-
Notifications
You must be signed in to change notification settings - Fork 0
Home
John Allen edited this page Nov 19, 2025
·
9 revisions
Welcome to the Brooklyn Aquarium Society's Breeder Awards Program (BAP) management platform documentation.
🌟 New to the project? Start with Development Setup or Project Overview
👥 Platform User? Check out Member User Guide or Program Rules
⚡ Need quick help? Jump to Admin Quick Reference, Developer Cheat Sheet, or Troubleshooting
Perfect for newcomers and contributors:
| Guide | Description | Best For |
|---|---|---|
| Development Setup | Complete local environment setup with prerequisites, installation, and first steps | New developers |
| Project Overview | Architecture, tech stack, design decisions, and roadmap | Understanding the big picture |
| Contributing Guide | Code style, workflow, PR process, and code of conduct | First-time contributors |
Documentation for platform users (members and administrators):
| Guide | Description | Audience |
|---|---|---|
| Member User Guide | Complete guide: creating account, submitting breeding records, tracking progress, earning levels | Program members |
| Admin User Guide | Admin workflows: approval queues, witness confirmation, member management, specialty awards | Program administrators |
| Program Rules | Official BAP/HAP/CAP rules, point values, level requirements, verification procedures | All users and admins |
One-page cheat sheets for common tasks:
| Reference | Description | Use Case |
|---|---|---|
| Admin Quick Reference | Common admin tasks, point values, approval steps, database queries | Quick lookup while administering |
| Developer Cheat Sheet | Common commands, code snippets, patterns, and shortcuts | Development workflow reference |
In-depth technical guides for developers:
| Guide | Description | Topics Covered |
|---|---|---|
| Database Schema | Complete database documentation with ER diagrams | 13 tables, relationships, query patterns, indexes |
| Species Names System | How the species catalog and synonyms work | Canonical names, name variants, grouping, search, linking submissions |
| External Data Sources | Integration with Wikipedia, GBIF, and FishBase | 138 links, 173 images, sync scripts, coverage stats, troubleshooting |
| IUCN Red List Integration | Conservation status integration with IUCN API | Database schema, API client, sync process, deployment, troubleshooting |
| Species MCP Server Usage | Using the MCP server for species database management | Setup, Claude Desktop integration, tools, examples, troubleshooting |
| Species MCP Server Specification | Complete MCP server API reference | Resources, tools, input schemas, validations, use cases |
| Migration Guide | Database migration system workflows | Creating migrations, testing, SQLite limitations, templates |
| API Documentation | REST API endpoints reference | Search APIs, rate limiting, response formats, examples |
| Image Upload Guide | Image upload system architecture | R2 storage, Sharp processing, security, workflows |
| Testing Guide | Testing with Node.js native test runner | Unit/integration tests, patterns, mocking, assertions |
Production deployment, infrastructure, and operational procedures:
| Guide | Description | Topics Covered |
|---|---|---|
| Production Deployment | Deploy code changes to production | Docker commands, deployment procedures, SSL, rollback |
| Infrastructure Guide | AWS infrastructure and CDK | EC2, EBS volumes, CDK deployment, resource protection |
| Backup & Recovery | Data backup and disaster recovery | Backup strategies, recovery procedures, RTO/RPO |
| Troubleshooting | Common issues and solutions | Dev, test, deploy, production, images, email issues |
Security posture, audits, and best practices:
| Guide | Description | Topics Covered |
|---|---|---|
| Security Overview | Security posture and completed audits | SQL injection, file uploads, auth, infrastructure security |
| Security Best Practices | Development security guidelines | Input validation, SQL safety, password hashing, CSRF, XSS prevention |
| Authentication & Authorization | How authentication and authorization work | Password auth, OAuth, sessions, RBAC, password reset flows |
| Security Incident Response | Security incident response procedures | Incident classification, response phases, recovery, post-mortems |
| Monitoring & Logs | Production monitoring and log analysis | Container logs, nginx logs, health checks, metrics, alerting |
Security Grade: B+ (Good)
- ✅ SQL Injection: A+
- ✅ File Upload Security: A
- ✅ Infrastructure: A
- ✅ Session Management: A-
- 🔄 In Progress: Authentication hardening, secrets management
Last Security Review: October 6, 2025
See Security Overview for active security initiatives and progress.
Need help? File an issue or contact the maintainers.