Developer Documentation: How to Write, Maintain, and Never Let It Rot

Sprint 1:   Code written → docs written (accurate)
Sprint 3:   Code changed → docs not updated (slightly wrong)
Sprint 6:   Docs ignored because "they're always wrong"
Sprint 12:  New joiner asks questions → senior dev explains verbally
Sprint 18:  Senior dev leaves → knowledge is gone
Sprint 24:  "Why did we use DynamoDB here?" — nobody knows

1. What is this? (one paragraph, plain English)
2. How do I run it locally? (exact commands, no assumptions)
3. How do I run the tests?
4. What does the folder structure mean?
5. Where do I go for more help?

# Appointment Booking Service

Handles scheduling, slot management, and confirmation notifications
for the MyBCAT healthcare platform.

## Quick Start

Prerequisites: Node 20+, Docker Desktop running

\`\`\`bash
git clone https://github.com/mybcat/appointment-service
cd appointment-service
cp .env.example .env.local
docker-compose up -d        # starts DynamoDB Local + LocalStack
npm install
npm run dev                 # http://localhost:3001
\`\`\`

## Running Tests

\`\`\`bash
npm test                    # unit tests
npm run test:integration    # requires Docker running
npm run test:coverage       # coverage report in /coverage
\`\`\`

## Project Structure

\`\`\`
src/
  api/          HTTP handlers (thin — just parse and delegate)
  domain/       Business logic (no framework dependencies)
  infrastructure/ DynamoDB, SQS, external API clients
  shared/       Types, utilities, constants
tests/
  unit/         Pure function tests, no I/O
  integration/  Tests against real DynamoDB Local
\`\`\`

## Architecture

See [docs/architecture/overview.md](docs/architecture/overview.md)

## Runbook

See [docs/runbook.md](docs/runbook.md) for production operations

New developer: "Why are we using DynamoDB for this? PostgreSQL 
               would be much simpler."

Senior dev:    "Because two years ago we had a requirement to 
               support 50,000 concurrent users for a US health 
               system rollout. The original engineer chose Dynamo 
               for the write throughput. The rollout never 
               happened but we kept it."

New developer: "So we could migrate to Postgres now?"

Senior dev:    "Maybe. I don't know all the constraints. The 
               engineer who built it left last year."

# ADR-007: Use DynamoDB for Appointment Slot Storage

**Date:** 2024-03-15  
**Status:** Accepted  
**Deciders:** Sarah Chen (Lead), Marcus Williams (Architect)

## Context

The appointment booking system needs to handle slot availability 
reads and writes for potentially 50,000 concurrent users during 
peak scheduling windows (Monday 9am, post-holiday rushes).

Initial load testing on PostgreSQL showed connection pool exhaustion 
above 5,000 concurrent users. RDS Aurora Serverless was evaluated 
but the cold start latency (up to 30s) was unacceptable for a 
booking flow.

## Decision

Use DynamoDB with a single-table design for appointment slots, 
availability windows, and booking records.

Partition key: `PK = PRACTICE#<practiceId>`  
Sort key: `SK = SLOT#<date>#<time>#<providerId>`

## Consequences

**Positive:**
- Handles 50,000+ concurrent writes with consistent sub-10ms latency
- No connection pool management
- Pay-per-request pricing scales to zero outside business hours

**Negative:**
- Query patterns must be known at design time (no ad-hoc queries)
- Reporting queries (analytics, aggregations) need to be done 
  separately via DynamoDB Streams → Lambda → PostgreSQL read model
- New developers unfamiliar with single-table design have a 
  learning curve

## Alternatives Considered

- **PostgreSQL + PgBouncer:** Simpler, but load testing showed 
  connection exhaustion at scale. Kept as the read model for analytics.
- **Aurora Serverless v2:** Evaluated but minimum capacity unit 
  cost was higher than DynamoDB at our usage patterns.
- **Redis:** Considered for slot caching but adds operational 
  complexity without solving the write throughput problem.

docs/
  adr/
    0001-use-nextjs-for-frontend.md
    0002-jwt-not-sessions.md
    0003-single-table-dynamodb-design.md
    0004-eventbridge-for-post-call-workflow.md
    0007-dynamodb-for-appointment-slots.md

/// <summary>
/// Book an appointment slot for a patient.
/// </summary>
/// <param name="request">The booking request with slot ID, patient ID, and reason.</param>
/// <returns>The confirmed appointment with confirmation number.</returns>
/// <response code="201">Appointment created successfully.</response>
/// <response code="409">Slot is no longer available (race condition — retry).</response>
/// <response code="422">Request validation failed.</response>
[HttpPost("appointments")]
[ProducesResponseType(typeof(AppointmentResponse), StatusCodes.Status201Created)]
[ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status409Conflict)]
[ProducesResponseType(typeof(ValidationProblemDetails), StatusCodes.Status422UnprocessableEntity)]
public async Task<IActionResult> BookAppointment([FromBody] BookAppointmentRequest request)
{
    // ...
}

// Program.cs
builder.Services.AddSwaggerGen(c =>
{
    c.SwaggerDoc("v1", new OpenApiInfo
    {
        Title = "Appointment Booking API",
        Version = "v1",
        Description = "Manages slot availability and appointment booking for MyBCAT"
    });
    
    // Include XML comments
    var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
    var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
    c.IncludeXmlComments(xmlPath);
});

app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Booking API v1"));

import { z } from 'zod';
import { extendZodWithOpenApi } from '@asteasolutions/zod-to-openapi';

extendZodWithOpenApi(z);

const BookAppointmentRequest = z.object({
  slotId: z.string().uuid().openapi({ description: 'The slot to book' }),
  patientId: z.string().openapi({ description: 'Patient identifier from Cognito' }),
  reason: z.string().max(500).openapi({ description: 'Reason for visit' }),
  idempotencyKey: z.string().uuid().openapi({ 
    description: 'Prevent duplicate bookings on retry. Generate once per booking attempt.' 
  }),
}).openapi('BookAppointmentRequest');

from pydantic import BaseModel, Field
from fastapi import FastAPI

class BookAppointmentRequest(BaseModel):
    slot_id: str = Field(..., description="The slot to book", example="slot_2024_03_15_09_00")
    patient_id: str = Field(..., description="Patient identifier")
    reason: str = Field(..., max_length=500, description="Reason for visit")
    
    class Config:
        schema_extra = {
            "example": {
                "slot_id": "slot_2024_03_15_09_00",
                "patient_id": "patient_abc123",
                "reason": "Annual checkup"
            }
        }

app = FastAPI(title="Appointment API", version="1.0.0")

@app.post("/appointments", response_model=AppointmentResponse, status_code=201)
async def book_appointment(request: BookAppointmentRequest):
    """
    Book an appointment slot.
    
    Returns 409 if the slot was taken between viewing and booking (retry with a different slot).
    Returns 422 if the idempotency key was already used for a different slot.
    """

## Appointment Booking Flow

\`\`\`mermaid
sequenceDiagram
    participant U as Patient (Browser)
    participant AG as API Gateway
    participant BS as Booking Service
    participant DB as DynamoDB
    participant SQS as SQS Queue
    participant NS as Notification Service

    U->>AG: POST /appointments {slotId, patientId}
    AG->>AG: Validate JWT
    AG->>BS: Forward request
    BS->>DB: TransactWrite (reserve slot + create appointment)
    
    alt Slot available
        DB-->>BS: Success
        BS->>SQS: send_message(appointment_confirmed)
        BS-->>AG: 201 Created {appointmentId, confirmationNo}
        AG-->>U: 201 Created
        SQS-->>NS: Process async (send SMS + email)
    else Slot taken (race condition)
        DB-->>BS: ConditionalCheckFailedException
        BS-->>AG: 409 Conflict {message: "Slot no longer available"}
        AG-->>U: 409 Conflict
    end
\`\`\`

workspace "MyBCAT Platform" {

    model {
        patient = person "Patient" "Books appointments via web or phone"
        agent = person "Agent" "Handles calls, views schedules in dashboard"
        
        platform = softwareSystem "MyBCAT Platform" {
            webApp = container "Web Application" "Next.js" "Patient-facing booking UI"
            agentDashboard = container "Agent Dashboard" "React" "Internal agent tooling"
            bookingApi = container "Booking API" "Python Lambda" "Appointment management"
            callApi = container "Call API" "Python Lambda" "Amazon Connect integration"
            appointmentDb = container "DynamoDB" "NoSQL" "Appointments, slots, patients"
            callDb = container "DynamoDB" "NoSQL" "Call logs, transcriptions"
            messageQueue = container "SQS" "Queue" "Post-booking async tasks"
        }
        
        patient -> webApp "Books appointments"
        agent -> agentDashboard "Manages schedule, views caller"
        webApp -> bookingApi "API calls"
        agentDashboard -> callApi "API calls"
        bookingApi -> appointmentDb "Read/write"
        bookingApi -> messageQueue "Publish events"
    }
    
    views {
        systemContext platform "Context" {
            include *
            autolayout lr
        }
        container platform "Containers" {
            include *
            autolayout lr
        }
    }
}

@startuml
package "Booking Domain" {
  class AppointmentService {
    + bookSlot(request: BookRequest): Appointment
    + cancelAppointment(id: string): void
    + getAvailableSlots(date: Date): Slot[]
  }
  
  class Appointment {
    + id: string
    + slotId: string
    + patientId: string
    + status: AppointmentStatus
    + confirmationNumber: string
  }
  
  enum AppointmentStatus {
    CONFIRMED
    CANCELLED
    NO_SHOW
    COMPLETED
  }
  
  AppointmentService --> Appointment : creates
  Appointment --> AppointmentStatus : uses
}
@enduml

# Appointment Service — Runbook

## Alerts and What They Mean

### HIGH_DLQ_DEPTH — SQS Dead Letter Queue depth > 10

**What it means:** Messages failed processing 3 times and landed in the DLQ.
This means appointments were booked but confirmation emails/SMS were not sent.

**Immediate impact:** Patients booked appointments but did not receive confirmation.
The appointment IS in DynamoDB — data is not lost. Only notifications are affected.

**Steps:**
1. Check CloudWatch Logs for the notification Lambda:
   `aws logs tail /aws/lambda/notification-processor --since 1h`
   
2. Look for the error pattern. Common causes:
   - Twilio API down → check https://status.twilio.com
   - Patient phone number invalid → data issue, fix and redrive
   - Lambda timeout → check if Twilio is slow, increase timeout in Terraform
   
3. If Twilio is down: wait for recovery, then redrive from DLQ:
   `aws sqs start-message-move-task --source-queue-url <DLQ_URL>`
   
4. If data issue: fix the data, then redrive. Do NOT redrive without fixing 
   or you will get the same failures again.

### BOOKING_5XX_SPIKE — Booking API error rate > 1% for 5 minutes

**What it means:** The booking Lambda is failing.

**Steps:**
1. Check Lambda error logs:
   `aws logs tail /aws/lambda/booking-handler --since 15m --filter "ERROR"`
   
2. Check DynamoDB throttling:
   CloudWatch > DynamoDB > Table: appointments > ConsumedWriteCapacityUnits
   
3. If DynamoDB throttling: temporarily increase capacity in AWS Console 
   (Terraform update to follow in business hours)
   
4. Escalate to: @sarah-chen (lead) if unresolved after 20 minutes

# Pull Request

## What changed?

## Why?

## Documentation checklist
- [ ] README updated if setup/run steps changed
- [ ] ADR created if an architectural decision was made
- [ ] OpenAPI annotations updated if API contract changed
- [ ] Runbook updated if new alerts/failure modes introduced
- [ ] Diagrams updated if service relationships changed

# .github/workflows/docs.yml
name: Documentation Checks

on: [pull_request]

jobs:
  openapi-validation:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Validate OpenAPI spec
        uses: actions/setup-node@v4
        with:
          node-version: 20
          
      - run: npm install -g @redocly/cli
      
      - name: Lint OpenAPI spec
        run: redocly lint docs/openapi.yaml
        
      - name: Check for breaking changes
        run: |
          git fetch origin main
          npx openapi-diff \
            origin/main:docs/openapi.yaml \
            docs/openapi.yaml \
            --fail-on-incompatible

  adr-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Check for ADR if decision tag present
        run: |
          # If PR title contains [decision], require a new ADR file
          if echo "${{ github.event.pull_request.title }}" | grep -q "\[decision\]"; then
            NEW_ADRS=$(git diff --name-only origin/main | grep "^docs/adr/" | grep "\.md$")
            if [ -z "$NEW_ADRS" ]; then
              echo "PR title contains [decision] but no ADR file was added to docs/adr/"
              echo "Create an ADR before merging."
              exit 1
            fi
          fi

  readme-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Check README updated with Docker changes
        run: |
          DOCKER_CHANGED=$(git diff --name-only origin/main | grep -E "Dockerfile|docker-compose")
          README_CHANGED=$(git diff --name-only origin/main | grep -E "README")
          
          if [ -n "$DOCKER_CHANGED" ] && [ -z "$README_CHANGED" ]; then
            echo "Warning: Docker files changed but README not updated."
            echo "If the setup steps changed, update the README."
            # This is a warning, not a failure — adjust to exit 1 if strict enforcement wanted
          fi

/// <summary>
/// Books an appointment slot atomically.
/// Uses DynamoDB conditional writes to prevent double-booking.
/// See ADR-007 for why DynamoDB was chosen over PostgreSQL.
/// </summary>
/// <exception cref="SlotUnavailableException">
/// Thrown when the slot was taken between viewing and booking.
/// Caller should display "slot no longer available" and prompt re-selection.
/// </exception>
public async Task<Appointment> BookSlotAsync(BookSlotCommand command)

/**
 * Books an appointment slot.
 * 
 * Uses DynamoDB TransactWrite to atomically reserve the slot and create
 * the appointment record. If the slot is taken between viewing and booking,
 * throws SlotUnavailableError — callers should handle this as a 409.
 *
 * @see {@link https://github.com/mybcat/docs/adr/0007-dynamodb-slots.md | ADR-007}
 */
export async function bookSlot(request: BookSlotRequest): Promise<Appointment>

def book_slot(request: BookSlotRequest) -> Appointment:
    """
    Book an appointment slot atomically.
    
    Uses DynamoDB TransactWrite to prevent double-booking.
    If the slot is taken between viewing and booking, raises SlotUnavailableError.
    
    Args:
        request: Contains slot_id, patient_id, reason, idempotency_key
        
    Returns:
        Confirmed appointment with confirmation_number
        
    Raises:
        SlotUnavailableError: Slot was taken (race condition). Caller should
            show "slot no longer available" and prompt re-selection.
        DuplicateBookingError: idempotency_key was already used for a 
            different slot. Return 422.
    """

interface AppointmentCardProps {
  /** The appointment to display. Must be a confirmed appointment — 
   *  pending/cancelled use different components. */
  appointment: ConfirmedAppointment;
  
  /** Called when the patient clicks "Cancel". 
   *  Cancellation happens asynchronously — component handles loading state. */
  onCancel: (appointmentId: string) => void;
  
  /** Show the provider name. Default: true. 
   *  Set false in contexts where provider is shown in parent (e.g. provider view). */
  showProvider?: boolean;
}

/**
 * Displays a confirmed appointment with options to cancel or reschedule.
 * 
 * @example
 * <AppointmentCard
 *   appointment={appointment}
 *   onCancel={handleCancel}
 * />
 */
export function AppointmentCard({ appointment, onCancel, showProvider = true }: AppointmentCardProps)

// AppointmentCard.stories.tsx
import type { Meta, StoryObj } from '@storybook/react';
import { AppointmentCard } from './AppointmentCard';

const meta: Meta<typeof AppointmentCard> = {
  title: 'Booking/AppointmentCard',
  component: AppointmentCard,
  parameters: {
    docs: {
      description: {
        component: 'Displays a confirmed appointment. Use AppointmentSummaryCard for compact list views.'
      }
    }
  }
};

export const Default: StoryObj<typeof AppointmentCard> = {
  args: {
    appointment: {
      id: 'apt_123',
      confirmationNumber: 'MBC-2024-001234',
      date: '2024-03-15',
      time: '09:00',
      provider: 'Dr. Sarah Chen',
      reason: 'Annual checkup'
    }
  }
};

export const WithoutProvider: StoryObj<typeof AppointmentCard> = {
  args: { ...Default.args, showProvider: false },
  parameters: {
    docs: { description: { story: 'Used in provider dashboard where provider context is already shown.' } }
  }
};

# Changelog

All notable changes to the Appointment API are documented here.
Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)

## [Unreleased]

### Added
- Patient can now attach a file (e.g. referral letter) to a booking request

## [2.4.0] — 2026-04-15

### Added
- `GET /appointments/{id}/history` — returns full status change history
- `reason` field on cancellation request (previously only captured internally)

### Changed
- Slot availability now returns up to 30 days ahead (previously 14 days)
- Confirmation emails now include ICS calendar attachment

### Fixed
- Race condition where two patients could book the same slot within 50ms
  (fixed with DynamoDB conditional write — see ADR-019)

### Deprecated
- `GET /slots?date=` parameter will be removed in v3.0. 
  Use `GET /slots?from=&to=` instead.

## [2.3.1] — 2026-03-28

### Fixed
- Notification Lambda was not retrying on Twilio 503 responses

HTTP/1.1 200 OK
Deprecation: Sun, 31 Dec 2023 23:59:59 GMT
Sunset: Sat, 30 Jun 2024 23:59:59 GMT
Link: <https://docs.github.com/changes/2023-migration>; rel="deprecation"

// WARNING: This method is called ~40 million times per second across the fleet.
// Do not add any I/O, logging, or object allocation here.
// The 2019 outage (INC-4892) was caused by a debug log statement in this path.
// See https://internal/postmortems/2019-dec-outage
private boolean isEligibleForCaching(ContentId contentId) {

1. Onboarding test
   └─ Can a developer who has never seen this service run it locally
      within 30 minutes using only the README?
      Pass: README is accurate and complete
      Fail: Update the README

2. Decision test
   └─ Pick any major architectural choice in this service (database, 
      framework, message broker, auth strategy).
      Can you find the written reason for that choice?
      Pass: ADR exists and is linked from the README or inline
      Fail: Create an ADR retroactively (better late than never)

3. API test
   └─ Is there an auto-generated API doc that you can point a 
      new integrator to?
      Pass: Swagger/OpenAPI accessible and accurate
      Fail: Add Swashbuckle/FastAPI docs or OpenAPI annotations

4. Diagram test
   └─ Is there a sequence diagram or architecture diagram for the 
      main flow of this service? Is it in the repository?
      Pass: Mermaid/C4 diagram in docs/ folder
      Fail: Draw or update the diagram in Mermaid and commit it

5. Runbook test
   └─ If this service paged you at 3am, would you know where to 
      start without asking anyone?
      Pass: Runbook exists and covers the top 3 alerts
      Fail: Write the runbook for at least the most common failure