chore: text wordings and documentation updates

[weaponsforge]

• Chore: add community standards MD files
• Chore: add architecture diagram of the REST API
• Chore: improve seeding error handling
• Chore: minor text and wording adjustments

Summary by CodeRabbit

• New Features

  • Single-item API responses now include a total: 1 field for islands, municipalities, provinces, and regions.

• Documentation

  • Added Code of Conduct, Contributing guide, Security policy, and MIT license.
  • Major README rewrite with Docker-first setup, expanded scripts/env/deployment docs, and an architecture diagram.
  • Clarified OpenAPI description for the region → provinces endpoint.

• Chores

  • Bumped server version to 1.1.0 and streamlined docs generation/build and Docker workflows.

[coderabbitai]

Walkthrough

Adds governance and security docs, MIT license, an expanded README and architecture asset, minor Docker/packaging script renames, OpenAPI text refinements, single-item controller responses now include total: 1, a Mongo JSDoc typo fix, and a reworked multi-stage seeding script with ID-mapping and per-stage error handling.

Changes

Cohort / File(s)	Summary
Governance & Security Docs CODE_OF_CONDUCT.md, CONTRIBUTING.md, LICENSE, SECURITY.md	New contributor covenant, contribution guidelines, MIT license, and security reporting policy added.
README & Architecture Asset README.md, assets/architecture.drawio	README rewritten with Docker-first docs, deployment and docs workflow updates; new architecture draw.io asset added.
Docker / Build Scripts docker-compose.yml, server/Dockerfile, server/package.json	Minor compose comments; Dockerfile updated to run docs:swagger; package bumped to 1.1.0, copySwaggerFiles replaced by docs:swagger, and build script updated.
OpenAPI Spec Text server/public/openapi.json, server/public/openapi.yaml, server/src/scripts/openapi/docs/region.doc.ts	Clarified 200 response description for GET /api/regions/{id}/provinces to state "one (1) region"; no schema changes.
Controller Response Shape server/src/controllers/island.ts, server/src/controllers/municipality.ts, server/src/controllers/province.ts, server/src/controllers/region.ts	Single-item success responses now include total: 1; docstrings updated for some region methods. No control-flow changes.
Mongo JSDoc Fix server/src/classes/mongo.class.ts	JSDoc corrected to reference a Mongoose Model and typo fixed.
Seeding Workflow Restructure server/src/scripts/seed/main.ts, server/src/scripts/seed/lib/normalize.ts	Seed process split into staged try/catch steps (Islands → Regions/Provinces → Municipalities → Stats), ID mapping propagation, errorSeeding aggregation, improved finalization and exit codes; minor import reordering.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant Seed as seed/main.ts
  participant DB as MongoDB

  Note over Seed: Multi-stage seeding with mappings & stage-aware errors

  Dev->>Seed: run seed script
  rect rgba(200,230,255,0.25)
    Note right of Seed: Stage 1 — Islands
    Seed->>DB: insert islands
    DB-->>Seed: island IDs (mapping)
  end

  rect rgba(200,255,200,0.20)
    Note right of Seed: Stage 2 — Regions & Provinces
    Seed->>DB: insert regions (return mappings)
    DB-->>Seed: regionKeyIDs
    Seed->>DB: insert provinces (return mappings)
    DB-->>Seed: provinceKeyIDs
  end

  rect rgba(255,245,200,0.20)
    Note right of Seed: Stage 3 — Municipalities
    Seed->>DB: insert municipalities (using mapped IDs)
    DB-->>Seed: raw municipalities
    Seed->>Seed: generateBarangayCounts()
  end

  rect rgba(255,220,220,0.20)
    Note right of Seed: Stage 4 — Stats
    Seed->>DB: insert stats
    DB-->>Seed: ok
  end

  alt Any stage fails
    Seed->>Dev: log error with stage context
    Seed->>DB: disconnect
    Seed-->>Dev: exit(1)
  else Success
    Seed->>DB: disconnect
    Seed-->>Dev: exit(0)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: deploy api to vercel #16 — Overlaps in docs/build and Swagger file handling; touches package scripts and Dockerfile similar to this PR.
• feat: build and create an api documentation #11 — Related edits to controller metadata and OpenAPI generation which intersect with controller total and docs changes here.
• feat: optimize models and working api #1 — Prior broad changes to server controllers, seed scripts, and build tooling that align with the files modified in this PR.

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: text wordings and documentation updates" is concise and correctly highlights the prominent documentation and wording work in this changeset (README rewrite, CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, architecture asset). It accurately describes a major portion of the PR but does not mention the substantive seeding error-handling improvements and small code/package/docker tweaks also present. Under the provided criteria a title that clearly references a real aspect of the changeset is acceptable as a pass.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

Hop hop — I nudge the docs with cheer,
Seeds map paths so data's clear.
total: 1, a tidy count,
Pipelines hum and builds surmount.
Carrots packed, I stamp — ship near! 🥕

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/text-updates

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

server/package.json (1)

28-28: License mismatch: package.json says ISC but repo license is MIT.

Align the package license with the root LICENSE to avoid legal confusion.

-  "license": "ISC",
+  "license": "MIT",

🧹 Nitpick comments (18)

server/src/scripts/openapi/docs/api.info.ts (1)

13-13: Tone nit: triple exclamation marks in docs label.

Consider reverting “🧩 Alternate Docs!!!” to a single “!” (or none) for a more professional tone in published docs. This still aligns with your preference for full URLs in OpenAPI.

server/src/classes/mongo.class.ts (1)

25-27: JSDoc typo: “Moodel”.

Fix the parameter description spelling.

- * @param model - Mongoose Moodel
+ * @param model - Mongoose Model

server/src/controllers/island.ts (1)

72-77: Simplify total for single-item response.

After the 404 guard, data is always truthy; total: data ? 1 : 0 can be 1.

   return res.status(200).json({
     success: true,
-    total: data ? 1 : 0,
+    total: 1,
     metadata: islandsData.metadata,
     data
   })

server/src/controllers/province.ts (2)

73-78: Simplify total for single-item response.

data is guaranteed after the not-found guard; set total to 1.

   return res.status(200).json({
     success: true,
-    total: data ? 1 : 0,
+    total: 1,
     metadata: { ...FULL_API_METADATA, description },
     data
   })

---

105-110: Simplify total for single-item response.

Same as above for the municipalities variant.

   return res.status(200).json({
     success: true,
-    total: data ? 1 : 0,
+    total: 1,
     metadata: { ...FULL_API_METADATA, description },
     data
   })

server/src/controllers/municipality.ts (1)

53-58: Simplify total for single-item response.

After the 404 guard, total can be a literal 1.

   return res.status(200).json({
     success: true,
-    total: data ? 1 : 0,
+    total: 1,
     metadata: { ...FULL_API_METADATA, description },
     data
   })

server/public/openapi.yaml (1)

18-18: Tone down the “Alternate Docs!!!” label.

Recommend a single exclamation for a more neutral docs label.

-     **🧩 Alternate Docs!!!** <ul><li>Interactive API documentation (Swagger UI): [http://localhost:3001/docs](http://localhost:3001/docs)</li></ul>
+     **🧩 Alternate Docs!** <ul><li>Interactive API documentation (Swagger UI): [http://localhost:3001/docs](http://localhost:3001/docs)</li></ul>

server/src/controllers/region.ts (2)

76-81: Set total to a constant after the not-found guard.

Since not-found is handled above, total is always 1 here.

       return res.status(200).json({
         success: true,
-        total: data ? 1 : 0,
+        total: 1,
         metadata: FULL_API_METADATA,
         data
       })

---

112-117: Set total to a constant after the not-found guard.

Same simplification applies here.

     return res.status(200).json({
       success: true,
-      total: data ? 1 : 0,
+      total: 1,
       metadata: FULL_API_METADATA,
       data
     })

SECURITY.md (2)

7-11: Fix pronoun/voice consistency.

Use “We … our …” throughout for clarity and consistency.

-They will investigate all legitimate reports and do our best to quickly fix the problem.
+We will investigate all legitimate reports and do our best to quickly fix the problem.
@@
-You should receive a response within 3 business days. If for some reason you do not, please follow up via email to ensure they received your original message.
+You should receive a response within 3 business days. If for some reason you do not, please follow up via email to ensure we received your original message.

---

1-24: Optional: publish a security.txt.

Consider adding/.well-known/security.txt pointing to the contact email to help automated discovery.

CONTRIBUTING.md (1)

13-15: Add languages to fenced code blocks (markdownlint MD040).

Tagging blocks improves readability and satisfies lint rules.

-   ```
+   ```bash
    git clone https://github.com/yourusername/ph-regions.git
    ```
@@
-   ```
+   ```bash
    git remote add upstream https://github.com/weaponsforge/ph-regions.git
    ```
@@
-   ```
+   ```bash
    git checkout -b feat/your-new-feature-name
    ```
@@
-   ```
+   ```bash
    git add .
    git commit -m "Add a brief description of your changes"
    ```
@@
-   ```
+   ```bash
    git fetch upstream
    git checkout dev
    git merge upstream/dev
    git push origin dev
    ```
@@
-   ```
+   ```bash
    git push origin feat/your-new-feature-name
    ```

Also applies to: 19-20, 26-27, 36-38, 42-46, 52-53

assets/architecture.drawio (1)

1-52: Add an exported SVG/PNG of the diagram to aid diffs and browsing.

Draw.io XML is hard to review; committing an SVG/PNG alongside helps PR review and README embedding.

server/src/scripts/seed/main.ts (1)

91-105: Consider wrapping municipality and stats seeding in separate try-catch blocks.

Currently, both municipality and stats seeding share the same try-catch block, which makes the error message less specific. Consider separating them for better error granularity.

Apply this diff to separate the error handling:

  try {
    // [3] Seed municipalities collection
    const municipalityKeyIds = await seed(
      Municipality,
      municipalities,
      { isReturnRaw: true }
    ) as unknown as TMunicipality[]
+  } catch (err: unknown) {
+    const errMsg = typedCatchError(err)
+    throw new Error(`Seeding Municipalities - ${errMsg}`)
+  }

+  try {
    // [4] Seed the random barangay counts per municipality
+    const municipalityKeyIds = await seed(
+      Municipality,
+      municipalities,
+      { isReturnRaw: true }
+    ) as unknown as TMunicipality[]
    statsBarangays = generateBarangayCounts(municipalityKeyIds)
    await seed(Stats, statsBarangays)
  } catch (err: unknown) {
    const errMsg = typedCatchError(err)
    throw new Error(`Seeding Stats - ${errMsg}`)
  }

Note: You'll need to declare municipalityKeyIds outside the try blocks to make it accessible to the stats seeding section.

README.md (2)

25-26: Minor: Adjust list indentation to match markdown standards.

The sub-items under "API documentation" should use 2-space indentation instead of 3 spaces.

Apply this diff to fix the indentation:

 - API documentation
-   - Static: <https://ph-regions.vercel.app>
-   - Interactive: <https://ph-regions.vercel.app/docs>
+  - Static: <https://ph-regions.vercel.app>
+  - Interactive: <https://ph-regions.vercel.app/docs>

---

409-409: Minor: Wrap bare URL in angle brackets.

For consistency with other URLs in the document, wrap the Docker Hub URL.

Apply this diff:

-https://hub.docker.com/r/weaponsforge/ph-regions
+<https://hub.docker.com/r/weaponsforge/ph-regions>

docker-compose.yml (2)

17-19: Clarify intent and avoid manual toggling; current note is slightly misleading about build.

Volumes only affect runtime, not docker compose build. Tighten the wording and explain the masking behavior. Consider using profiles/override files (dev/prod) to avoid commenting/uncommenting in source.

Apply this diff to improve the comment:

-      # NOTE: [public folder volume]
-      # Comment-out the next line to enable updating the "openapi.json" and "openapi.yaml" files
-      # during development. Restore it when running `docker compose build`
+      # NOTE: [public folder volume]
+      # During local development: comment out the next line so edits to server/public
+      # (openapi.json|openapi.yaml) on the host are visible inside the container.
+      # For prod runs: keep it enabled to mask the host /public (this creates a volume at /opt/server/public).
+      # Tip: prefer a dev/prod compose override or profiles to avoid manual toggling.

---

20-20: Use a named volume instead of an anonymous one to prevent dangling volumes.

Anonymous volumes make cleanup harder and hide intent. Define a named volume (e.g., server-public) and reference it here. Same suggestion applies to /opt/server/node_modules.

Example:

# service mount
    volumes:
      - ./server:/opt/server
      - server-node_modules:/opt/server/node_modules
      - server-public:/opt/server/public

# named volumes (bottom of file)
volumes:
  db-ph-regions:
    driver: local
  server-node_modules:
    driver: local
  server-public:
    driver: local

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2f15b24 and c7df39b.

⛔ Files ignored due to path filters (2)

• assets/architecture.png is excluded by !**/*.png
• server/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (20)

• CODE_OF_CONDUCT.md (1 hunks)
• CONTRIBUTING.md (1 hunks)
• LICENSE (1 hunks)
• README.md (10 hunks)
• SECURITY.md (1 hunks)
• assets/architecture.drawio (1 hunks)
• docker-compose.yml (1 hunks)
• server/Dockerfile (1 hunks)
• server/package.json (2 hunks)
• server/public/openapi.json (2 hunks)
• server/public/openapi.yaml (2 hunks)
• server/src/classes/mongo.class.ts (1 hunks)
• server/src/controllers/island.ts (1 hunks)
• server/src/controllers/municipality.ts (1 hunks)
• server/src/controllers/province.ts (2 hunks)
• server/src/controllers/region.ts (4 hunks)
• server/src/scripts/openapi/docs/api.info.ts (1 hunks)
• server/src/scripts/openapi/docs/region.doc.ts (1 hunks)
• server/src/scripts/seed/lib/normalize.ts (1 hunks)
• server/src/scripts/seed/main.ts (5 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: weaponsforge
PR: weaponsforge/ph-regions#16
File: server/public/openapi.json:64-64
Timestamp: 2025-09-10T18:53:14.537Z
Learning: The user weaponsforge prefers to use full server URLs (like "http://localhost:3001" or Vercel URLs) in OpenAPI specifications rather than relative URLs, even when relative URLs could make the spec more portable across environments.

📚 Learning: 2025-09-08T02:38:26.092Z

Learnt from: weaponsforge
PR: weaponsforge/ph-regions#13
File: .github/workflows/release.yml:10-10
Timestamp: 2025-09-08T02:38:26.092Z
Learning: In the weaponsforge/ph-regions repository, the default branch is 'dev' but production deployments should only trigger from the 'master' branch. The 'master' branch contains production-ready code while 'dev' is for development work.

Applied to files:

• README.md

🧬 Code graph analysis (7)

server/src/scripts/openapi/docs/region.doc.ts (1)

server/src/scripts/openapi/docs/province.doc.ts (1)

• registry (16-202)

server/src/classes/mongo.class.ts (1)

server/src/utils/helpers.ts (1)

• T (51-59)

server/Dockerfile (1)

server/src/scripts/copyFiles/main.ts (1)

• serverRootPath (4-21)

server/src/controllers/municipality.ts (1)

server/src/scripts/openapi/docs/municipality.doc.ts (1)

• registry (16-123)

server/src/scripts/openapi/docs/api.info.ts (1)

server/src/utils/constants.ts (1)

• BASE_API_URL (1-1)

server/package.json (1)

server/src/scripts/copyFiles/main.ts (1)

• serverRootPath (4-21)

server/src/scripts/seed/main.ts (2)

server/src/scripts/seed/lib/normalize.ts (5)

• normalizeRegions (22-35)
• normalizeProvinces (43-60)
• normalizeMunicipalities (68-90)
• DStats (14-14)
• replaceId (99-114)

server/src/scripts/seed/lib/seed.ts (2)

• seed (32-67)
• SeedingResult (14-14)

🪛 markdownlint-cli2 (0.17.2)

CONTRIBUTING.md

13-13: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

18-18: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

25-25: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

35-35: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

41-41: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

51-51: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

CODE_OF_CONDUCT.md

40-40: Bare URL used

(MD034, no-bare-urls)

README.md

25-25: Unordered list indentation
Expected: 2; Actual: 3

(MD007, ul-indent)

---

26-26: Unordered list indentation
Expected: 2; Actual: 3

(MD007, ul-indent)

---

409-409: Bare URL used

(MD034, no-bare-urls)

🔇 Additional comments (18)

server/src/scripts/seed/lib/normalize.ts (1)

3-3: Import re-order LGTM.

No functional impact; keeps island types nearby.

server/src/scripts/openapi/docs/region.doc.ts (2)

184-189: Doc wording LGTM.

The singular-object phrasing clarifies response semantics.

---

168-189: ResponseSuccessSchema already includes total — no change required

ResponseSuccessSchema defines total (server/src/scripts/openapi/docs/api.success.schema.ts:36); region/province/municipality/island docs extend it and inherit total. stats.doc.ts explicitly omits total via .omit({ total: true }) where that omission is intentional.

LICENSE (2)

1-21: MIT license addition LGTM.

Standard MIT text with correct attribution.

---

1-4: Confirm license metadata across packages

Root LICENSE is MIT (confirmed). I couldn't reliably enumerate package.json license fields due to earlier script failures — run and paste the output of:

find . -type f -name 'package.json' -not -path '*/node_modules/*' -not -path '*/.git/*' -print0 \
  | while IFS= read -r -d '' f; do
      printf '%s\t' "$f"
      jq -r '.license // .licenses // "<MISSING>"' "$f" 2>/dev/null || printf '<PARSE_ERROR>'
      printf '\n'
    done

Ensure every package.json contains "license": "MIT" to match the root LICENSE.

server/public/openapi.yaml (1)

1544-1545: LGTM: clearer 200 description for single-region payload.

server/src/controllers/region.ts (2)

31-31: LGTM: doc comment accurately reflects nested shape.

---

87-87: LGTM: doc comment for nested provinces/municipalities.

server/package.json (1)

15-19: Verified: rename complete — no remaining copySwaggerFiles; tooling uses docs:swagger.

Found docs:swagger in server/package.json, server/Dockerfile, and README.md; zero matches for copySwaggerFiles.

CODE_OF_CONDUCT.md (1)

1-85: LGTM: standard Contributor Covenant v2.0 content and enforcement.

server/public/openapi.json (3)

13-13: LGTM: unified info.description label.

---

2001-2001: LGTM: 200 description clarifies single-region payload.

---

1-3651: Keep JSON and YAML specs in sync — verified.
Both "🧩 Alternate Docs!!!" and "Object containing one (1) Philippine region data including provinces and municipalities" are present in server/public/openapi.yaml and server/public/openapi.json.

server/src/scripts/seed/main.ts (1)

25-117: Well-structured error handling with staged try-catch blocks.

The refactored approach with individual try-catch blocks for each seeding stage provides clear, stage-specific error messages that will greatly improve debugging. The global errorSeeding variable and final error handling logic ensure proper cleanup and process exit codes.

README.md (2)

9-18: Excellent addition of visual documentation!

The DeepWiki badge and architecture diagram provide immediate visual context for understanding the system, significantly improving the documentation quality.

---

43-46: Great addition of community standards section.

Including the Contributing section with a reference to CONTRIBUTING.md helps establish clear contribution guidelines for the community.

server/Dockerfile (2)

19-19: Script name change aligns with documentation focus.

The rename from copySwaggerFiles to docs:swagger better reflects the script's purpose and maintains consistency with the docs: prefix convention used for documentation-related scripts.

---

19-19: Confirmed: docs:swagger script exists
server/package.json defines "docs:swagger" as: tsx ./src/scripts/copyFiles/main.ts

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

server/package.json (1)

18-18: Build chain order looks fine; verify docs steps run where devDeps exist.
docs:build -> docs:swagger is okay, but both depend on tooling typically in devDeps (tsx, @redocly/cli). Ensure the build stage installs devDeps or switch to compiled JS for both OpenAPI scripts.

I can provide a patch to compile and invoke dist/scripts/openapi/*.js so the build doesn’t need tsx. Want me to draft it?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7019e39 and b1bc434.

⛔ Files ignored due to path filters (1)

• server/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• server/package.json (3 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: weaponsforge
PR: weaponsforge/ph-regions#16
File: server/public/openapi.json:64-64
Timestamp: 2025-09-10T18:53:14.537Z
Learning: The user weaponsforge prefers to use full server URLs (like "http://localhost:3001" or Vercel URLs) in OpenAPI specifications rather than relative URLs, even when relative URLs could make the spec more portable across environments.

🧬 Code graph analysis (1)

server/package.json (1)

server/src/scripts/copyFiles/main.ts (1)

• serverRootPath (4-21)

🔇 Additional comments (4)

server/package.json (4)

3-3: Semver bump to 1.1.0 is appropriate for docs and scripts changes.
No functional API changes indicated; minor version bump matches scope.

---

27-27: Author metadata update LGTM.
Matches repository ownership.

---

28-28: Approve — LICENSE verified as MIT and matches package.json.
Root LICENSE starts with "MIT License" and contains the standard warranty/disclaimer language; the "license": "MIT" entry in server/package.json is consistent.

---

15-15: Incorrect — Dockerfile installs devDependencies before running docs:swagger

server/Dockerfile "development-setup" stage (lines 15–19) runs npm install then npm run docs:build && npm run docs:swagger, so tsx will be available in that stage and the suggested change is not required for the Docker build. If docs:swagger will ever be executed in an environment where devDependencies are omitted, switch to the compiled JS (node ./dist/...) then.

Likely an incorrect or invalid review comment.