roost-io · harishagrawal · Apr 6, 2026
diff --git a/Online-Banking-App-Spring-Boot/.roost/knowledge.json b/Online-Banking-App-Spring-Boot/.roost/knowledge.json
diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_account_dashboard.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_account_dashboard.feature
@@ -0,0 +1,140 @@
+Feature: Account Management and Dashboard
+
+  Background:
+    Given the API is available
+
+  # --- Account Creation ---
+
+  @smoke
+  Scenario: Successfully create a new account
+    Given I am an authenticated user
+    When I send a POST request to /account/create_account with body:
+      | account_name  | account_type |
+      | "Savings"     | "savings"    |
+    Then the response status should be 201
+    And the response should contain an Account object with account_name "Savings" and account_type "savings"
+
+  @regression
+  Scenario: Fail to create account when unauthenticated
+    Given I am not authenticated
+    When I send a POST request to /account/create_account with body:
+      | account_name  | account_type |
+      | "Invalid"     | "savings"    |
+    Then the response status should be 401
+    And the response should contain an error message indicating authentication is required
+
+  @regression
+  Scenario: Fail to create account with missing required fields
+    Given I am an authenticated user
+    When I send a POST request to /account/create_account with body:
+      | account_type |
+      | "checking"   |
+    Then the response status should be 400
+    And the response should contain an error message for missing account_name
+
+  @regression
+  Scenario: Fail to create account with invalid account_type
+    Given I am an authenticated user
+    When I send a POST request to /account/create_account with body:
+      | account_name | account_type   |
+      | "Invalid"    | "investment"   |
+    Then the response status should be 400
+    And the response should contain an error message for invalid account_type
+
+  @regression
+  Scenario: Fail to create duplicate account with same name and type
+    Given I am an authenticated user
+      And I have already created an account with name "Personal" and type "savings"
+    When I send a POST request to /account/create_account with body:
+      | account_name | account_type |
+      | "Personal"   | "savings"    |
+    Then the response status should be 409
+    And the response should contain an error message indicating duplicate account
+
+  # --- Dashboard ---
+
+  @smoke
+  Scenario: View dashboard with account summary
+    Given I am an authenticated user
+      And I have the following accounts:
+        | account_name | account_type | balance |
+        | "Main"       | "checking"   | 2500    |
+        | "Savings"    | "savings"    | 5000    |
+    When I send a GET request to /app/dashboard
+    Then the response status should be 200
+    And the response should contain a list of userAccounts with 2 accounts
+    And the response should contain totalBalance equal to 7500
+
+  @regression
+  Scenario: Fail to view dashboard when unauthenticated
+    Given I am not authenticated
+    When I send a GET request to /app/dashboard
+    Then the response status should be 401
+    And the response should contain an error message indicating authentication is required
+
+  @smoke
+  Scenario: View dashboard when user has no accounts
+    Given I am an authenticated user
+      And I have no accounts
+    When I send a GET request to /app/dashboard
+    Then the response status should be 200
+    And the response should contain userAccounts as an empty list
+    And the response should contain totalBalance equal to 0
+
+  @regression
+  Scenario: Handle internal server error when fetching dashboard
+    Given I am an authenticated user
+      And a backend error occurs while fetching dashboard data
+    When I send a GET request to /app/dashboard
+    Then the response status should be 500
+    And the response should contain an error message indicating a server error
+
+  # --- Edge Cases ---
+
+  @regression
+  Scenario: Create account with name at maximum allowed length
+    Given I am an authenticated user
+      And the maximum allowed account name length is 255 characters
+    When I send a POST request to /account/create_account with body:
+      | account_name                       | account_type |
+      | "<255_char_string>"                | "checking"   |
+    Then the response status should be 201
+    And the response should contain an Account object with the given name
+
+  @regression
+  Scenario: Fail to create account with overly long account_name
+    Given I am an authenticated user
+      And the maximum allowed account name length is 255 characters
+    When I send a POST request to /account/create_account with body:
+      | account_name          | account_type |
+      | "<256_char_string>"   | "checking"   |
+    Then the response status should be 400
+    And the response should contain an error message for account_name length
+
+  @regression
+  Scenario: Create multiple different accounts with the same name but different types
+    Given I am an authenticated user
+      And I have created an account with name "Holiday" and type "savings"
+    When I send a POST request to /account/create_account with body:
+      | account_name | account_type |
+      | "Holiday"    | "checking"   |
+    Then the response status should be 201
+    And the response should contain an Account object with account_name "Holiday" and account_type "checking"
+
+  @regression
+  Scenario: Balance calculation includes all user-owned accounts
+    Given I am an authenticated user
+      And I have the following accounts:
+        | account_name  | account_type | balance |
+        | "USD"         | "checking"   | 1000    |
+        | "EUR"         | "checking"   | 2000    |
+        | "GBP"         | "savings"    | 3000    |
+    When I send a GET request to /app/dashboard
+    Then the response totalBalance should be 6000
+
+  @regression
+  Scenario: Dashboard displays only accounts owned by the user
+    Given I am user "alice" authenticated
+      And user "bob" has an account named "Joint" with balance 5000
+    When "alice" sends a GET request to /app/dashboard
+    Then the response should not contain the "Joint" account owned by "bob"
diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_payment_transaction_history.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_payment_transaction_history.feature
@@ -0,0 +1,109 @@
+Feature: Payment and Transaction History Endpoints
+
+  Background:
+    Given a registered user exists
+    And the user possesses a valid authentication token
+
+  @smoke @positive
+  Scenario: Successfully retrieve payment history for authenticated user
+    When the user sends a GET request to "/app/payment_history" with a valid token
+    Then the response status should be 200
+    And the response body should contain a non-empty array of PaymentHistory objects
+
+  @regression
+  Scenario: Authenticated user receives empty payment history collection
+    Given the user's payment history is empty
+    When the user sends a GET request to "/app/payment_history" with a valid token
+    Then the response status should be 200
+    And the response body should contain an empty array
+
+  @regression @negative
+  Scenario: Unauthorized request to payment history endpoint
+    When the user sends a GET request to "/app/payment_history" without a valid token
+    Then the response status should be 401
+    And the response body should contain an unauthorized error message
+
+  @regression @edgecase
+  Scenario: Large payment history list is handled correctly
+    Given the user has more than 1000 PaymentHistory records
+    When the user sends a GET request to "/app/payment_history" with a valid token
+    Then the response status should be 200
+    And the response body should contain an array with more than 1000 PaymentHistory objects
+
+  @regression @edgecase
+  Scenario: Corrupt or invalid PaymentHistory data is ignored
+    Given the user's payment history contains some invalid or incomplete records
+    When the user sends a GET request to "/app/payment_history" with a valid token
+    Then the response status should be 200
+    And all objects in the response array should conform to the PaymentHistory model
+
+  @smoke @positive
+  Scenario: Successfully retrieve transaction history for authenticated user
+    When the user sends a GET request to "/app/transaction_history" with a valid token
+    Then the response status should be 200
+    And the response body should contain a non-empty array of TransactionHistory objects
+
+  @regression
+  Scenario: Authenticated user receives empty transaction history collection
+    Given the user's transaction history is empty
+    When the user sends a GET request to "/app/transaction_history" with a valid token
+    Then the response status should be 200
+    And the response body should contain an empty array
+
+  @regression @negative
+  Scenario: Unauthorized request to transaction history endpoint
+    When the user sends a GET request to "/app/transaction_history" without a valid token
+    Then the response status should be 401
+    And the response body should contain an unauthorized error message
+
+  @smoke @positive
+  Scenario: Successfully retrieve account-specific transaction history
+    Given an account with id "12345" belongs to the user
+    When the user sends a POST request to "/app/account_transaction_history" with body { "account_id": "12345" } and a valid token
+    Then the response status should be 200
+    And the response body should contain a non-empty array of TransactionHistory objects related to account "12345"
+
+  @regression
+  Scenario: Account transaction history returns empty collection when no transactions exist
+    Given the user has an account with id "98765" and no transaction history
+    When the user sends a POST request to "/app/account_transaction_history" with body { "account_id": "98765" } and a valid token
+    Then the response status should be 200
+    And the response body should contain an empty array
+
+  @regression @negative
+  Scenario: Unauthorized request to account transaction history endpoint
+    When the user sends a POST request to "/app/account_transaction_history" with a valid account_id but no token
+    Then the response status should be 401
+    And the response body should contain an unauthorized error message
+
+  @regression @negative
+  Scenario: Requesting account transaction history for an account the user does not own
+    Given account with id "99999" does not belong to the user
+    When the user sends a POST request to "/app/account_transaction_history" with body { "account_id": "99999" } and a valid token
+    Then the response status should be 403
+    And the response body should contain an authorization error message
+
+  @regression @negative @edgecase
+  Scenario: Omitting account_id from request body returns error
+    When the user sends a POST request to "/app/account_transaction_history" with an empty body and a valid token
+    Then the response status should be 400
+    And the response body should contain a validation error for missing account_id
+
+  @regression @negative @edgecase
+  Scenario: Sending invalid account_id format returns error
+    When the user sends a POST request to "/app/account_transaction_history" with body { "account_id": "INVALID_ID!!" } and a valid token
+    Then the response status should be 400
+    And the response body should contain a validation error for account_id
+
+  @regression @edgecase
+  Scenario: Large transaction history list is handled correctly
+    Given the user has more than 1000 TransactionHistory records
+    When the user sends a GET request to "/app/transaction_history" with a valid token
+    Then the response status should be 200
+    And the response body should contain an array with more than 1000 TransactionHistory objects
+
+  @regression @edgecase
+  Scenario: System handles simultaneous requests for history endpoints gracefully
+    When the user sends multiple concurrent GET requests to "/app/payment_history" and "/app/transaction_history" with a valid token
+    Then all responses should have status 200
+    And no data corruption or partial responses should occur
diff --git a/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_registration_verification.feature b/Online-Banking-App-Spring-Boot/gherkin_scenarios/gherkin_registration_verification.feature
@@ -0,0 +1,105 @@
+Feature: User Registration and Email Verification for Banking System
+
+  Background:
+    Given the registration endpoint is available at "/register"
+    And the verification endpoint is available at "/verify"
+
+  @smoke @registration
+  Scenario: Successful user registration with valid data
+    When I submit a POST request to "/register" with a valid User model and confirm_password that matches the password
+    Then the response status should be 201
+    And the response should include the registered user details
+    And the response should contain a success message
+
+  @smoke @verification
+  Scenario: Successful email verification with valid token and code
+    Given I have registered and received a verification token and code
+    When I send a GET request to "/verify" with the valid token and code as query parameters
+    Then the response status should be 200
+    And the response should include a verification success message
+
+  @negative @registration
+  Scenario: Registration fails when required fields are missing
+    When I submit a POST request to "/register" with missing required fields in the User model
+    Then the response status should be 400
+    And the response should contain an error describing the missing fields
+
+  @negative @registration
+  Scenario: Registration fails when passwords do not match
+    When I submit a POST request to "/register" with mismatched password and confirm_password
+    Then the response status should be 400
+    And the response should include an error message about password mismatch
+
+  @negative @registration
+  Scenario: Registration fails with invalid field formats
+    When I submit a POST request to "/register" with an invalid email format in the User model
+    Then the response status should be 400
+    And the response should include an error message about email format
+
+  @negative @registration
+  Scenario: Registration fails when username is already taken
+    Given an existing user with username "johndoe"
+    When I submit a POST request to "/register" with the username "johndoe"
+    Then the response status should be 409
+    And the response should include an error message about duplicate username
+
+  @negative @verification
+  Scenario: Verification fails when token is missing
+    When I send a GET request to "/verify" with the code query parameter but missing the token
+    Then the response status should be 400
+    And the response should include an error message about the missing token
+
+  @negative @verification
+  Scenario: Verification fails when code is invalid
+    When I send a GET request to "/verify" with a valid token and an invalid code
+    Then the response status should be 400
+    And the response should include an error message about invalid code
+
+  @negative @verification
+  Scenario: Verification fails when token is expired
+    When I send a GET request to "/verify" with an expired token and valid code
+    Then the response status should be 410
+    And the response should include an error message about token expiration
+
+  @edge @registration
+  Scenario: Registration fails when password is exactly minimum allowed length
+    When I submit a POST request to "/register" with a password of exactly the minimum length allowed
+    Then the response status should be 201
+    And the response should indicate registration is successful
+
+  @edge @registration
+  Scenario: Registration fails when extra unexpected fields are provided
+    When I submit a POST request to "/register" with valid fields plus extra unexpected fields
+    Then the response status should be 400
+    And the response should mention unexpected fields
+
+  @edge @verification
+  Scenario: Verification fails when both token and code are blank
+    When I send a GET request to "/verify" with both token and code as blank values
+    Then the response status should be 400
+    And the response should include an error message about missing required parameters
+
+  @edge @registration
+  Scenario: Registration fails with extremely long field input
+    When I submit a POST request to "/register" with a username longer than the allowed maximum
+    Then the response status should be 400
+    And the response should include an error message about field length constraints
+
+  @edge @verification
+  Scenario: Verification fails when token and code are valid but already used
+    Given the user has already completed verification with the given token and code
+    When I send a GET request to "/verify" with the same token and code again
+    Then the response status should be 409
+    And the response should include an error message about already verified
+
+  @edge @registration
+  Scenario: Registration fails when fields have only whitespace
+    When I submit a POST request to "/register" with whitespace-only values for username, email, or password
+    Then the response status should be 400
+    And the response should include an error message about invalid input
+
+  @edge @registration
+  Scenario: Registration fails when confirm_password is missing
+    When I submit a POST request to "/register" without the confirm_password field
+    Then the response status should be 400
+    And the response should include an error message about missing confirm_password