aligneddev
diff --git a/‎specs/007-delete-rides/checklists/requirements.md‎
Lines changed: 42 additions & 0 deletions b/‎specs/007-delete-rides/checklists/requirements.md‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎specs/007-delete-rides/contracts/ride-delete-api.yaml‎
Lines changed: 191 additions & 0 deletions b/‎specs/007-delete-rides/contracts/ride-delete-api.yaml‎
Lines changed: 191 additions & 0 deletions
diff --git a/‎specs/007-delete-rides/contracts/ride-deleted-event.schema.json‎
Lines changed: 60 additions & 0 deletions b/‎specs/007-delete-rides/contracts/ride-deleted-event.schema.json‎
Lines changed: 60 additions & 0 deletions
@@ -0,0 +1,42 @@
+# Specification Quality Checklist: Allow Deletion of Rides
+
+**Purpose**: Validate specification completeness and quality before proceeding to planning
+**Created**: 2026-03-30
+**Feature**: [spec.md](../spec.md)
+
+## Content Quality
+
+- [x] No implementation details (languages, frameworks, APIs)
+- [x] Focused on user value and business needs
+- [x] Written for non-technical stakeholders
+- [x] All mandatory sections completed
+
+## Requirement Completeness
+
+- [x] No [NEEDS CLARIFICATION] markers remain
+- [x] Requirements are testable and unambiguous
+- [x] Success criteria are measurable
+- [x] Success criteria are technology-agnostic (no implementation details)
+- [x] All acceptance scenarios are defined
+- [x] Edge cases are identified
+- [x] Scope is clearly bounded
+- [x] Dependencies and assumptions identified
+
+## Feature Readiness
+
+- [x] All functional requirements have clear acceptance criteria
+- [x] User scenarios cover primary flows
+- [x] Feature meets measurable outcomes defined in Success Criteria
+- [x] No implementation details leak into specification
+
+## Validation Notes
+
+- **Content Quality**: All sections properly filled with concrete details. No implementation specifics mentioned (e.g., no API endpoints, database technologies, or UI frameworks specified).
+- **Requirements**: 13 functional requirements clearly stated with MUST language. All are testable without knowledge of technical implementation.
+- **Success Criteria**: 5 measurable outcomes with specific metrics (95% usability, 100% persistence, 35% support reduction). Technology-agnostic and user-focused.
+- **Edge Cases**: 7 edge cases identified covering authorization, empty state, concurrent requests, filtering, errors, offline scenarios, and persistence.
+- **Dependencies**: Assumptions clearly state that history table, authentication, and event sourcing already exist.
+
+## Checklist Status
+
+✅ **READY FOR PLANNING** - All quality items pass. Specification is complete and ready for `/speckit.plan`.
@@ -0,0 +1,191 @@
+openapi: 3.0.0
+info:
+  title: Bike Tracking - Ride Delete API
+  version: 1.0.0
+  description: Delete endpoint for removing rides from a user's history
+  contact:
+    name: Bike Tracking Team
+  license:
+    name: MIT
+
+servers:
+  - url: http://localhost:5000/api
+    description: Local development (Aspire)
+  - url: https://api.biketracking.local/api
+    description: User machine (deployed)
+
+paths:
+  /rides/{rideId}:
+    delete:
+      summary: Delete a ride
+      description: |
+        Delete a ride from the authenticated user's history. Returns 200 OK even if the ride
+        is already deleted (idempotent). Requires valid authentication token.
+      operationId: deleteRide
+      tags:
+        - Rides
+      parameters:
+        - name: rideId
+          in: path
+          required: true
+          description: UUID of the ride to delete (e.g., 550e8400-e29b-41d4-a716-446655440000)
+          schema:
+            type: string
+            format: uuid
+      security:
+        - BearerAuth: []
+      responses:
+        '200':
+          description: Ride deleted successfully or already deleted (idempotent)
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/DeleteRideSuccessResponse'
+              examples:
+                success:
+                  summary: Successful deletion
+                  value:
+                    rideId: 550e8400-e29b-41d4-a716-446655440000
+                    deletedAt: "2026-03-30T14:22:15Z"
+                    message: Ride deleted successfully.
+                    isIdempotent: false
+                idempotent:
+                  summary: Already deleted (idempotent)
+                  value:
+                    rideId: 550e8400-e29b-41d4-a716-446655440000
+                    deletedAt: "2026-03-30T13:15:00Z"
+                    message: Ride was already deleted.
+                    isIdempotent: true
+        '400':
+          description: Invalid request format
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              examples:
+                badUuid:
+                  summary: Malformed UUID
+                  value:
+                    error: INVALID_RIDE_ID
+                    message: Invalid ride ID format. Must be a valid UUID.
+                    rideId: not-a-uuid
+                    timestamp: "2026-03-30T14:22:15Z"
+        '401':
+          description: Authentication required or invalid
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              examples:
+                noAuth:
+                  summary: Missing authorization header
+                  value:
+                    error: MISSING_AUTH
+                    message: Authorization header is required.
+                    timestamp: "2026-03-30T14:22:15Z"
+                badToken:
+                  summary: Expired or invalid token
+                  value:
+                    error: INVALID_TOKEN
+                    message: The provided token is expired or malformed.
+                    timestamp: "2026-03-30T14:22:15Z"
+        '403':
+          description: User not authorized to delete this ride
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              example:
+                error: NOT_RIDE_OWNER
+                message: You do not have permission to delete this ride.
+                rideId: 550e8400-e29b-41d4-a716-446655440000
+                timestamp: "2026-03-30T14:22:15Z"
+        '404':
+          description: Ride not found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              example:
+                error: RIDE_NOT_FOUND
+                message: No ride found with the specified ID.
+                rideId: 550e8400-e29b-41d4-a716-446655440000
+                timestamp: "2026-03-30T14:22:15Z"
+        '500':
+          description: Server error (e.g., database or outbox failure)
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              example:
+                error: OUTBOX_ERROR
+                message: Failed to persist deletion event. Please try again later.
+                timestamp: "2026-03-30T14:22:15Z"
+
+components:
+  securitySchemes:
+    BearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+      description: JWT token obtained from user login. Include in Authorization header as "Bearer {token}"
+
+  schemas:
+    DeleteRideSuccessResponse:
+      type: object
+      required:
+        - rideId
+        - deletedAt
+        - message
+      properties:
+        rideId:
+          type: string
+          format: uuid
+          description: ID of the deleted ride
+          example: 550e8400-e29b-41d4-a716-446655440000
+        deletedAt:
+          type: string
+          format: date-time
+          description: UTC timestamp when the ride was deleted
+          example: "2026-03-30T14:22:15Z"
+        message:
+          type: string
+          description: Success message
+          example: Ride deleted successfully.
+        isIdempotent:
+          type: boolean
+          description: Whether this was an idempotent response (ride was already deleted)
+          example: false
+
+    ErrorResponse:
+      type: object
+      required:
+        - error
+        - message
+      properties:
+        error:
+          type: string
+          enum:
+            - INVALID_RIDE_ID
+            - MISSING_AUTH
+            - INVALID_TOKEN
+            - NOT_RIDE_OWNER
+            - RIDE_NOT_FOUND
+            - OUTBOX_ERROR
+          description: Machine-readable error code
+          example: NOT_RIDE_OWNER
+        message:
+          type: string
+          description: Human-readable error message
+          example: You do not have permission to delete this ride.
+        rideId:
+          type: string
+          format: uuid
+          description: The ride ID from the request (may be null if request malformed)
+          example: 550e8400-e29b-41d4-a716-446655440000
+          nullable: true
+        timestamp:
+          type: string
+          format: date-time
+          description: UTC timestamp of the error
+          example: "2026-03-30T14:22:15Z"
@@ -0,0 +1,60 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "RideDeleted Event",
+  "description": "Event emitted when a user deletes a ride from their history. Immutable and append-only.",
+  "type": "object",
+  "required": ["eventType", "rideId", "userId", "deletedAt", "deletedBy"],
+  "properties": {
+    "eventType": {
+      "type": "string",
+      "enum": ["RideDeleted"],
+      "description": "Event type identifier"
+    },
+    "rideId": {
+      "type": "string",
+      "format": "uuid",
+      "description": "UUID of the ride being deleted",
+      "example": "550e8400-e29b-41d4-a716-446655440000"
+    },
+    "userId": {
+      "type": "string",
+      "description": "ID of the ride owner (user who created the ride). Must match deletedBy for user-initiated deletions.",
+      "example": "user-42"
+    },
+    "deletedAt": {
+      "type": "string",
+      "format": "date-time",
+      "description": "UTC timestamp when the deletion was persisted to the event store. Set by the server.",
+      "example": "2026-03-30T14:22:15Z"
+    },
+    "deletedBy": {
+      "type": "string",
+      "description": "ID of the user who requested the deletion. In the current design, always equals userId. Future use: may differ if admin deletion is implemented.",
+      "example": "user-42"
+    }
+  },
+  "additionalProperties": false,
+  "examples": [
+    {
+      "eventType": "RideDeleted",
+      "rideId": "550e8400-e29b-41d4-a716-446655440000",
+      "userId": "user-42",
+      "deletedAt": "2026-03-30T14:22:15Z",
+      "deletedBy": "user-42"
+    },
+    {
+      "eventType": "RideDeleted",
+      "rideId": "6ba7b810-9dad-11d1-80b4-00c04fd430c8",
+      "userId": "user-99",
+      "deletedAt": "2026-03-30T10:05:30Z",
+      "deletedBy": "user-99"
+    }
+  ],
+  "notes": {
+    "immutability": "This event is immutable. Once persisted to the event store, it is never modified or deleted.",
+    "audit": "This event is retained indefinitely in the event store for compliance and temporal queries.",
+    "idempotency": "Multiple deletion requests for the same ride will only append one RideDeleted event. Subsequent requests return idempotent success without appending duplicate events.",
+    "backwards_compatibility": "Future versions may allow deletedBy to differ from userId (e.g., for admin deletion). Consumers should not assume they are always equal.",
+    "related_events": ["RideCreated", "RideEdited"]
+  }
+}