Availability

NFR.Baseline.Availability.1

Modules are designed and implemented following the Stateless principle

NFR.Baseline.Availability.2

Load/performance testing must be conducted for at least 2 instances

Manageability

NFR.Baseline.Manageability.1

Application logs are collected in a unified form and location

NFR.Baseline.Manageability.2

All custom configuration values are placed in the settings, not in the program code

NFR.ProfilePictures.Manageability.1

• Enabling/disabling the profile pictures feature for the tenant
• Storage type for pictures should be configurable (e.g. database, S3-like storage)

Performance

NFR.Baseline.Performance.1

Components are performance tested and compared to the prior release baseline; performance may not degrade more than 5% in exceptional cases

NFR.ProfilePictures.Performace.1

The system can process ~70K profile pictures per year

Security

NFR.Baseline.Security.1

Tenant data must be isolated from other tenants

NFR.Baseline.Security.2

Secrets (such as usernames, passwords, API keys, and/or their combinations) are not stored in source repositories (i.e. Github)

NFR.Baseline.Security.3

No sensitive information in logs (logins, passwords, API keys)

NFR.ProfilePictures.Security.1

Only authorized library staff can view and manage (upload, view, update, delete) photos for patron accounts

NFR.ProfilePictures.Security.2

Patron photos should be securely stored with proper encryption and access controls to protect sensitive information.

Testability

NFR.Baseline.Testability.1

Unit-test coverage for new code created/changed during the implementation of the feature >= 80%

NFR.Baseline.Testability.2

E2E-test coverage - # of automated test cases from test rail to # of all test cases at a particular feature

NFR.Baseline.Testability.3

Karate-test coverage - # of test to # of new endpoints that were created (or existing endpoints that were changed) in the feature scope