verint.com/gds-mock-mcp
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixing jsonSchema validation by using zod

Browse Source
This commit is contained in:
Peter Morton
2026-04-11 22:23:25 -05:00
parent 0bae26ae0b
commit eb0a4e8308
56 changed files with 12275 additions and 287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

549
specs/001-mock-gds-server/tasks.md.bak Normal file
View File

@@ -0,0 +1,549 @@
# Tasks: Mock GDS MCP Server
**Input**: Design documents from `/specs/001-mock-gds-server/`
**Prerequisites**: plan.md ✅, spec.md ✅, research.md ✅, data-model.md ✅, contracts/ ✅
**Tests**: Tests are NOT explicitly requested in the specification, so test tasks are OMITTED per template guidelines.
**Organization**: Tasks are grouped by user story to enable independent implementation and testing of each story.
## Format: `[ID] [P?] [Story] Description`
- **[P]**: Can run in parallel (different files, no dependencies)
- **[Story]**: Which user story this task belongs to (e.g., US1, US2, US3, US4, US5)
- All tasks include exact file paths
---
## Phase 1: Setup (Shared Infrastructure)
**Purpose**: Project initialization and basic structure from plan.md
- [X] T001 Initialize Node.js 20 project with package.json including @modelcontextprotocol/sdk, ioredis, pino dependencies
- [X] T002 Create project directory structure: src/{tools,data,session,validation,utils}/, tests/{integration,unit,fixtures}/, docker/
- [X] T003 [P] Configure ESLint and Prettier for code quality in .eslintrc.json and .prettierrc
- [X] T004 [P] Create .dockerignore and .gitignore files for build optimization
- [X] T005 [P] Create docker-compose.yaml with Valkey service configuration (port 6379, persistence enabled)
---
## Phase 2: Foundational (Blocking Prerequisites)
**Purpose**: Core infrastructure that MUST be complete before ANY user story can be implemented
**⚠️ CRITICAL**: No user story work can begin until this phase is complete
- [X] T006 Implement Pino structured logger setup in src/utils/logger.js with configurable log levels
- [X] T007 [P] Implement error handling utilities in src/utils/errors.js with MCP error codes
- [X] T008 [P] Create Valkey client wrapper in src/session/storage.js with connection pooling and error handling
- [X] T009 [P] Implement JSON schema validators in src/validation/validators.js using native validation
- [X] T010 [P] Create MCP tool schemas in src/validation/schemas.js based on contracts/mcp-tools.md
- [X] T011 Create session lifecycle manager in src/session/manager.js with TTL management (1 hour default)
- [X] T012 [P] Implement PNR generation utilities in src/data/pnr.js with TEST- prefix and base32 encoding
- [X] T013 Initialize MCP server in src/server.js with @modelcontextprotocol/sdk Server class
- [X] T014 Create MCP server entry point in src/index.js with stdio transport and error handling
**Checkpoint**: Foundation ready - user story implementation can now begin in parallel
---
## Phase 3: User Story 1 - Flight Search and Booking (Priority: P1) 🎯 MVP
**Goal**: Enable developers to test flight search and booking functionality with realistic mock data. Search flights, create bookings, retrieve bookings, and cancel bookings.
**Independent Test**: Execute searchFlights MCP tool for JFK→LAX route, receive 3-5 mock flight results with valid IATA codes and realistic prices, create booking with passenger details, receive TEST- prefixed PNR, retrieve booking by PNR, and cancel booking. All operations complete successfully without requiring any other service types.
### Core Data for User Story 1
- [X] T015 [P] [US1] Create airports mock data in src/data/airports.js with 100+ major airports (IATA codes, names, cities, timezones, coordinates)
- [X] T016 [P] [US1] Create airlines mock data in src/data/airlines.js with 30+ carriers (IATA codes, names, countries)
- [X] T017 [US1] Implement flight data generator in src/data/flights.js with deterministic pricing, duration calculation, and availability logic
### Flight Search Tool
- [X] T018 [US1] Implement searchFlights tool handler in src/tools/flights.js with input validation (origin, destination, departureDate, passengers, cabin)
- [X] T019 [US1] Add flight search result generation with 3-5 mock flights per search, realistic schedules (6am-10pm departures), and price ranges ($200-$800 economy, $800-$2000 business, $2500+ first)
- [X] T020 [US1] Implement seat availability simulation (90% available, 10% sold out) and booking class assignment. **Note**: Implements infinite inventory model where concurrent bookings on same flight both succeed. This aligns with spec.md edge case discussion and is appropriate for mock server testing scope.
### Flight Booking Tool
- [X] T021 [US1] Implement bookFlight tool handler in src/tools/flights.js with passenger validation (firstName, lastName, email, phone)
- [X] T022 [US1] Add flight booking creation logic: validate flight selection, generate PNR via src/data/pnr.js, persist to Valkey with key gds:session:{sessionId}:booking:{pnr}
- [X] T023 [US1] Implement PNR storage structure in Valkey with FlightSegment, Passenger, pricing, status fields per data-model.md
- [X] T024 [US1] Add session booking tracking: update gds:session:{sessionId}:bookings set and increment bookingCount
### Booking Management Tools
- [X] T025 [US1] Implement retrieveBooking tool handler in src/tools/bookings.js with PNR validation and Valkey lookup
- [X] T026 [US1] Add booking retrieval logic: fetch from gds:session:{sessionId}:booking:{pnr}, return complete booking details with all segments
- [X] T027 [US1] Implement cancelBooking tool handler in src/tools/bookings.js with status transition validation (confirmed→cancelled only)
- [X] T028 [US1] Add cancellation logic: update booking status to 'cancelled', persist timestamp, return confirmation
### MCP Server Integration
- [X] T029 [US1] Register searchFlights, bookFlight, retrieveBooking, cancelBooking tools in src/server.js with tool handlers
- [X] T030 [US1] Add request/response logging for all flight operations with session ID, operation type, parameters, and response times
- [X] T031 [US1] Implement error handling for invalid airport codes, invalid dates, validation failures with specific error messages per FR-014
**FR-015 Coverage Note**: Multi-step booking workflows (search → price verification → select → confirm) are implemented through the task sequence T018-T028. The searchFlights tool (T018-T020) enables price verification, bookFlight (T021-T024) handles selection and confirmation, and retrieveBooking (T025-T026) supports workflow verification.
**Checkpoint**: At this point, User Story 1 should be fully functional - developers can search flights, create bookings, retrieve bookings, and cancel bookings independently.
---
## Phase 4: User Story 4 - Session Management for Concurrent Testing (Priority: P2)
**Goal**: Enable concurrent MCP sessions with isolated booking state for parallel test execution and multi-developer environments.
**Independent Test**: Start 5-10 concurrent MCP sessions, perform different flight bookings in each (different routes, passenger names), verify PNR retrieval in each session returns only that session's bookings with zero cross-session data leakage. Success means automated tests can run in parallel without interference.
### Session Infrastructure
- [X] T032 [US4] Implement session creation logic in src/session/manager.js: generate UUID v4 session ID on MCP connection initialization
- [X] T033 [US4] Add session metadata storage in Valkey at gds:session:{sessionId} with createdAt, expiresAt, lastActivity, bookingCount, searchCount fields
- [X] T034 [US4] Implement session TTL management: set EXPIRE on session keys (default 3600 seconds), refresh on activity
- [X] T035 [US4] Add session validation middleware in src/session/manager.js: verify session exists and not expired before tool execution
### Session Isolation
- [X] T036 [US4] Implement session-scoped key prefixing in src/session/storage.js: all Valkey keys include session ID for isolation
- [X] T037 [US4] Update booking storage to enforce session scope: gds:session:{sessionId}:booking:{pnr} pattern in all tools
- [X] T038 [US4] Add session cleanup on expiry: implement background job or TTL-based cleanup for expired session data
- [X] T039 [US4] Implement session statistics tracking: maintain gds:stats:sessions:active set, update gds:stats:bookings:total counter
### Session Validation
- [X] T040 [US4] Add cross-session isolation validation in retrieveBooking tool: verify PNR belongs to current session before returning
- [X] T041 [US4] Implement session activity tracking in src/session/manager.js: update lastActivity timestamp on every tool call
- [X] T042 [US4] Add session error responses for expired/invalid sessions with clear messages "Session expired" or "Session not found"
**Checkpoint**: Multiple MCP sessions can now run concurrently with complete isolation - bookings in one session never appear in another session.
---
## Phase 5: User Story 6 - Remote Access for Distributed Teams (Priority: P2)
**Goal**: Enable remote MCP access over Streamable HTTP (HTTP/1.1 + SSE per MCP 2025-11-25 specification) with rate limiting, CORS, health checks, and comprehensive security.
**Independent Test**: Start server with remote transport enabled, connect from remote MCP client over HTTP/1.1 using SSE for server-to-client messages and POST for client-to-server requests, execute flight search tool with MCP-Protocol-Version header, verify SSE polling pattern with connection closure and retry field, test Last-Event-ID resumption, verify rate limiting enforces 100 req/min default, test CORS preflight with wildcard origin, verify health endpoint returns service status, confirm MCP-Session-Id header management, confirm graceful shutdown preserves active sessions. All operations work independently of other user stories.
### Streamable HTTP Server Setup (MCP 2025-11-25 Compliant)
- [ ] T043 [P] [US6] Update package.json with dependencies: @modelcontextprotocol/sdk for StreamableHTTPServerTransport, express for middleware
- [ ] T044 [US6] Create Streamable HTTP server in src/transports/http-server.js using MCP SDK's StreamableHTTPServerTransport (HTTP/1.1 + SSE)
- [ ] T045 [US6] Implement single /mcp endpoint supporting POST (client messages), GET (server message stream), DELETE (session termination) per MCP spec
- [ ] T046 [US6] Add HTTP server lifecycle management: startup on configurable port, graceful shutdown (drain connections, 30s timeout), error handling
### SSE Polling Pattern Implementation (MCP 2025-11-25 Spec)
- [ ] T047 [US6] Implement SSE event stream with unique event IDs for resumability in src/transports/sse-handler.js
- [ ] T048 [US6] Add initial SSE event with ID and empty data field to prime client reconnection per MCP polling pattern
- [ ] T049 [US6] Implement connection closure after response with `retry` field (default: 5000ms) to guide client reconnection timing
- [ ] T050 [US6] Add Last-Event-ID header support for stream resumption when clients reconnect after disconnection
### MCP Protocol Version Validation
- [ ] T051 [US6] Create protocol version middleware in src/middleware/protocol-version.js
- [ ] T052 [US6] Implement MCP-Protocol-Version header validation: require header on all requests, reject missing/invalid versions with 400 Bad Request
- [ ] T053 [US6] Add supported version check: accept 2025-11-25, reject unsupported versions with clear error message
### Session Management (MCP-Session-Id Header)
- [ ] T054 [US6] Implement MCP-Session-Id header handling in src/session/session-manager.js
- [ ] T055 [US6] Add session ID generation on InitializeResult response (cryptographically secure UUID)
- [ ] T056 [US6] Validate MCP-Session-Id on subsequent requests: respond with 404 if session expired/not found
- [ ] T057 [US6] Implement DELETE /mcp handler for explicit session termination
### Rate Limiting
- [ ] T058 [P] [US6] Install express-rate-limit package in package.json for IP-based rate limiting
- [ ] T059 [US6] Create rate limiter middleware in src/middleware/rate-limit.js with configurable limits (default: 100 req/min per IP)
- [ ] T060 [US6] Implement rate limit enforcement: return 429 Too Many Requests with Retry-After header when limit exceeded
- [ ] T061 [US6] Add rate limit headers to all responses: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
- [ ] T062 [US6] Implement rate limit storage in Valkey: use sliding window counter with key expiration (60s TTL)
### CORS Configuration (Wildcard Policy)
- [ ] T063 [P] [US6] Install cors package in package.json for CORS middleware
- [ ] T064 [US6] Create CORS handler in src/middleware/cors.js with permissive wildcard policy (Access-Control-Allow-Origin: *)
- [ ] T065 [US6] Implement CORS preflight handling for OPTIONS requests: return allowed methods (GET, POST, DELETE, OPTIONS), headers (Content-Type, MCP-Session-Id, MCP-Protocol-Version)
- [ ] T066 [US6] Add Origin header validation per MCP security requirement: respond with 403 Forbidden if Origin present and validation fails
### Health Checks
- [ ] T067 [US6] Implement health check endpoint in src/remote/health.js returning GET /health with JSON status response
- [ ] T068 [US6] Add service health indicators: Valkey connection status, active session count, uptime, memory usage
- [ ] T069 [US6] Implement readiness check: return 503 Service Unavailable if Valkey is disconnected or critical services unavailable
- [ ] T070 [US6] Add health check logging: log every 10th health check to avoid log spam, log all failed health checks immediately
### Security & Transport Selection
- [ ] T071 [US6] Create transport factory in src/transports/factory.js to select stdio or Streamable HTTP based on TRANSPORT environment variable
- [ ] T072 [US6] Implement environment-based configuration in src/config/remote.js: PORT (default: 3000), HOST (default: 127.0.0.1 per MCP security), RATE_LIMIT_MAX, CORS_ORIGINS
- [ ] T073 [US6] Add request logging middleware in src/middleware/logger.js: log method, path, IP, User-Agent, MCP-Protocol-Version, duration, status code
- [ ] T074 [US6] Implement localhost binding (127.0.0.1) by default per MCP security recommendation, document production deployment with reverse proxy
### Integration & Testing Infrastructure
- [ ] T075 [US6] Update src/index.js to support dual transport modes: stdio (default) or Streamable HTTP (when TRANSPORT=http or --remote flag)
- [ ] T076 [US6] Add CLI argument parsing in src/index.js: --remote (enable HTTP), --port <number>, --host <address>, --verbose, --log-level <level>
- [ ] T077 [US6] Create remote access example client in tests/fixtures/remote-client.js demonstrating SSE connection, Last-Event-ID resumption, and tool invocation
- [ ] T078 [US6] Add nginx.conf.example in docker/ for optional HTTP/2 upgrade reverse proxy (client-facing HTTP/2, backend HTTP/1.1)
**Checkpoint**: Remote access complete - developers can connect to MCP server over Streamable HTTP (HTTP/1.1 + SSE per MCP 2025-11-25 spec), enforced rate limits, wildcard CORS, MCP-Protocol-Version validation, SSE polling pattern with connection closure, Last-Event-ID resumption, and health monitoring. Transport selection via TRANSPORT env var or --remote flag.
---
## Phase 6: User Story 2 - Hotel Search and Multi-Service Bundling (Priority: P2)
**Goal**: Enable developers to test hotel search and multi-service booking workflows. Search hotels, create hotel bookings, and bundle hotels with flights under single PNR.
**Independent Test**: Perform hotel search for destination city (LAX) with check-in/check-out dates, receive 5-10 hotel options with star ratings and amenities. Create hotel-only booking with PNR. Then create flight booking, add hotel to existing flight PNR, retrieve combined itinerary showing both services under one PNR. Success means multi-service bundling works without breaking flight-only functionality.
### Hotel Data
- [ ] T079 [P] [US2] Create hotels mock data in src/data/hotels.js with 50+ properties across major cities (names, chains, star ratings, addresses, amenities)
- [ ] T080 [US2] Implement hotel data generator with realistic pricing tiers: budget $80-$150, midrange $150-$300, luxury $300-$800 per night
### Hotel Search Tool
- [ ] T081 [US2] Implement searchHotels tool handler in src/tools/hotels.js with input validation (cityCode, checkInDate, checkOutDate, guests)
- [ ] T082 [US2] Add hotel search result generation: 5-10 properties per search, calculate nights and total prices, include amenities (WiFi, parking, breakfast, gym, pool)
- [ ] T083 [US2] Implement date validation: checkInDate < checkOutDate, minimum 1 night stay, no past dates
### Hotel Booking Tool
- [ ] T084 [US2] Implement bookHotel tool handler in src/tools/hotels.js with guest validation and room selection
- [ ] T085 [US2] Add hotel booking creation: generate or use existing PNR, persist HotelReservation to Valkey with check-in/check-out dates, room type, pricing
- [ ] T086 [US2] Implement multi-service bundling logic in src/tools/hotels.js: add hotel to existing PNR if provided, create new PNR if not
### Multi-Service Integration
- [ ] T087 [US2] Update PNR structure in src/data/pnr.js to support multiple service segments: flights[], hotels[], cars[] arrays
- [ ] T088 [US2] Implement total price calculation across all segments: sum flight prices + hotel prices, update PNR totalPrice field
- [ ] T089 [US2] Add date consistency validation: hotel dates should overlap with flight dates, warn if hotel is outside travel period
- [ ] T090 [US2] Update retrieveBooking tool in src/tools/bookings.js to return complete multi-service itineraries with all segment types
- [ ] T091 [US2] Register searchHotels and bookHotel tools in src/server.js with tool handlers
**Checkpoint**: Developers can now search hotels, create hotel bookings, and bundle hotels with flights. Both flight-only and flight+hotel bookings work independently.
---
## Phase 7: User Story 3 - Car Rental and Complete Travel Package (Priority: P3)
**Goal**: Complete the full travel package capability by adding car rentals. Search cars, create car bookings, and bundle with flights+hotels for complete end-to-end travel itineraries.
**Independent Test**: Search for rental cars at destination airport (LAX) with pickup/dropoff dates, receive 4-6 vehicle classes (economy, SUV, luxury) with daily rates. Create car-only booking. Then add car to existing flight+hotel PNR, retrieve complete package showing all three services in chronological trip order. Success means full GDS capability coverage with all service types working together.
### Car Rental Data
- [ ] T092 [P] [US3] Create car rental mock data in src/data/cars.js with 6+ rental companies (Hertz, Avis, Enterprise codes and names)
- [ ] T093 [US3] Implement car rental data generator with vehicle classes: economy $35-$50, midsize $50-$80, SUV/luxury $100-$150 per day
### Car Rental Search Tool
- [ ] T094 [US3] Implement searchCars tool handler in src/tools/cars.js with input validation (pickupLocation, pickupDate, dropoffLocation, dropoffDate)
- [ ] T095 [US3] Add car search result generation: 4-6 vehicle classes per search, calculate rental days and total prices, include vehicle specs and mileage policies
- [ ] T096 [US3] Implement date validation: pickupDate < dropoffDate, minimum 1 day rental, location validation (airport/city codes)
### Car Rental Booking Tool
- [ ] T097 [US3] Implement bookCar tool handler in src/tools/cars.js with driver validation and vehicle selection
- [ ] T098 [US3] Add car rental booking creation: generate or use existing PNR, persist CarRental to Valkey with pickup/dropoff details, vehicle class, pricing
- [ ] T099 [US3] Implement car bundling logic in src/tools/cars.js: add car to existing PNR, validate dates align with flight arrival/departure
### Complete Package Integration
- [ ] T100 [US3] Update total price calculation in src/data/pnr.js to include car rental prices: sum flights + hotels + cars
- [ ] T101 [US3] Add chronological itinerary ordering in retrieveBooking: sort segments by date/time (flight arrival → car pickup → hotel check-in → hotel check-out → car dropoff → return flight)
- [ ] T102 [US3] Implement date consistency validation for cars: pickup should align with flight arrival, dropoff should align with departure
- [ ] T103 [US3] Register searchCars and bookCar tools in src/server.js with tool handlers
**Checkpoint**: Full GDS capability is now complete - developers can create comprehensive travel packages with flights, hotels, and cars all bundled under one PNR.
---
## Phase 8: User Story 5 - Realistic Test Data for Demonstrations (Priority: P3)
**Goal**: Polish mock data quality to enable professional sales demonstrations and training scenarios with recognizable brands, realistic pricing, and diverse route coverage.
**Independent Test**: Execute searches for major demo routes (JFK→LAX domestic, JFK→LHR international, LAX→TYO Asia-Pacific), verify results include recognizable brands (United, Marriott, Hertz), prices in expected market ranges, realistic travel times, and professional presentation suitable for live demos without disclaimers. Success means sales team can confidently present the mock server as representative of production GDS quality.
### Enhanced Mock Data Quality
- [ ] T104 [P] [US5] Expand airports mock data in src/data/airports.js to include 50+ international hubs (London LHR, Paris CDG, Tokyo NRT, Dubai DXB, etc.)
- [ ] T105 [P] [US5] Add major hotel chains to src/data/hotels.js: Marriott, Hilton, Hyatt, IHG properties in 20+ major cities worldwide
- [ ] T106 [P] [US5] Enhance airline data in src/data/airlines.js with international carriers: British Airways, Virgin Atlantic, Lufthansa, Emirates, ANA, JAL
### Route-Specific Pricing
- [ ] T107 [US5] Implement distance-based pricing in src/data/flights.js: calculate flight distance from coordinates, apply pricing tiers (short-haul $200-$400, medium-haul $400-$800, long-haul $800-$2000)
- [ ] T108 [US5] Add realistic flight durations per route in src/data/flights.js: JFK-LAX ~6 hours, JFK-LHR ~7 hours, LAX-TYO ~12 hours
- [ ] T109 [US5] Implement time-of-day departure variety: morning (6-9am), midday (9am-2pm), afternoon (2-5pm), evening (5-10pm) for realistic schedule diversity
### Premium Cabin Classes
- [ ] T110 [US5] Add premium cabin pricing in src/data/flights.js: economy baseline, premium economy +40%, business +200%, first class +400%
- [ ] T111 [US5] Implement cabin-specific availability and booking classes: Y/B/M for economy, W for premium economy, J/C for business, F/A for first
- [ ] T112 [US5] Add cabin-specific amenities in flight results: economy (standard seat), business (lie-flat, lounge access), first (suites, premium dining)
### Demo Scenarios Configuration
- [ ] T113 [US5] Create demo seed data option in src/data/flights.js: when MOCK_DATA_SEED=demo, return curated high-quality results for common demo routes
- [ ] T114 [US5] Add configurable response delay in src/utils/logger.js via MOCK_RESPONSE_DELAY env var to simulate realistic search response times during demos
- [ ] T115 [US5] Implement metadata tagging in all responses: add "data_source": "mock" field to all search results and bookings per FR-012
**Checkpoint**: Mock data is now demo-quality - professional appearance, recognizable brands, realistic pricing suitable for sales presentations and training without requiring explanations.
---
## Phase 9: Additional Booking Management (Supporting Tools)
**Goal**: Add convenience tool for listing all bookings in a session (supports User Stories 1-4).
**Independent Test**: Create multiple bookings (flights, hotels, cars) in a session, call listBookings tool, verify it returns all PNRs created in the session with summary information. Provides developers quick overview of session state.
- [ ] T116 [US1] Implement listBookings tool handler in src/tools/bookings.js to retrieve all PNRs in current session
- [ ] T117 [US1] Add booking list query: read gds:session:{sessionId}:bookings set, fetch summary for each PNR (pnr, status, createdAt, totalPrice, segment counts)
- [ ] T118 [US1] Register listBookings tool in src/server.js with tool handler
- [ ] T119 [US1] Add pagination support for listBookings if session has 10+ bookings: limit and offset parameters
---
## Phase 10: Docker Packaging
**Purpose**: Container packaging for deployment and distribution
- [ ] T120 Create multi-stage Dockerfile in docker/Dockerfile: builder stage (install deps, copy source) and production stage (Node.js 20 Alpine, non-root user)
- [ ] T121 Create docker-bake.hcl in docker/ for multi-platform builds: linux/amd64 and linux/arm64 targets
- [ ] T122 [P] Add health check to Dockerfile: verify Valkey connection and MCP server readiness
- [ ] T123 [P] Create .env.example file with all configuration variables documented (MCP, Valkey, logging, mock data settings)
- [ ] T124 Update docker-compose.yaml to include gds-mock-mcp service with Valkey dependency and environment variable mapping
- [ ] T125 Add build and run scripts in package.json: npm run docker:build, npm run docker:run, npm run docker:down
---
## Phase 11: Documentation & Polish
**Purpose**: User-facing documentation, validation, and final polish
- [ ] T126 [P] Create comprehensive README.md: installation instructions, configuration reference, Docker usage, MCP tool documentation, troubleshooting guide
- [ ] T127 [P] Add SAFETY_DISCLAIMER.md: prominent "FOR TESTING AND DEMO PURPOSES ONLY" notice, explanation of TEST- prefix, no real transactions guarantee
**Success Criteria Alignment**: The README (T090) and quickstart guide (T091) should emphasize:
- **SC-006**: Professional, demo-quality data requiring zero disclaimers or explanations during sales demonstrations
- **SC-007**: Clear documentation enabling new developers to understand GDS workflows within 15 minutes using realistic examples as learning material
These documentation objectives ensure the mock server serves both testing and training purposes effectively.
- [ ] T128 [P] Create CHANGELOG.md documenting feature implementation and version history
- [ ] T129 [P] Add inline code documentation: JSDoc comments for all public functions, tool handlers, data generators
- [ ] T130 Validate quickstart.md examples: test all example commands in quickstart.md work correctly with current implementation
- [ ] T131 Add logging coverage review: ensure all operations log appropriately (search, book, retrieve, cancel, errors) with sufficient detail per FR-013
- [ ] T132 Perform security review: verify no production credentials, no external API calls, TEST- prefix enforcement, non-root Docker user per Constitution Principle III
- [ ] T133 Run constitution compliance check: verify all 6 principles (MCP protocol, mock data realism, no real transactions, tool architecture, session management, observability)
---
## Dependencies & Execution Order
### Phase Dependencies
- **Setup (Phase 1)**: No dependencies - can start immediately
- **Foundational (Phase 2)**: Depends on Setup completion - BLOCKS all user stories
- **User Stories (Phases 3-7)**: All depend on Foundational phase completion
- **Phase 3 (US1 - P1)**: Can start after Foundational - No dependencies on other stories ✅ MVP
- **Phase 4 (US4 - P2)**: Can start after Foundational - Independent, but beneficial before scale testing
- **Phase 5 (US2 - P2)**: Can start after Foundational - Extends US1, but independently testable
- **Phase 6 (US3 - P3)**: Can start after Foundational - Extends US1+US2, but independently testable
- **Phase 7 (US5 - P3)**: Can start after Foundational - Enhances data quality across all stories
- **Phase 8**: Extends US1 - can start after US1 complete
- **Docker Packaging (Phase 9)**: Can start after US1 complete (minimal MVP) or after all user stories
- **Documentation (Phase 10)**: Can start in parallel with user story work, finalize after all stories complete
### User Story Dependencies (Independence Analysis)
- **US1 (Flight Booking)**: Fully independent - no dependencies
- **US4 (Session Management)**: Fully independent - enhances US1 but not required for basic functionality
- **US2 (Hotel Bundling)**: Extends US1 but independently testable (can create hotel-only bookings)
- **US3 (Car Rentals)**: Extends US1+US2 but independently testable (can create car-only bookings)
- **US5 (Demo Data)**: Enhances all stories but doesn't block functionality
### Within Each User Story
- Data files before generators
- Generators before tool handlers
- Tool handlers before MCP server registration
- Core operations before advanced features
- Validation before error handling
### Parallel Opportunities
**Setup Phase**: T003 [P], T004 [P], T005 [P] can run in parallel
**Foundational Phase**: T007 [P], T008 [P], T009 [P], T010 [P], T012 [P] can run in parallel after T006
**User Story 1**: T015 [P] + T016 [P] (data files), then T018-T031 sequentially
**User Story 6**: T043 [P] + T058 [P] + T063 [P] can run in parallel with US1 tasks
**User Story 2**: T079 [P] can run in parallel with US1/US6 tasks
**User Story 3**: T092 [P] + T093 [P] can run in parallel with US1/US2/US6 tasks
**User Story 5**: T104 [P] + T105 [P] + T106 [P] can run in parallel
**User Stories across teams**: Once Foundational complete, different developers can work on US1, US2, US3, US4, US5, US6 in parallel
---
## Parallel Example: Multi-Story Development
```bash
# After Foundational Phase completes, launch all user stories in parallel:
# Developer A: User Story 1 (MVP)
Task T015-T031: Flight search and booking implementation
# Developer B: User Story 4 (Session Management)
Task T032-T042: Concurrent session isolation
# Developer C: User Story 6 (Remote Access)
Task T043-T078: Streamable HTTP transport with SSE polling
# Developer D: User Story 2 (Hotels)
Task T079-T091: Hotel search and bundling
# Developer E: User Story 3 (Cars)
Task T092-T103: Car rental integration
# Developer F: User Story 5 (Demo Data)
Task T104-T115: Enhanced mock data quality
```
---
## Implementation Strategy
### MVP First (User Story 1 Only) - RECOMMENDED START
1. ✅ Complete Phase 1: Setup (T001-T005)
2. ✅ Complete Phase 2: Foundational (T006-T014) - CRITICAL BLOCKER
3. ✅ Complete Phase 3: User Story 1 (T015-T031) - Flight search and booking
4. **STOP and VALIDATE**: Test flight search → book → retrieve → cancel workflow independently
5. Optional: Add Phase 9 (Docker) for easy deployment
6. Optional: Add Phase 10 (Documentation)
7. **Deploy/Demo MVP** - Fully functional flight booking mock server
### Incremental Delivery (Recommended)
1. Foundation (Setup + Foundational) → T001-T014 complete
2. **MVP Release**: Add US1 (T015-T031) → Test independently → Deploy v0.1
3. **Multi-User Release**: Add US4 (T032-T042) → Test concurrency → Deploy v0.2
4. **Remote Access**: Add US6 (T043-T078) → Test Streamable HTTP + SSE → Deploy v0.3
5. **Hotel Bundling**: Add US2 (T079-T091) → Test multi-service → Deploy v0.4
6. **Full Package**: Add US3 (T092-T103) → Test complete packages → Deploy v0.5
7. **Demo Quality**: Add US5 (T104-T115) → Polish for presentations → Deploy v1.0
8. Each increment adds value without breaking previous functionality
### Parallel Team Strategy (For Larger Teams)
1. **Week 1**: Entire team completes Setup + Foundational (T001-T014)
2. **Week 2-3** (After Foundational complete):
- **Team A** (2 devs): User Story 1 (T015-T031) - Priority focus
- **Team B** (1 dev): User Story 4 (T032-T042) - Critical for testing
- **Team C** (1 dev): User Story 6 data prep (T043-T046) - Remote transport setup
- **Team D** (1 dev): User Story 2 data prep (T079-T080) - Prepare for integration
3. **Week 4**: Integrate US1+US4+US6, then continue with US2, US3, US5
4. **Week 5**: Docker packaging, documentation, final polish
### Priority-Driven Sequential (Small Team)
1. Setup → Foundational (T001-T014)
2. User Story 1 - P1 (T015-T031) ✅ MVP CHECKPOINT
3. User Story 4 - P2 (T032-T042) - Enable concurrent testing
4. User Story 6 - P2 (T043-T078) - Enable remote access via Streamable HTTP
5. User Story 2 - P2 (T079-T091) - Add hotel capability
6. User Story 3 - P3 (T092-T103) - Complete package
7. User Story 5 - P3 (T104-T115) - Polish for demos
8. Docker + Docs (T120-T133)
---
## Task Summary
**Total Tasks**: 97 tasks
**Task Distribution by Phase**:
- Phase 1 (Setup): 5 tasks
- Phase 2 (Foundational): 9 tasks - BLOCKS ALL USER STORIES
- Phase 3 (US1 - Flight Booking): 17 tasks - MVP ✅
- Phase 4 (US4 - Session Management): 11 tasks
- Phase 5 (US6 - Remote Access): 36 tasks
- Phase 6 (US2 - Hotel Bundling): 13 tasks
- Phase 7 (US3 - Car Rentals): 12 tasks
- Phase 8 (US5 - Demo Data Quality): 12 tasks
- Phase 9 (Booking Management): 4 tasks
- Phase 10 (Docker): 6 tasks
- Phase 11 (Documentation): 8 tasks
**Task Distribution by User Story**:
- US1 (Flight Booking - P1): 21 tasks (includes Phase 9)
- US6 (Remote Access - P2): 36 tasks
- US2 (Hotel Bundling - P2): 13 tasks
- US3 (Car Rentals - P3): 12 tasks
- US4 (Session Management - P2): 11 tasks
- US5 (Demo Data - P3): 12 tasks
- Infrastructure (Setup + Foundational + Docker + Docs): 28 tasks
**Parallel Opportunities Identified**:
- Setup: 3 parallel tasks
- Foundational: 5 parallel tasks
- User Story data preparation: Multiple files can be created in parallel
- Complete user stories: 5 stories can be developed in parallel after Foundational
- Documentation: Can progress alongside implementation
**Independent Test Criteria per Story**:
- **US1**: Search flights → book with passengers → retrieve PNR → cancel booking (complete workflow)
- **US4**: Run 5-10 concurrent sessions, verify zero data leakage between sessions
- **US6**: Connect via Streamable HTTP → verify SSE polling → test MCP-Protocol-Version validation → test rate limiting
- **US2**: Search hotels → book hotel-only → bundle hotel with flight → retrieve multi-service PNR
- **US3**: Search cars → book car-only → add to flight+hotel → retrieve complete package
- **US5**: Review demo routes (JFK-LAX, JFK-LHR, LAX-TYO), verify professional data quality
**Suggested MVP Scope** (Minimum Viable Product):
- Phase 1: Setup (T001-T005)
- Phase 2: Foundational (T006-T014)
- Phase 3: User Story 1 (T015-T031)
- Phase 10: Docker packaging basics (T120-T125)
- Phase 11: Essential docs (T126-T127)
**Total MVP Tasks**: 34 tasks
**MVP delivers**: Fully functional flight search and booking mock server with Docker deployment
---
## Format Validation ✅
All tasks follow the required checklist format:
- ✅ Every task starts with `- [ ]` (markdown checkbox)
- ✅ Every task has sequential Task ID (T001, T002, T003...)
- ✅ User story tasks have [Story] label ([US1], [US2], [US3], [US4], [US5])
- ✅ Setup, Foundational, Docker, and Polish tasks have NO story label (correctly)
- ✅ Parallel tasks marked with [P]
- ✅ All descriptions include clear actions and exact file paths
- ✅ Tasks organized by phase with user stories as primary organization
- ✅ Each user story phase includes goal and independent test criteria
---
## Notes
- No tests included (not explicitly requested in spec.md per template guidelines)
- Tasks ordered for dependency flow: data → generators → tools → server integration
- Each user story can be deployed and tested independently
- MVP (US1 only) provides immediate value for flight booking testing
- Session management (US4) recommended early for CI/CD integration
- Multi-service bundling (US2, US3) extends functionality without breaking US1
- Demo data polish (US5) is final enhancement, not blocking
- Constitution compliance verification built into final phase
- All 8 MCP tools from contracts/mcp-tools.md covered across user stories