openMF
diff --git a/‎.github/workflows/jfrog-publish.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/jfrog-publish.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/maven-build.yml‎
Lines changed: 134 additions & 0 deletions b/‎.github/workflows/maven-build.yml‎
Lines changed: 134 additions & 0 deletions
diff --git a/‎.mvn/wrapper/maven-wrapper.properties‎
Lines changed: 1 addition & 1 deletion b/‎.mvn/wrapper/maven-wrapper.properties‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎AGENTS.md‎
Lines changed: 172 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 172 additions & 0 deletions
@@ -14,13 +14,13 @@ jobs:
       - name: Set up Java for publishing to Mifos Artifactory
         uses: actions/setup-java@v5
         with:
-          java-version: '17'
-          distribution: 'adopt'
+          java-version: '21'
+          distribution: 'zulu'
           server-id: central
           server-username: ARTIFACTORY_USERNAME
           server-password: ARTIFACTORY_PASSWORD
       - name: Publish to the Mifos Artifactory
-        run: mvn -Dmaven.test.skip=true --batch-mode deploy
+        run: mvn -DskipITs --batch-mode deploy
         env:
           ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
@@ -0,0 +1,134 @@
+name: Java CI with Maven
+
+on:
+  push:
+    branches: ["develop"]
+  pull_request:
+    branches: ["develop"]
+
+jobs:
+  # ── Job 1: Unit Tests — fast gate (~60s) ─────────────────────────────────
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Source Code
+        uses: actions/checkout@v6
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
+        with:
+          java-version: "21"
+          distribution: "zulu"
+          cache: "maven"
+
+      - name: Run Unit Tests
+        run: ./mvnw -B clean test -Dspotless.check.skip=true --file pom.xml
+
+      - name: Upload Surefire Reports
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: surefire-reports
+          path: target/surefire-reports/
+          retention-days: 7
+
+      # Upload the .exec binary so the coverage gate can merge it with IT data
+      - name: Upload Unit Test Coverage Data
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: jacoco-unit-exec
+          path: target/jacoco.exec
+          retention-days: 1
+
+  # ── Job 2: Integration Tests — Testcontainers (~5 min) ───────────────────
+  integration-tests:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    needs: unit-tests
+
+    steps:
+      - name: Checkout Source Code
+        uses: actions/checkout@v6
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
+        with:
+          java-version: "21"
+          distribution: "zulu"
+          cache: "maven"
+
+      # -Dsurefire.skip=true: compile + run only Failsafe, don't re-run unit tests
+      - name: Run Integration Tests
+        run: ./mvnw -B verify -Dspotless.check.skip=true -Dsurefire.skip=true --file pom.xml
+
+      - name: Upload Failsafe Reports
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: failsafe-reports
+          path: target/failsafe-reports/
+          retention-days: 7
+
+      # Upload the IT .exec binary for the coverage merge step
+      - name: Upload Integration Test Coverage Data
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: jacoco-it-exec
+          path: target/jacoco-it.exec
+          retention-days: 1
+
+  # ── Job 3: Coverage Gate — merges both .exec files before enforcing ───────
+  coverage-gate:
+    name: Coverage Gate
+    runs-on: ubuntu-latest
+    needs: [unit-tests, integration-tests]
+
+    steps:
+      - name: Checkout Source Code
+        uses: actions/checkout@v6
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
+        with:
+          java-version: "21"
+          distribution: "zulu"
+          cache: "maven"
+
+      # Download both .exec files produced in the previous two jobs
+      - name: Download Unit Test Coverage Data
+        uses: actions/download-artifact@v8
+        with:
+          name: jacoco-unit-exec
+          path: target/
+
+      - name: Download Integration Test Coverage Data
+        uses: actions/download-artifact@v8
+        with:
+          name: jacoco-it-exec
+          path: target/
+
+      # Compile is required so JaCoCo can map bytecode back to source lines
+      - name: Compile (no tests)
+        run: ./mvnw -B compile -Dspotless.check.skip=true --file pom.xml
+
+      # jacoco:merge reads all *.exec in target/, writes target/jacoco-merged.exec
+      # jacoco:report generates the human-readable HTML from the merged data
+      # jacoco:check enforces the ratchet thresholds (see pom.xml enforce-coverage execution)
+      - name: Merge Coverage Data and Enforce Thresholds
+        run: |
+          ./mvnw -B jacoco:merge@merge-results jacoco:report@report-merged jacoco:check@enforce-coverage \
+            -Djacoco.dataFile=target/jacoco-merged.exec \
+            -Dspotless.check.skip=true \
+            --file pom.xml
+
+      - name: Upload Merged Coverage Report
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: jacoco-merged-report
+          path: target/site/jacoco-merged/
+          retention-days: 14
@@ -1,3 +1,3 @@
 wrapperVersion=3.3.4
 distributionType=only-script
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.16/apache-maven-3.9.16-bin.zip
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.15/apache-maven-3.9.15-bin.zip
@@ -0,0 +1,172 @@
+# AGENTS.md
+
+This file provides context and guidance for AI coding assistants working with the Mifos Self Service Plugin repository.
+
+## Repository Overview
+
+The **Mifos Self Service Plugin** is a Spring Boot plugin that extends Apache Fineract to provide self-service banking capabilities to end users. It enables customers to manage their own accounts, view transactions, and perform banking operations without requiring staff intervention.
+
+### Architecture
+
+- **Framework**: Spring Boot 3 with Java 21
+- **Integration**: Apache Fineract 1.15.0-SNAPSHOT
+- **Security**: Spring Security with Basic Auth and OAuth2 support
+- **Database**: PostgreSQL/MySQL with JPA/EclipseLink
+- **API**: RESTful endpoints under `/v1/self`
+
+### Key Components
+
+- **Authentication & Security**: User authentication, permission enforcement, multi-tenant support
+- **User Management**: Self-service user registration, profile management
+- **Account Management**: Savings accounts, loan accounts, share accounts
+- **Product Discovery**: Browse available banking products
+- **Reporting**: Financial statements and transaction reports
+
+## Development Environment Setup
+
+### Prerequisites
+- Java 21
+- Maven 3.6+
+- PostgreSQL or MySQL database
+- Apache Fineract instance
+
+### Build Commands
+```bash
+# Build the plugin
+./mvnw clean package -Dmaven.test.skip=true
+
+# Run tests
+./mvnw test
+
+# Run integration tests
+./mvnw verify
+```
+
+### Database Setup
+The plugin uses Liquibase for database migrations. Scripts are located in `src/main/resources/db/changelog/`.
+
+### Running the Plugin
+This is a library/plugin that extends Apache Fineract. It runs as part of the Fineract application, not as a standalone service.
+
+#### Deployment Options:
+```bash
+# With Apache Fineract (Docker)
+java -Dloader.path=$PLUGIN_HOME/libs/ -jar fineract-provider.jar
+
+# With Apache Fineract (Tomcat)
+Copy JAR to $TOMCAT_HOME/webapps/fineract-provider/WEB-INF/lib/
+```
+
+## Coding Standards
+
+### File Structure
+```text
+src/main/java/org/apache/fineract/selfservice/
+  - security/          # Authentication and authorization
+  - useradministration/ # User management
+  - client/           # Client operations
+  - savings/          # Savings account operations
+  - loanaccount/      # Loan account operations
+  - products/         # Product browsing
+  - registration/     # User registration
+  - config/           # Configuration classes
+```
+
+### Code Style
+- Follow Google Java Format (enforced by Spotless Maven plugin)
+- Use Lombok for boilerplate reduction
+- RequiredArgsConstructor for dependency injection
+- Proper Javadoc for public APIs
+
+### Security Guidelines
+- All endpoints must be secured with appropriate permissions
+- Use `@PreAuthorize` annotations for method-level security
+- Validate all input data using DataValidators
+- Never expose sensitive information in API responses
+
+### API Design
+- Use JAX-RS annotations (`@Path`, `@GET`, `@POST`, etc.)
+- Return proper HTTP status codes
+- Use OpenAPI tags for documentation
+- Follow RESTful conventions
+
+### Testing
+- Unit tests for all service classes
+- Integration tests for API endpoints
+- Use TestContainers for database tests
+- Mock external dependencies
+
+## Common Patterns
+
+### Service Layer
+```java
+@Service
+@RequiredArgsConstructor
+public class ExampleServiceImpl implements ExampleService {
+    private final ExampleRepository repository;
+    
+    @Override
+    @Transactional
+    public Result performOperation(Command command) {
+        // Implementation
+    }
+}
+```
+
+### API Resource
+```java
+@Path("/v1/self/example")
+@Component
+@Tag(name = "Self Example", description = "Example operations")
+@RequiredArgsConstructor
+public class SelfExampleApiResource {
+    private final ExampleService service;
+    
+    @GET
+    @Path("/{id}")
+    public Response getExample(@PathParam("id") Long id) {
+        // Implementation
+    }
+}
+```
+
+### Data Validation
+```java
+@Component
+public class ExampleDataValidator {
+    private final FromJsonHelper fromJsonHelper;
+    
+    public void validate(String json) {
+        // Validation logic
+    }
+}
+```
+
+## Important Notes
+
+- This is a plugin, not a standalone application
+- Depends on Apache Fineract core modules
+- Uses multi-tenant architecture
+- Security is critical - handle with care
+- Follow Fineract coding conventions
+
+## Debugging Tips
+
+- Enable debug logging: `logging.level.org.apache.fineract.selfservice=DEBUG`
+- Use Spring Boot Actuator endpoints for monitoring
+- Check application logs for security-related issues
+- Verify database migrations in development
+
+## References
+
+- [Apache Fineract Documentation](https://fineract.apache.org/)
+- [Spring Boot Documentation](https://spring.io/projects/spring-boot)
+- [JAX-RS Specification](https://jakarta.ee/specifications/restful-ws/)
+- [Spring Security Reference](https://spring.io/projects/spring-security)
+
+## Contact
+
+For questions about this repository:
+- Create an issue on GitHub
+- Check the Mifos community forums
+- Review existing documentation and code comments