Rules and requirement files added

.windsurf/rules/README.md

@@ -0,0 +1,51 @@
+# Zapp.ie Rules
+
+This directory contains rules and guidelines for the Zapp.ie project. These rules help maintain consistency and quality across the codebase.
+
+## Available Rules
+
+- [Code Style](./code-style.md)
+- [Testing](./testing.md)
+- [Security](./security.md)
+- [Performance](./performance.md)
+- [Documentation](./documentation.md)
+
+## Adding New Rules
+
+To add a new rule:
+1. Create a new markdown file in this directory
+2. Document the rule clearly with examples
+3. Update the README.md with a link to the new rule
+4. Add any necessary configuration files
+
+## Rule Categories
+
+### Code Style
+- Formatting
+- Naming conventions
+- Code organization
+- Best practices
+
+### Testing
+- Test coverage requirements
+- Test naming conventions
+- Mocking strategies
+- Performance testing
+
+### Security
+- Authentication/Authorization
+- Data validation
+- API security
+- Environment security
+
+### Performance
+- Response time targets
+- Memory usage limits
+- Caching strategies
+- Database optimization
+
+### Documentation
+- Code comments
+- API documentation
+- User documentation
+- Change logs

.windsurf/rules/code-style.md

@@ -0,0 +1,70 @@
+---
+trigger: manual
+---
+
+# Code Style Rules
+
+## General Guidelines
+
+-We prefer simple, elegant and concise coding solutions.
+-We generally prefer Microsoft solutions and open-source solutions.
+-We use kebab case for file and directory names.
+-We use PascalCase for class names and camelCase for variables.
+
+### File Structure
+- Use consistent file extensions (.tsx for TypeScript React components)
+- Place related files in logical directories
+- Keep files under 400 lines
+
+### Naming Conventions
+- Components: PascalCase (e.g., UserProfile)
+- Functions: camelCase (e.g., getUserProfile)
+- Constants: UPPER_SNAKE_CASE (e.g., API_ENDPOINT)
+- Variables: camelCase (e.g., userProfile)
+
+### React Components
+- Use functional components with hooks
+- Export components as default
+- Use proper prop types
+- Keep components pure and reusable
+
+### TypeScript
+- Use strict mode
+- Avoid any type
+- Use interfaces for complex types
+- Use enums for fixed value sets
+
+### Formatting
+- 2 spaces indentation
+- Single quotes
+- Trailing commas
+- Maximum line length: 80 characters
+
+### Imports
+- Group related imports
+- Alphabetize imports within groups
+- Use named exports when possible
+
+### Error Handling
+- Always handle API errors
+- Use proper error boundaries
+- Log errors appropriately
+- Provide user-friendly error messages
+
+### Performance
+- Memoize expensive computations
+- Use proper component optimization
+- Avoid unnecessary re-renders
+- Implement proper cleanup
+
+### Testing
+- Write unit tests for components
+- Test edge cases
+- Mock external dependencies
+- Keep tests independent
+
+### Documentation
+- Document complex logic
+- Add JSDoc comments for public APIs
+- Keep READMEs up to date
+- Document state management

.windsurf/rules/documentation.md

@@ -0,0 +1,10 @@
+---
+trigger: manual
+---
+
+- For our methodology and backlog structure, refer to [T-Minus-15](https://github.com/BenGWeeks/T-Minus-15).
+- Refer to requirements, if they exist, in /docs/requirements.yaml.
+- Refer to personas, if they exist, in /docs/personas.yaml.
+- Refer to solution design, if they exist, in /docs/solution-design.md.
+- Refer to test strategy, if they exist, in /docs/test-strategy.md.
+- Refer to data model, if they exist, in /docs/data-model.md.

.windsurf/rules/frameworks.md

@@ -0,0 +1,8 @@
+---
+trigger: manual
+---
+
+- Our packet manager preference is npm (not pnpm).
+- My preferred frameworks are React, TypeScript, and Tailwind.
+- We generally prefer Microsoft solutions and open-source solutions.
+- We use Playwright to generate automated scripts.

.windsurf/rules/performance.md

@@ -0,0 +1,98 @@
+# Performance Rules
+
+## Frontend Performance
+
+### Component Optimization
+- Use React.memo for expensive components
+- Implement useMemo for heavy calculations
+- Avoid unnecessary re-renders
+- Use useCallback for event handlers passed to child components
+- Optimize state updates with batch processing
+
+### Bundle Size
+- Implement code splitting
+- Lazy load components when appropriate
+- Set up proper tree shaking
+- Minimize third-party dependencies
+- Analyze bundle size regularly
+
+### Rendering Performance
+- Keep render functions pure and efficient
+- Avoid inline functions and object literals in JSX
+- Use virtualization for long lists
+- Optimize component hierarchies
+- Minimize DOM mutations
+
+## API Performance
+
+### Request Optimization
+- Batch API calls when possible
+- Implement data pagination
+- Use GraphQL for complex data requirements
+- Optimize payload size
+- Cache responses appropriately
+
+### Lightning Network Integration
+- Implement proper caching for wallet balances
+- Optimize transaction validation
+- Use efficient lightning node configurations
+- Batch transaction processing where possible
+
+## Caching Strategies
+
+### Client-Side Caching
+- Use React Query for data fetching and caching
+- Implement local storage for user preferences
+- Set up proper cache invalidation
+- Use memory caching for frequently accessed data
+
+### Server-Side Caching
+- Cache API responses
+- Implement Redis for shared caching
+- Set up proper TTL for cached items
+- Cache external API responses (LNbits, etc.)
+
+## Network Optimization
+
+### Asset Delivery
+- Use CDN for static assets
+- Implement proper compression
+- Set up HTTP/2 or HTTP/3
+- Optimize asset size
+- Use browser caching
+
+### API Communication
+- Minimize payload size
+- Use compression for API responses
+- Implement connection pooling
+- Optimize request/response cycles
+
+## Performance Monitoring
+
+### Metrics Collection
+- Track core web vitals
+- Monitor API response times
+- Track component render times
+- Set up real user monitoring
+- Implement synthetic monitoring
+
+### Performance Budgets
+- Set maximum bundle size
+- Define target load times
+- Establish memory usage limits
+- Monitor time to interactive
+- Track first contentful paint
+
+## Performance Testing
+
+### Load Testing
+- Test application under expected load
+- Identify performance bottlenecks
+- Establish baseline performance metrics
+- Test scaling capabilities
+
+### Optimization Process
+- Regular performance audits
+- Implement performance regression testing
+- Document optimization strategies
+- Prioritize high-impact optimizations

.windsurf/rules/security.md

@@ -0,0 +1,90 @@
+# Security Rules
+
+## Authentication & Authorization
+
+### SSO Authentication
+- Use Microsoft Teams SSO for user authentication
+- Implement proper token validation
+- Set appropriate token expiration times
+- Store authentication tokens securely
+- Never expose tokens in client-side code
+
+### Authorization
+- Implement role-based access control
+- Verify user permissions for each protected action
+- Apply principle of least privilege
+- Document access control policies
+
+## Bitcoin/Lightning Network Security
+
+### Wallet Management
+- Secure storage of wallet credentials
+- Use environment variables for sensitive data
+- Implement transaction limits
+- Apply proper validation for all payment operations
+- Keep Lightning Node software updated
+
+### LNbits Integration
+- Use API keys with minimal required permissions
+- Rotate API keys regularly
+- Validate all inputs from LNbits
+- Implement proper error handling for API failures
+- Log all transactions for audit purposes
+
+## Data Protection
+
+### User Data
+- Encrypt sensitive user data at rest
+- Use HTTPS for all communications
+- Implement proper data retention policies
+- Apply data minimization principles
+- Obtain consent for data collection
+
+### Transaction Data
+- Encrypt all transaction records
+- Implement access controls for transaction history
+- Audit trail for all zap transactions
+- Secure backup of transaction data
+
+## Vulnerability Management
+
+### Code Security
+- Perform security code reviews
+- Use static analysis tools
+- Avoid hardcoded secrets
+- Update dependencies regularly
+- Follow OWASP security guidelines
+
+### Dependency Management
+- Regular security audits of dependencies
+- Use dependency scanning tools
+- Define a process for dependency updates
+- Document known vulnerabilities and mitigations
+
+## API Security
+
+### Input Validation
+- Validate all user inputs
+- Implement proper error handling
+- Rate limit API endpoints
+- Prevent common attacks (XSS, CSRF, injection)
+
+### Secure API Design
+- Use API tokens for authentication
+- Implement proper CORS policies
+- Log all API access
+- Document API security requirements
+
+## Incident Response
+
+### Monitoring
+- Log security events
+- Implement alerting for suspicious activities
+- Regular security reviews
+- Document security incident response procedures
+
+### Response Plan
+- Define roles and responsibilities
+- Document containment procedures
+- Establish communication protocols
+- Implement recovery procedures