brainstorm: start coding

Goal

Build the initial Java Web project scaffold and a login/permission skeleton for this JSP + Servlet + MySQL library-management system.

The user asked to start writing code.
There is no active task before this one.
The repository currently has Trellis project guidance but no application source code files.
Existing project specs describe a B/S Java web application using JSP, Servlet, MySQL, Tomcat, and IDEA.
Backend guidance expects a layered structure: JSP/CSS presentation -> Servlet controller -> Service/business -> DAO -> MySQL.
Frontend guidance expects JSP/CSS pages, JSP includes or fragments, static assets, and small page scripts when needed.
The user selected option A: build the Java Web foundation and login/permission skeleton first.

The desired work is to start building the library-management system rather than editing an existing application.
Maven is a reasonable default for Java web project scaffolding unless the user prefers plain IDEA/Tomcat project files.
The first implementation should establish a compilable structure and a minimal login flow rather than complete every business module.

Follow the existing Trellis backend and frontend specs.
Keep backend and frontend conventions aligned with JSP + Servlet + MySQL, not SPA frameworks.
Create or update tests/checks where practical for the selected implementation scope.
Create the base Java Web project structure for Tomcat deployment.
Add a login/permission skeleton covering administrator, librarian, and reader roles.
Add model/entity, DAO, service, servlet/controller, JSP, and static asset structure needed for the login slice.
Include database initialization or schema notes for user/role data needed by the skeleton.
Keep business logic layered: Servlet parameter/session handling, Service authentication and role checks, DAO persistence access.
Include safe error handling for invalid credentials, missing parameters, and unauthorized access.

The selected first module or feature is explicitly confirmed.
The implementation follows the documented JSP + Servlet + MySQL layered architecture.
A fresh checkout has recognizable Java Web/Tomcat project structure and build configuration.
Login page submits credentials to a Servlet controller and displays validation/authentication failures safely.
Authentication logic is represented through service and DAO boundaries rather than embedded in JSP.
Session state stores the authenticated user and role in a controlled way.
Basic role/permission constants or helpers exist for administrator, librarian, and reader.
SQL/schema guidance exists for the minimal account/role tables needed by login.
Lint, type-check, compile, or equivalent project validation is run where available.

Choosing React, Vue, TypeScript, SPA routing, or frontend hook/state-library conventions unless the user explicitly changes the stack.
Implementing full book, reader, borrowing, statistics, backup, or logging modules beyond placeholders needed for navigation or role skeleton.
Implementing production-grade password reset, remember-me, MFA, or external identity provider integration.

Relevant spec indexes: .trellis/spec/backend/index.md, .trellis/spec/frontend/index.md.
Backend pre-development checklist includes directory structure, database, error handling, logging, and quality guidelines.
Frontend pre-development checklist includes directory structure, JSP component guidelines, state management, type safety, and quality guidelines.
Codebase retrieval on 2026-04-27 found no application source code and surfaced the project specs as the main implementation context.
Spec indexes reference .trellis/tasks/00-bootstrap-guidelines/research/project-requirements.md, but that file is absent in the current workspace, so context curation uses only present spec files.