TC self evaluation for edge-erm

Please see TCR ticket here: https://folio-org.atlassian.net/browse/TCR-38

	Criteria	Comments	Responsible	Evaluation Result	Evidence	Status

	Criteria	Comments	Responsible	Evaluation Result	Evidence	Status
1	Uses Apache 2.0 license	Added license link to POM.	@Steve Ellis	Acceptable	https://github.com/folio-org/edge-erm?tab=Apache-2.0-1-ov-file	Done
2	Module build MUST produce a valid module descriptor	`mvn install` causes module descriptor to be copied into target directory.	@Steve Ellis	Acceptable	https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json	Done
3	Module descriptor MUST include interface requirements for all consumed APIs	This module only requires two interfaces, `login` and `erm` and both are provided in the ModuleDescriptor	@Steve Ellis	Acceptable	https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json	Done
4	Third party dependencies use an Apache 2.0 compatible license	Please see attached the output of `mvn license:third-party-report`.	@Steve Ellis	Acceptable		Done
5	Installation documentation is included -note: read more at https://github.com/folio-org/mod-search/blob/master/README.md		@Steve Ellis	Acceptable	It is a standard edge-module and as such is deployed like all edge-modules. However the configuration options are documented in the readme.	Done
6	Personal data form is completed, accurate, and provided as `PERSONAL_DATA_DISCLOSURE.md` file		@Steve Ellis	Acceptable	Please see https://github.com/folio-org/edge-erm/blob/master/PERSONAL_DATA_DISCLOSURE.md	Done
7	Sensitive and environment-specific information is not checked into git repository		@Steve Ellis	Acceptable		Done
8	Module is written in a language and framework from the officially approved technologies page	Are we going to upgrade edge modules to spring boot version 3.2.x like the docs say we’re supposed to for other spring modules? Note edge-common-spring hasn’t been upgraded so…	@Steve Ellis	TODO		TODO
9	Module only uses FOLIO interfaces already provided by previously accepted modules e.g. a UI module cannot be accepted that relies on an interface only provided by a back end module that hasn't been accepted yet	It is an edge module calling a couple of mod-agreements endpoints that are released.	@Steve Ellis	Acceptable		Done
10	Integration with any third party system (outside of the FOLIO environment) tolerates the absence of configuration / presence of the system gracefully	There is no 3rd party integration. It’s an edge module that talks to FOLIO mod-agreements.	@Steve Ellis	Acceptable		Done
11	Sonarqube hasn't identified any security issues, major code smells, or excessive (>3%) duplication	See sonar report.	@Steve Ellis	Acceptable	https://sonarcloud.io/summary/new_code?id=org.folio%3Aedge-erm	Done
12	Uses officially supported build tools	Is a maven project.	@Steve Ellis			Done
13	Unit tests have 80% coverage or greater and are based on officially approved technologies	See sonar coverage report.	@Steve Ellis	Acceptable	https://sonarcloud.io/summary/new_code?id=org.folio%3Aedge-erm	Done
14	Module's repository includes a compliant Module Descriptor -note: read more at https://github.com/folio-org/okapi/blob/master/okapi-core/src/main/raml/ModuleDescriptor.json	See repository.	@Steve Ellis	Acceptable	https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json	Done
15	Module includes executable implementations of all endpoints in the provides section of the Module Descriptor	Module does not have `handlers` defined in the `provides` array of the ModuleDescriptor like many other modules.	@Steve Ellis	Acceptable	https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json	Done
16	Environment vars are documented in the ModuleDescriptor -note: read more at	Please see MD.	@Steve Ellis	Acceptable	https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json	Done
17	If a module provides interfaces intended to be consumed by other FOLIO Modules, they must be defined in the Module Descriptor "provides" section	Please see MD.	@Steve Ellis	Acceptable	https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json	Done
18	All API endpoints are documented in RAML or OpenAPI	OpenAPI is used.	@Steve Ellis	Acceptable	https://github.com/folio-org/edge-erm/blob/master/src/main/resources/swagger.api/edge-erm.yaml	Done
19	All API endpoints protected with appropriate permissions as per the following guidelines and recommendations, e.g. avoid using `.all` permissions, all necessary module permissions are assigned, etc. -note: read more at* and https://folio-org.atlassian.net/wiki/display/DD/Permission+Set+Guidelines	There are no endpoints defined in module descriptor.	@Steve Ellis	Acceptable	https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.json
20	Module provides reference data (if applicable), e.g. if there is a controlled vocabulary where the module requires at least one value	There is no reference data for this module.	@Steve Ellis	Acceptable		Done
21	If provided, integration (API) tests must be written in an officially approved technology -note: while it's strongly recommended that modules implement integration tests, it's not a requirement -note: these tests are defined in	API tests are written in Junit 5.	@Steve Ellis	Acceptable		Done
22	Data is segregated by tenant at the storage layer	The module does not store data but forwards requests to FOLIO.	@Steve Ellis	Acceptable		Done
23	The module doesn't access data in DB schemas other than its own and public	See above.	@Steve Ellis	Acceptable		Done
24	The module responds with a tenant's content based on x-okapi-tenant header	For an edge module only the API Key is needed.	@Steve Ellis	Acceptable		Done
25	Standard GET `/admin/health` endpoint returning a 200 response -note: read more at https://folio-org.atlassian.net/wiki/display/DD/Back+End+Module+Health+Check+Protocol	Has spring boot actuator. TODO Test this	@Steve Ellis	Acceptable	See application.yml and pom.xml.	Done
26	High Availability (HA) compliant Possible red flags: Connection affinity / sticky sessions / etc. are used Local container storage is used Services are stateful	The module has no state since it only makes requests to FOLIO.	@Steve Ellis	Acceptable		Done
27	Module only uses infrastructure / platform technologies on the officially approved technologies list. e.g. PostgreSQL, ElasticSearch, etc.	It’s an edge module so this doesn’t apply. There are no platform technologies in use.	@Steve Ellis	Acceptable		Done