Phase 0 — Foundation Setup#
Status: ✅ Complete (merged on phase-0/foundation → develop on 2026-07-06).
Lay down the architecture, security, and development pipeline every future phase depends on.
Deliverables (shipped)#
Web / API#
- API-only host — MVC + Razor Pages removed.
- JWT bearer auth via
Microsoft.AspNetCore.Authentication.JwtBearer 8.0.11, HS256 signing key from config / env var. - Endpoints under
/api/v1/auth/:POST /login— username + password → JWTGET /me— current user infoGET /permissions— roles + permission claims
ApiResponse<T>envelope +ProblemDetailsglobal exception middleware.- Serilog with correlation-ID enricher, request logging, JSON output.
- Health checks:
/health(liveness),/ready(SQL Server check). - OpenAPI + Swagger UI at
/docswith Bearer security definition. - Rate limiter (fixed window, per user / IP).
- Versioned routing (
/api/v{version:apiVersion}/...). - Named-origin CORS policy (not
AllowAll). - New
Manex.Contractsproject for shared DTOs.
Data#
- Single
MnxEFContext(EF Core 8.0.11); duplicate contexts deleted. - Design-time
DataContextFactoryreads config + env vars. - No migrations shipped. Phase 0 is database-first — the legacy
BcomMX_01_04schema is treated as external. Migrations start landing in Phase 1 as forward-only deltas. - Legacy DAL folders (
Helper/,Repositories/,Procedures/, …) preserved on disk but excluded from compile — later phases re-enable file by file.
Config / secrets#
- Cleartext DB credentials removed from
appsettings.json. .env.example+appsettings.Development.json.exampledocumented.Program.csfails fast on missingJwt:SigningKey(≥ 32 chars).
Solution / build#
- Rewrote
cube2-backend.sln— only net8.0 projects. - Legacy
Manex.BLL(v4.8) +manexcloud/**on disk but excluded. - Deleted empty skeleton projects.
build/Directory.Build.propsenforcesNullable=enable,TreatWarningsAsErrors=true,LangVersion=latest.
Testing#
- xUnit + FluentAssertions +
Microsoft.AspNetCore.Mvc.Testing. - Three test projects:
Manex.Web.Tests(unit),Manex.Data.Tests(InMemory EF),Manex.IntegrationTests(WebApplicationFactory). - 9 smoke tests passing.
DevOps#
.github/workflows/ci.yml— restore, build, test, docker build (replaced the stale Antwerp-project workflow).deploy/docker/web.Dockerfile— multi-stage, non-root user,HEALTHCHECK.docker-compose.yml— web + SQL Server 2022 + Seq, with healthchecks and env-var-based secrets..dockerignoreadded.
Documentation#
- Real
README.md(replaced Bitbucket placeholder). - ADRs — see Architecture → ADRs.
- Migration roadmap — this section.
Deliberate scope limits#
Called out here because they gate later work:
Manex.Dataonly compiles the DbContext + minimal auth entity classes. The 100+ helper / repository / procedure files that landed half-migrated in the initial commit stay on disk but are excluded from build. Each is rehabilitated in the phase where it lands.- Legacy password verification is a placeholder (SHA1 base64) behind
FeatureFlags:UseLegacyPasswordHash. Real format must be confirmed against a stagingAspnetMembershiprow before Phase 1 rehash-on-login can go live. See ADR 0001. - Role / permission population is stubbed to empty arrays. Group → role/claim mapping is Phase 1.
- Refresh tokens are not in scope. Access token lifetime defaults to 60 min.
Verification#
dotnet build cube2-backend.sln -c Release→ 0 warnings, 0 errors.dotnet test→ 9/9 pass.- Local Docker Compose brings up web + db + seq with healthchecks green.
Cost#
~2 days for the foundation cleanup once the audit was scoped. Most of the cost was recovering from the initial half-migrated commit — 700+ warnings, 36 errors on first build.