cybertec-postgresql
diff --git a/‎.github/agents/copilot-instructions.md‎
Lines changed: 29 additions & 0 deletions b/‎.github/agents/copilot-instructions.md‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎.specify/memory/constitution.md‎
Lines changed: 147 additions & 35 deletions b/‎.specify/memory/constitution.md‎
Lines changed: 147 additions & 35 deletions
diff --git a/‎specs/001-grafana-explain-panel/checklists/requirements.md‎
Lines changed: 98 additions & 0 deletions b/‎specs/001-grafana-explain-panel/checklists/requirements.md‎
Lines changed: 98 additions & 0 deletions
@@ -0,0 +1,29 @@
+# cybertec-pev-panel Development Guidelines
+
+Auto-generated from all feature plans. Last updated: 2025-11-24
+
+## Active Technologies
+
+- TypeScript 5.x with strict mode enabled, targeting ES2020+ (001-grafana-explain-panel)
+
+## Project Structure
+
+```text
+src/
+tests/
+```
+
+## Commands
+
+npm test; npm run lint
+
+## Code Style
+
+TypeScript 5.x with strict mode enabled, targeting ES2020+: Follow standard conventions
+
+## Recent Changes
+
+- 001-grafana-explain-panel: Added TypeScript 5.x with strict mode enabled, targeting ES2020+
+
+<!-- MANUAL ADDITIONS START -->
+<!-- MANUAL ADDITIONS END -->
@@ -1,50 +1,162 @@
-# [PROJECT_NAME] Constitution
-<!-- Example: Spec Constitution, TaskFlow Constitution, etc. -->
+<!--
+  SYNC IMPACT REPORT
+  ==================
+  Version Change: NONE → 1.0.0
+  Constitution Type: New (Initial Ratification)
+  
+  Principles Defined:
+  1. Security First
+  2. Deterministic & Production-Grade
+  3. Bundled Dependencies
+  4. Grafana Plugin Standards
+  5. React-Based UI
+  6. Clear Architecture
+  7. Type Safety
+  8. PEV2 Integration
+  9. Error Handling
+  10. Performance
+  
+  Additional Sections:
+  - Quality Standards
+  - Development Workflow
+  - Governance
+  
+  Templates Status:
+  ✅ plan-template.md - Reviewed, no updates needed (generic template structure compatible)
+  ✅ spec-template.md - Reviewed, no updates needed (generic template structure compatible)
+  ✅ tasks-template.md - Reviewed, no updates needed (generic template structure compatible)
+  ✅ agent-file-template.md - Reviewed, no updates needed (generic template)
+  ✅ checklist-template.md - Reviewed, no updates needed (generic template)
+  
+  Follow-up TODOs: None
+  
+  Generated: 2025-11-24
+-->
+
+# Grafana Panel Plugin for PostgreSQL EXPLAIN Visualization Constitution
+
+**Project**: cybertec-pev-panel  
+**Domain**: Grafana plugin development, TypeScript, React, PostgreSQL query analysis  
+**Expert Role**: Grafana plugin engineer and TypeScript architect
 
 ## Core Principles
 
-### [PRINCIPLE_1_NAME]
-<!-- Example: I. Library-First -->
-[PRINCIPLE_1_DESCRIPTION]
-<!-- Example: Every feature starts as a standalone library; Libraries must be self-contained, independently testable, documented; Clear purpose required - no organizational-only libraries -->
+### I. Security First
+
+All code MUST prioritize security above convenience. Never use unsafe HTML rendering (dangerouslySetInnerHTML), external CDN resources, iframes, or eval-based patterns. All user-provided content and PostgreSQL EXPLAIN output MUST be sanitized and validated before display. Grafana plugin sandboxing rules MUST be respected. No bypass of Content Security Policy. External scripts or resources are strictly prohibited.
+
+**Rationale**: Grafana runs in enterprise environments with sensitive data. Security vulnerabilities in plugins can compromise entire Grafana installations and expose production databases.
+
+### II. Deterministic & Production-Grade
+
+All code MUST compile without modification and be production-ready on first delivery. TypeScript strict mode MUST be enabled with zero compilation errors. No experimental features, unstable APIs, or "it works on my machine" patterns. Code MUST be fully typed, documented, and tested before delivery. No placeholder implementations or TODOs in production code.
+
+**Rationale**: Plugin failures in production can impact monitoring and observability. Deterministic behavior ensures reliability and reduces operational risk.
+
+### III. Bundled Dependencies
+
+All dependencies MUST be bundled within the plugin distribution. Zero external CDN usage. Zero runtime fetching of libraries, fonts, or resources. Plugin MUST work in air-gapped environments, VPNs, and restricted networks. PEV2 library and all its dependencies MUST be fully bundled using webpack or the Grafana build toolchain.
+
+**Rationale**: Enterprise Grafana installations often run in isolated networks. External dependencies create failure points and security risks.
+
+### IV. Grafana Plugin Standards
+
+Strictly follow Grafana plugin guidelines, conventions, and best practices. Use official Grafana APIs, lifecycle hooks, and data models. Adhere to plugin.json schema requirements. Follow Grafana's theming system and design patterns. Use @grafana/data for data transformation, @grafana/runtime for runtime services, and @grafana/ui for all UI components.
+
+**Rationale**: Grafana provides battle-tested patterns. Deviating from standards creates maintenance burden and compatibility issues across Grafana versions.
+
+### V. React-Based UI
+
+All UI components MUST be React-based using @grafana/ui components. No vanilla JavaScript DOM manipulation, jQuery, or imperative DOM updates. Leverage Grafana's theme-aware components for consistency. Use React hooks and functional components as the primary pattern. No class components unless required by third-party integration.
+
+**Rationale**: React provides predictable UI updates and integrates seamlessly with Grafana's rendering pipeline. @grafana/ui ensures visual consistency and theme compatibility.
+
+### VI. Clear Architecture
+
+Favor explicitness over magic. Clear separation of concerns between data fetching, transformation, and presentation. Self-documenting code structure with intuitive file organization. Avoid overly clever abstractions or hidden dependencies. Each module should have a single, clear responsibility.
+
+**Rationale**: Plugins may be maintained by teams unfamiliar with the original implementation. Clear architecture reduces onboarding time and maintenance cost.
+
+### VII. Type Safety
 
-### [PRINCIPLE_2_NAME]
-<!-- Example: II. CLI Interface -->
-[PRINCIPLE_2_DESCRIPTION]
-<!-- Example: Every library exposes functionality via CLI; Text in/out protocol: stdin/args → stdout, errors → stderr; Support JSON + human-readable formats -->
+Leverage TypeScript fully. No 'any' types unless absolutely necessary (document justification). Comprehensive interfaces for all data structures. Use strict TypeScript compiler options. Type all props, state, events, and API responses. Define explicit types for PostgreSQL EXPLAIN JSON structures.
 
-### [PRINCIPLE_3_NAME]
-<!-- Example: III. Test-First (NON-NEGOTIABLE) -->
-[PRINCIPLE_3_DESCRIPTION]
-<!-- Example: TDD mandatory: Tests written → User approved → Tests fail → Then implement; Red-Green-Refactor cycle strictly enforced -->
+**Rationale**: Type safety catches bugs at compile time, provides IDE autocompletion, and serves as living documentation of data contracts.
 
-### [PRINCIPLE_4_NAME]
-<!-- Example: IV. Integration Testing -->
-[PRINCIPLE_4_DESCRIPTION]
-<!-- Example: Focus areas requiring integration tests: New library contract tests, Contract changes, Inter-service communication, Shared schemas -->
+### VIII. PEV2 Integration
 
-### [PRINCIPLE_5_NAME]
-<!-- Example: V. Observability, VI. Versioning & Breaking Changes, VII. Simplicity -->
-[PRINCIPLE_5_DESCRIPTION]
-<!-- Example: Text I/O ensures debuggability; Structured logging required; Or: MAJOR.MINOR.BUILD format; Or: Start simple, YAGNI principles -->
+Integrate the PEV2 (Postgres EXPLAIN Visualizer 2) library for EXPLAIN visualization while maintaining security and bundling requirements. PEV2 MUST be bundled, not loaded from CDN. Any required modifications to PEV2 MUST preserve its core visualization logic. Encapsulate PEV2 within a React component wrapper that handles Grafana-specific concerns (theming, data transformation, error handling).
 
-## [SECTION_2_NAME]
-<!-- Example: Additional Constraints, Security Requirements, Performance Standards, etc. -->
+**Rationale**: PEV2 is the proven standard for PostgreSQL EXPLAIN visualization. Proper integration ensures users get expert-level query analysis while maintaining plugin security and reliability standards.
 
-[SECTION_2_CONTENT]
-<!-- Example: Technology stack requirements, compliance standards, deployment policies, etc. -->
+### IX. Error Handling
 
-## [SECTION_3_NAME]
-<!-- Example: Development Workflow, Review Process, Quality Gates, etc. -->
+Robust error boundaries at component boundaries. Graceful degradation when EXPLAIN data is malformed or incomplete. User-friendly error messages that guide users to resolution (e.g., "Invalid EXPLAIN JSON format. Ensure query returns EXPLAIN (FORMAT JSON) output"). All errors logged with sufficient context for debugging. No silent failures or generic error messages.
 
-[SECTION_3_CONTENT]
-<!-- Example: Code review requirements, testing gates, deployment approval process, etc. -->
+**Rationale**: Query analysis involves parsing complex JSON from diverse PostgreSQL versions. Clear error messages reduce support burden and improve user experience.
+
+### X. Performance
+
+Efficient rendering for large EXPLAIN plans (1000+ nodes). Proper React optimization (memoization, virtualization for large trees). Minimal bundle size where possible without sacrificing functionality or bundling requirements. Lazy loading of PEV2 visualization logic if beneficial. Avoid unnecessary re-renders or computation.
+
+**Rationale**: PostgreSQL EXPLAIN plans can be very large. Poor performance degrades the user experience and can make the plugin unusable for complex queries.
+
+## Quality Standards
+
+All code MUST meet the following quality gates before delivery:
+
+- **Compilation**: Zero TypeScript errors with strict mode enabled
+- **Runtime**: No console errors or warnings in browser developer tools
+- **UI**: Responsive design supporting Grafana's responsive breakpoints
+- **Accessibility**: Keyboard navigation support, ARIA labels where appropriate
+- **Compatibility**: Works with Grafana 10.4.0+ and modern browsers (Chrome, Firefox, Safari, Edge)
+- **Documentation**: Clear README with setup instructions, usage examples, and troubleshooting guide
+
+## Development Workflow
+
+### Constitution Check Gates
+
+Before any feature implementation:
+
+1. **Security Review**: Verify no unsafe patterns (innerHTML, external resources, eval)
+2. **Dependency Audit**: Confirm all dependencies are bundled, no CDN usage
+3. **Type Safety Check**: Ensure strict TypeScript, no 'any' types without justification
+4. **Grafana Standards**: Verify use of official Grafana APIs and @grafana/ui components
+5. **Error Handling**: Confirm error boundaries and user-friendly error messages
+6. **Performance**: Validate rendering performance with sample large EXPLAIN plans
+
+Re-check after design phase before implementation begins.
+
+### Code Review Requirements
+
+- All PRs MUST pass constitution compliance checks
+- Type safety verified (no 'any' escapes without documentation)
+- Security patterns validated (no unsafe HTML, external resources)
+- Error handling coverage confirmed
+- Performance impact assessed for large EXPLAIN plans
 
 ## Governance
-<!-- Example: Constitution supersedes all other practices; Amendments require documentation, approval, migration plan -->
 
-[GOVERNANCE_RULES]
-<!-- Example: All PRs/reviews must verify compliance; Complexity must be justified; Use [GUIDANCE_FILE] for runtime development guidance -->
+This constitution supersedes all other development practices. Any deviation MUST be explicitly documented and justified with rationale.
+
+### Amendment Process
+
+- Constitution amendments require version bump and documentation update
+- Breaking changes to principles require major version increment
+- New principles or expanded guidance require minor version increment
+- Clarifications and wording improvements require patch version increment
+- All amendments MUST include Sync Impact Report at top of file
+
+### Versioning Policy
+
+Constitution follows semantic versioning (MAJOR.MINOR.PATCH):
+
+- **MAJOR**: Backward incompatible governance changes or principle removals/redefinitions
+- **MINOR**: New principles added or materially expanded guidance
+- **PATCH**: Clarifications, wording improvements, non-semantic refinements
+
+### Compliance Review
+
+All feature specifications, implementation plans, and task lists MUST reference constitution principles. Violations MUST be tracked in Complexity Tracking section with explicit justification.
 
-**Version**: [CONSTITUTION_VERSION] | **Ratified**: [RATIFICATION_DATE] | **Last Amended**: [LAST_AMENDED_DATE]
-<!-- Example: Version: 2.1.1 | Ratified: 2025-06-13 | Last Amended: 2025-07-16 -->
+**Version**: 1.0.0 | **Ratified**: 2025-11-24 | **Last Amended**: 2025-11-24
@@ -0,0 +1,98 @@
+# Specification Quality Checklist: Grafana PostgreSQL Explain Visualizer Panel Plugin
+
+**Purpose**: Validate specification completeness and quality before proceeding to planning  
+**Created**: 2025-11-24  
+**Feature**: [spec.md](../spec.md)
+
+## Content Quality
+
+- [x] No implementation details (languages, frameworks, APIs)
+- [x] Focused on user value and business needs
+- [x] Written for non-technical stakeholders
+- [x] All mandatory sections completed
+
+## Requirement Completeness
+
+- [x] No [NEEDS CLARIFICATION] markers remain
+- [x] Requirements are testable and unambiguous
+- [x] Success criteria are measurable
+- [x] Success criteria are technology-agnostic (no implementation details)
+- [x] All acceptance scenarios are defined
+- [x] Edge cases are identified
+- [x] Scope is clearly bounded
+- [x] Dependencies and assumptions identified
+
+## Feature Readiness
+
+- [x] All functional requirements have clear acceptance criteria
+- [x] User scenarios cover primary flows
+- [x] Feature meets measurable outcomes defined in Success Criteria
+- [x] No implementation details leak into specification
+
+## Validation Notes
+
+### Content Quality Review
+✅ **PASS**: Specification focuses on WHAT and WHY without prescribing HOW. Technical details (React, Vue, TypeScript) are mentioned only in Architecture section where they are requirements, not implementation choices.
+
+✅ **PASS**: All user scenarios describe value propositions and business needs clearly.
+
+✅ **PASS**: Language is accessible to database administrators, performance engineers, and product managers.
+
+✅ **PASS**: All mandatory sections (User Scenarios, Requirements, Success Criteria) are complete.
+
+### Requirement Completeness Review
+✅ **PASS**: No [NEEDS CLARIFICATION] markers present. All requirements are definitive.
+
+✅ **PASS**: All 50 functional requirements are testable with clear acceptance criteria. Examples:
+- FR-001: Can test by providing JSON EXPLAIN output and verifying acceptance
+- FR-003: Can test by providing both formats and verifying auto-detection
+- FR-025: Can test by providing invalid data and checking error message
+
+✅ **PASS**: Success criteria include specific metrics:
+- SC-001: "within 3 seconds" - measurable time
+- SC-002: "up to 1,000 nodes" - measurable capacity
+- SC-008: "under 2MB" - measurable size
+
+✅ **PASS**: Success criteria avoid implementation language:
+- Good: "Users can identify the most expensive query operation within 10 seconds"
+- Good: "Panel correctly renders execution plans"
+- Avoids: API response times, database queries, framework-specific metrics
+
+✅ **PASS**: All 5 user stories include detailed acceptance scenarios with Given-When-Then format.
+
+✅ **PASS**: Edge cases section covers 9 specific scenarios with expected behaviors.
+
+✅ **PASS**: Out of Scope section clearly defines boundaries (11 excluded items).
+
+✅ **PASS**: Dependencies and Assumptions sections identify all external factors.
+
+### Feature Readiness Review
+✅ **PASS**: Each functional requirement maps to user scenarios and success criteria.
+
+✅ **PASS**: User scenarios cover all primary flows:
+- Core visualization (P1)
+- Format conversion (P2)
+- Data source flexibility (P1)
+- Configuration (P3)
+- Responsive behavior (P3)
+
+✅ **PASS**: 10 success criteria provide comprehensive measurable outcomes covering performance, compatibility, and usability.
+
+✅ **PASS**: Architecture section describes component structure without implementation specifics - focuses on layers and responsibilities rather than code organization.
+
+## Overall Assessment
+
+**Status**: ✅ READY FOR PLANNING
+
+All quality checks pass. The specification is:
+- Complete and unambiguous
+- Focused on user value and business requirements
+- Free of implementation details in requirement sections
+- Measurable and testable
+- Properly scoped with clear boundaries
+
+**Recommendation**: Proceed to `/speckit.plan` phase.
+
+## Changelog
+
+- 2025-11-24: Initial validation - All checks passed