# Project Planning and Code Guidelines ## General Code Guidelines * **Modular Design:** Use Object-Oriented Programming (OOP) where possible to separate concerns and promote code reuse. * **File Size Limit:** No single Python file should exceed **600 lines** to improve readability and maintainability. * **Commenting:** * Use clear, concise comments to explain complex logic. * Include function and class docstrings where appropriate. * Use in-line comments sparingly and only when the logic is not immediately obvious. * **Code Structure:** * Follow the Model-View-Controller (MVC) pattern where applicable. * Group related classes and functions into separate modules for clarity. * **Error Handling:** Implement robust error handling with meaningful messages and fallback behavior where possible. * **Readability:** * Use meaningful variable and function names. * Avoid deeply nested loops and conditionals where possible. ## API Design Guidelines * **RESTful Endpoints:** Use RESTful conventions for all API endpoints. * **Status Codes:** Return appropriate HTTP status codes (e.g., 200 for success, 404 for not found, 500 for server error). * **Error Responses:** Provide consistent and descriptive error messages. * **Data Validation:** Validate all incoming data to prevent unexpected behavior and security issues. * **Unified API and UI:** For demo purposes, both the API endpoints and admin UI should be served by the same Flask application. ## File Organization * **Static Files:** Store images in the `static/images/` directory. * **Product Data:** Store product metadata in `products.json`. * **Configuration Files:** Use a dedicated `config/` directory for environment-specific settings. * **Templates:** Store HTML templates in the `templates/` directory, with admin-specific templates in `templates/admin/`. ## Documentation Guidelines * **Keep Documentation Updated:** Update TASK.md as features are implemented to track progress. * **Readme First:** README.md should always reflect the current state of the project and provide clear setup instructions. * **Code Comments:** Keep code comments in sync with implementation changes. * **API Documentation:** Document all API endpoints, including request/response formats. ## Security Guidelines * **No Hardcoded Credentials:** Avoid hardcoding sensitive information like passwords or API keys. * **Input Sanitization:** Validate and sanitize all user input to prevent injection attacks. * **Minimal Permissions:** Run the application with the least required privileges. ## Future Considerations * **Scalability:** Plan for the potential migration to a database if the product catalog grows. * **API Rate Limiting:** Consider adding rate limiting for public APIs. * **Monitoring and Logging:** Implement basic logging for audit trails and error diagnosis. * **Deployment Automation:** Use Docker or other containerization for easy deployment and scaling.