BidOS › Projects › E2E Verify Direct Scoping

E2E Verify Direct Scoping

Build Failed
#12 Created May 30, 2026
Status History
May 30, 10:30 PM Pending
May 30, 10:30 PM In Progress
Intake Form
budget small
timeline 1 week
description A simple task tracker with Express.js and PostgreSQL. Users can create projects, add tasks with due dates, and mark them complete. REST API with JWT auth.
Technical Specification
Frontend
None (REST API only)
Backend
Express.js REST API (Node.js)
Database
PostgreSQL via Neon (serverless)
Hosting
Render (Node.js free tier)
Summary

A lightweight REST API task tracker built with Express.js and PostgreSQL that allows users to organize work into projects and manage tasks with due dates and completion tracking. The API is secured with JWT authentication ensuring users can only access their own data. Its simplicity and clean architecture make it an ideal foundation for a frontend client or mobile app to be added later.

File Structure
server.js Entry point: initializes Express app, middleware, and starts the HTTP server
config/db.js PostgreSQL connection pool setup using pg library with Neon connection string
config/jwt.js JWT secret config and helper functions for signing and verifying tokens
middleware/auth.js Express middleware to validate JWT from Authorization header and attach user to req
middleware/errorHandler.js Global error handling middleware that returns consistent JSON error responses
routes/auth.js Auth routes: POST /auth/register and POST /auth/login
routes/projects.js CRUD routes for projects: GET, POST, PUT, DELETE /projects and /projects/:id
routes/tasks.js CRUD routes for tasks nested under projects: /projects/:projectId/tasks and /tasks/:id
controllers/authController.js Handles user registration with bcrypt password hashing and login with JWT issuance
controllers/projectsController.js Business logic for creating, reading, updating, and deleting projects scoped to authenticated user
controllers/tasksController.js Business logic for managing tasks including due date handling and completion toggling
models/userModel.js SQL queries for user creation and lookup by email
models/projectModel.js SQL queries for project CRUD operations filtered by owner user_id
models/taskModel.js SQL queries for task CRUD operations including filtering by project and completion status
db/migrations/001_create_users.sql SQL migration to create the users table with id, email, password_hash, created_at
db/migrations/002_create_projects.sql SQL migration to create the projects table with id, user_id FK, name, description, created_at
db/migrations/003_create_tasks.sql SQL migration to create the tasks table with id, project_id FK, title, due_date, is_complete, created_at
db/seed.js Optional seed script to insert sample users, projects, and tasks for development testing
.env.example Template for required environment variables: DATABASE_URL, JWT_SECRET, PORT
package.json Project dependencies and npm scripts for start, dev (nodemon), and migrate
README.md API documentation listing all endpoints, request/response shapes, and setup instructions
Features (6)
User Registration & Login P1
Allow users to register with email/password and receive a JWT on successful login.
  • POST /auth/register accepts email and password, hashes password with bcrypt (salt rounds >= 10), stores user, returns 201 with user id and email
  • POST /auth/login verifies credentials, returns signed JWT with userId in payload and 1-day expiry
  • Duplicate email registration returns 409 Conflict
  • Invalid login credentials return 401 Unauthorized
  • Password is never returned in any response
JWT Authentication Middleware P1
Protect all project and task routes by validating the Bearer JWT on every request.
  • Requests without Authorization header return 401
  • Requests with expired or invalid JWT return 401 with descriptive message
  • Valid JWT attaches decoded user object (userId) to req.user for downstream use
  • Auth routes /auth/register and /auth/login are publicly accessible without a token
Project Management P2
Authenticated users can create, list, update, and delete their own projects.
  • POST /projects creates a project with name (required) and optional description, returns 201 with project object
  • GET /projects returns only projects belonging to the authenticated user
  • GET /projects/:id returns a single project only if it belongs to the authenticated user, else 404
  • PUT /projects/:id updates name and/or description, returns updated project
  • DELETE /projects/:id deletes project and cascades to delete all associated tasks, returns 204
  • Attempting to access another user's project returns 404 (not 403, to avoid enumeration)
Task Management P2
Users can add tasks with due dates to their projects, update them, and delete them.
  • POST /projects/:projectId/tasks creates a task with title (required) and optional due_date (ISO 8601 date string), returns 201
  • GET /projects/:projectId/tasks returns all tasks for the project, optionally filtered by ?complete=true|false query param
  • GET /tasks/:id returns a single task if the parent project belongs to the authenticated user
  • PUT /tasks/:id allows updating title and/or due_date
  • DELETE /tasks/:id deletes the task and returns 204
  • Creating a task on a project not owned by the user returns 404
Mark Task Complete / Incomplete P3
Users can toggle a task's completion status via a dedicated endpoint.
  • PATCH /tasks/:id/complete sets is_complete to true and returns updated task
  • PATCH /tasks/:id/incomplete sets is_complete to false and returns updated task
  • Toggling a task on a project not owned by the user returns 404
  • Response includes is_complete boolean and updated_at timestamp
Input Validation & Error Handling P3
Validate all incoming request bodies and return consistent, descriptive error responses.
  • Missing required fields return 400 with a message indicating which field is missing
  • Invalid date formats for due_date return 400 with a descriptive error
  • All unhandled errors are caught by global error handler and return 500 without leaking stack traces in production
  • All success and error responses follow a consistent JSON shape: { data } or { error: { message } }
Build Log
scoping Starting AI-powered tech spec generation
scoping Starting AI-powered tech spec generation
scoping Tech spec generated successfully
start Build orchestration started for project 12
attempt Build attempt 1/3
scoping Tech spec generated successfully
start Build orchestration started for project 12
attempt Build attempt 1/3
generate Generated 22 files success
build Attempt 1 failed: added 155 packages, and audited 156 packages in 22s 19 packages are looking for funding run `npm fund` for details 3 high severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. npm error Missing script: "build" npm error npm error To see a list of scripts, run: npm error npm run npm error A complete log of this run can be found in: /opt/render/.cache/_logs/2026-05-30T22_46_52_928Z-debug-0.log failed
retry Retrying (2/3)...
attempt Build attempt 2/3
generate Attempt 2 failed: AI generation failed: 429 Daily token limit reached (100,000 tokens). Resets at midnight UTC. failed
retry Retrying (3/3)...
attempt Build attempt 3/3
generate Attempt 3 failed: AI generation failed: 429 Daily token limit reached (100,000 tokens). Resets at midnight UTC. failed
complete Build failed after 3 attempts failed
status Project status updated to Build Failed
Deliverables
📦

Deliverables become available once project reaches Review status.