Dev Sprint 3 Report

Receipt Scanning, Multi-Section Scanning, Barcode Scanning

Report 2026-03-20 3 Stories Complete

Stories Delivered

Tests Passing

New Tests Added

Edge Function Deployed

Overview

Sprint 3 delivered the core passive capture feature for Pantry App. Users can now photograph a till slip from any major SA retailer and have items automatically extracted and added to their pantry. The sprint also delivered multi-section scanning for long receipts and barcode scanning for quick single-item logging.

The architecture uses a Supabase Edge Function as a server-side proxy to GPT-4o Vision. The browser sends the receipt image; the Edge Function validates the JWT, calls Vision, parses the structured JSON response, and returns grocery items with auto-assigned categories. No API keys are exposed in client-side code.

All 16 Sprint 2 tests continue to pass. Ten new integration tests were added covering receipt parsing logic, database writes, and barcode operations.

Deliverables

ID	Story	Detail	Status
NAV-002	Nav Updates	Added Scan to nav between Inventory and Budget, fixed Budget badge to Sprint 4	Done
CAP-001	Receipt Scanning	Full scan flow: camera capture (mobile), file upload (all), processing state, review screen with editable items, confirm writes to inventory_items + receipts	Done
CAP-002	Multi-Section Scanning	"Add another section" button on review, appends new scan results, merges duplicates by name (quantities summed), session held in React state	Done
CAP-003	Barcode Scanning	/scan/barcode route, @zxing/browser for real-time camera scanning, barcode lookup against inventory, increment or create new, manual fallback	Done

Architecture Decision

Receipt scanning uses GPT-4o Vision via a Supabase Edge Function. This keeps the OpenAI API key on the server and out of client-side code entirely.

Edge Function

Located at react-app/supabase/functions/scan-receipt/index.ts. Validates the user JWT before calling the Vision API. Returns structured JSON with item name, quantity, unit, and category.

CORS and Auth

CORS headers configured for pantry-app.tapfumamv.com. JWT validation ensures only authenticated users can trigger scans.

Category Auto-Assignment

SA grocery keywords are matched to categories (Dairy, Bakery, Meat, Produce, etc.) during parsing. Unrecognised items default to "Other".

No Client-Side Key Exposure

The browser sends the image to the Edge Function. The Edge Function holds the OpenAI key. At no point does the client need or receive the API key.

Integration Test Coverage

Tests Total

Carried from Sprint 2

New this Sprint

26/26

Passing

Test ID	Description	Result
CAP-001-parse-1	Parse valid Vision response into structured items	Pass
CAP-001-parse-2	Handle JSON string payload from API	Pass
CAP-001-parse-3	Assign categories by keyword matching (Dairy, Bakery, Meat, etc.)	Pass
CAP-001-parse-4	Normalize items with invalid fields (default quantity, unit)	Pass
CAP-001-parse-5	Merge duplicate items from multi-section scanning	Pass
CAP-001-parse-6	Reject malformed JSON string	Pass
CAP-001-parse-7	Return empty items for empty array	Pass
CAP-001-write	Confirm flow writes items to inventory_items and receipt to receipts	Pass
CAP-003-1	Increment quantity when barcode matches existing item	Pass
CAP-003-2	Create new item when barcode not found	Pass

Sprint Success Criteria

✓ Lerato can photograph a Woolworths or Checkers receipt and see parsed items in the review screen
✓ Confirming the review adds items to the inventory and a record to receipts
✓ Multi-scan adds a second receipt's items to the same review session
✓ Grace can scan a barcode and have the item added or incremented
✓ All 16 Sprint 2 tests still pass
✓ 10 new Sprint 3 integration tests all pass (26/26 total)
✓ No route in the app has a broken layout or stale placeholder text
✓ Sprint report, retro, and backlog update all done

Sprint 3 Retrospective

Conducted at sprint close, 2026-03-20. Format: 3 standard questions plus action items.

What Went Well

✓Existing receiptScan.js library provided a solid foundation. Category keyword matching and item merging were pre-built from Sprint 2 scaffolding.
✓GPT-4o Vision via Edge Function architecture cleanly separates concerns. No client-side API key risk at any point.
✓Multi-section scanning (CAP-002) was straightforward. Once the review screen state management was solid, adding another section was a small incremental change.
✓All 16 Sprint 2 tests continued to pass with zero regressions. The test suite caught nothing because nothing broke.

What Could Be Improved

Edge Function deployment requires a Supabase management API access token. This token was not available in the dev environment, which blocked automated deployment.

Cloudflare Pages deploy also lacked stored API credentials. This required manual deployment steps that could not be scripted end to end.

Barcode scanning depends on @zxing/browser, which adds significant bundle size. Consider lazy loading in future sprints to reduce initial page weight.

No live smoke test with real receipts was possible in the dev environment. Camera access and a deployed Edge Function are both required for a true end-to-end test.

Action Items for Sprint 4

Set up persistent Supabase access token and Cloudflare API token in the dev environment. Automated deploys should not require manual credential entry.

Add lazy loading for @zxing/browser to reduce initial bundle. The barcode scanner is only used on one route; it should not affect load time for the rest of the app.

Conduct live receipt smoke test after Edge Function is deployed. Validate with real Woolworths, Checkers, and Pick n Pay till slips on a physical device.

Retro conducted at sprint close, 2026-03-20. Actions are owned by the team going into Sprint 4.