |
| Threat model | STRIDE โ 6 threats identified |
| Release version | v1.0.0 |
| Architecture health | 8/10 |
| Roles involved | @po, @arch, @sec, @dba, @dev, @lead, @qa, @sm |
This project taught the most important skill for complex domains:
| Command | What it does | When to use |
|---|---|---|
โ
/agile-story-split | Decomposes oversized stories using strategies (workflow-steps, business-rules, data-variations) | When a story estimate exceeds 8 points or fails INVEST "Small" |
โ
/agile-security-threat-model | STRIDE analysis of attack surface โ identifies spoofing, tampering, info disclosure, etc. | Before shipping code that handles sensitive data (auth, payments) |
โ
/agile-security-audit | OWASP Top 10 scan โ finds injection, broken auth, insecure design, misconfigurations | Before any release that includes security-sensitive code |
โ
/agile-code-refactor | Applies Tidy First to break down oversized modules โ extract services, reduce complexity | When a module grows beyond ~200 lines or has multiple responsibilities |
โ
/agile-explore-audit | Architecture health check โ coupling analysis, dependency graph, pattern compliance | After multiple sprints to verify architecture hasn't degraded |
Complex domains need disciplined decomposition. A 21-point story is not a failure โ it's a signal to split. The framework's splitting strategies (workflow-steps, business-rules, data-variations) turn overwhelming features into manageable increments.
Security is not optional for payment code. The STRIDE threat model identifies categories of attack; the OWASP audit finds specific vulnerabilities in your code. Together they caught price tampering and SQL injection that would have shipped without review.
A story is estimated at 21 points. What should you do?
The security audit finds that the checkout total comes from req.body.total (client-submitted). Why is this a critical (S0) finding?
What is the difference between /agile-security-threat-model and /agile-security-audit?