# Solo Developer Quick Start Get Aphoria running on your project in 2 minutes. No team coordination, no complex setup. --- ## Prerequisites - **Rust toolchain** - `cargo --version` (Rust 1.70+) - **Git repository** - Aphoria scans code in version control - **5 minutes** - Time to install, scan, and see results --- ## Step 1: Install (30 seconds) ```bash cd /path/to/stemedb/applications/aphoria cargo install --path . ``` Verify: ```bash aphoria --version ``` **Expected output:** ``` aphoria 0.1.0 ``` --- ## Step 2: Initialize Your Project (30 seconds) ```bash cd /path/to/your-project aphoria init ``` This creates `.aphoria/config.toml` and loads the authoritative corpus (RFCs, OWASP) into your local database. **Expected output:** ``` ✓ Created .aphoria/config.toml ✓ Loaded 247 authoritative claims from corpus ✓ Project initialized: your-project ``` --- ## Step 3: Run Your First Scan (30 seconds) ```bash aphoria scan ``` **Expected output (if violations found):** ``` ┌──────────────────────┬──────┬─────────┬──────────────────────────────────────────┐ │ File │ Line │ Verdict │ Explanation │ ├──────────────────────┼──────┼─────────┼──────────────────────────────────────────┤ │ api/client.py │ 42 │ BLOCK │ TLS cert verification disabled │ │ │ │ │ (RFC 5246: MUST verify, confidence: 0.92)│ ├──────────────────────┼──────┼─────────┼──────────────────────────────────────────┤ │ config/settings.py │ 18 │ FLAG │ DEBUG=True in production config │ │ │ │ │ (OWASP: SHOULD disable, confidence: 0.68)│ └──────────────────────┴──────┴─────────┴──────────────────────────────────────────┘ Summary: 1 BLOCK, 1 FLAG, 0 PASS Scan completed in 0.24s ``` **Expected output (if clean):** ``` ✓ No violations found ``` --- ## Step 4: Understand the Results ### Verdicts | Verdict | Meaning | Confidence Threshold | |---------|---------|---------------------| | **BLOCK** | Critical violation - production risk | ≥ 0.7 | | **FLAG** | Warning - best practice violation | ≥ 0.5 | | **PASS** | No conflict with authoritative sources | < 0.5 | ### What Aphoria Catches - **TLS/SSL:** Disabled cert verification, weak protocols (SSLv3, TLS 1.0) - **Authentication:** Missing token validation, disabled CSRF protection - **Configuration:** Debug mode in production, hardcoded secrets - **Framework Security:** Django DEBUG=True, Flask CSRF disabled, Express without helmet --- ## Next Steps ### Option A: Add Pre-Commit Hook (Recommended) Block insecure code before it reaches your repo: ```bash # Add to .pre-commit-config.yaml repos: - repo: local hooks: - id: aphoria name: Aphoria security check entry: aphoria scan --staged --exit-code language: system pass_filenames: false ``` Then: ```bash pre-commit install ``` Now every commit is checked automatically. ### Option B: Learn by Example Follow the complete [Database Connection Pool Example](../../dogfood/dbpool/) to see: - How to extract claims from technical documentation (HikariCP, PostgreSQL) - How Aphoria catches violations (7-8 real examples) - How to fix violations incrementally - How to validate your environment is working **Time:** 20 minutes to read, optional 5-day hands-on exercise ### Option C: Dive Deeper - [Solo Developer Guide](../guides/solo-developer-guide.md) - Comprehensive workflows - [CLI Reference](../cli-reference.md) - All commands and options - [Comparison Modes](../comparison-modes.md) - How conflicts are evaluated --- ## Troubleshooting ### "Corpus database not found" ```bash # Initialize project first aphoria init # Or specify corpus DB location export STEMEDB_CORPUS_DB_DIR=/path/to/corpus-db ``` ### "No violations found" (but you expected some) ```bash # Enable debug logging to see what extractors are doing RUST_LOG=aphoria=debug aphoria scan # Check which extractors ran aphoria scan --show-observations ``` ### "Scan is slow" Ephemeral mode (default) should be fast (< 0.3s). If slow: ```bash # Check file count find . -name "*.rs" -o -name "*.py" | wc -l # Exclude large directories # Edit .aphoria/config.toml: [scan] exclude = ["target/", "node_modules/", "venv/"] ``` --- ## Support - **Installation issues:** Check [Solo Developer Guide: Installation](../guides/solo-developer-guide.md#1-install) - **Custom patterns:** See [Architecture: Extractors](../architecture/README.md#extractors) - **Enterprise setup:** See [Enterprise Quick Start](../guides/enterprise-quick-start.md)