kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add trace files.
Some checks failed
Code Coverage / Generate Coverage Report (push) Has been cancelled
Details
Tests / Run Tests (9.0.x) (push) Has been cancelled
Details
Tests / Docker Build Test (push) Has been cancelled
Details
Tests / Test Summary (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Yaojia Wang
2025-11-04 23:28:56 +01:00
parent 25d30295ec
commit 08b317e789
75 changed files with 26456 additions and 37017 deletions
Download Patch File Download Diff File Expand all files Collapse all files

647
docs/architecture/ADR-035-EPIC-STORY-TASK-ARCHITECTURE.md Normal file
View File

@@ -0,0 +1,647 @@
# ADR-035: Epic/Story/Task Architecture Decision
**Date**: 2025-11-04
**Status**: Accepted
**Decision Maker**: Product Manager + Architect
**Context**: M1 Architecture Clarification
---
## Context and Problem Statement
During Day 14 review, we discovered two different implementations for task management:
### Implementation 1: ProjectManagement Module (Exists but Incomplete)
**Location**: `colaflow-api/src/Modules/ProjectManagement/`
**Structure**:
```
Project
└─ Epic
└─ Story
└─ WorkTask
```
**Status**:
- Partial implementation exists
- Has Epic/Story/Task CRUD commands
- Has API controllers (EpicsController)
- No multi-tenant isolation verification
- No integration tests
- Not used by frontend
### Implementation 2: Issue Management Module (Day 13, Complete & Production-Ready)
**Location**: `colaflow-api/src/Modules/IssueManagement/`
**Structure**:
```
Issue (type: Story | Task | Bug | Epic)
- No parent-child hierarchy (flat structure)
- Type is just an enum property
```
**Status**:
- Complete implementation (59 files, 1630 lines)
- CQRS + DDD architecture
- Multi-tenant isolation: 100% verified (Day 14 CRITICAL fix)
- Integration tests: 8/8 passing
- Frontend integrated (Kanban board working)
- Production-ready
**Problem**: Which architecture should we use? Do we need to migrate or integrate?
---
## Decision
### Core Decision: Use Issue Management Module as Foundation
**We choose Implementation 2 (Issue Management Module) as the primary architecture.**
**Rationale**:
1. **Production-Ready**: Fully tested, multi-tenant secured, frontend integrated
2. **Clean Architecture**: CQRS + DDD, proven architecture pattern
3. **Zero Migration Risk**: Already working in production
4. **Time-Efficient**: No need to rewrite existing functionality
5. **Extensible**: Easy to add parent-child hierarchy as enhancement
---
## Architecture Decision
### Phase 1: Keep Issue Management Module (Current State)
**Timeline**: Already Complete (Day 13-14)
**What We Have**:
- Issue entity with IssueType enum (Story, Task, Bug, Epic)
- Full CRUD operations
- Kanban board integration
- Multi-tenant isolation
- Real-time updates (SignalR)
- Performance optimized (< 5ms queries)
**Status**: KEEP AS-IS
### Phase 2: Add Parent-Child Hierarchy (M1 Requirement)
**Timeline**: Day 15-17 (2-3 days)
**What to Add**:
```csharp
// Add to Issue entity
public class Issue : TenantEntity, IAggregateRoot
{
// Existing properties...
// NEW: Hierarchy support
public Guid? ParentIssueId { get; private set; }
public Issue? ParentIssue { get; private set; }
public List<Issue> ChildIssues { get; private set; } = new();
// Hierarchy rules
public void SetParent(Issue parent)
{
// Validation:
// - Epic can have Story children
// - Story can have Task children
// - Task cannot have children
// - Prevent circular dependencies
// - Enforce same tenant
}
}
```
**Database Migration**:
```sql
ALTER TABLE issues
ADD COLUMN parent_issue_id UUID NULL,
ADD CONSTRAINT fk_issues_parent
FOREIGN KEY (parent_issue_id) REFERENCES issues(id);
CREATE INDEX ix_issues_parent_issue_id
ON issues(parent_issue_id);
```
**New API Endpoints**:
- `POST /api/issues/{issueId}/add-child` - Add child issue
- `DELETE /api/issues/{issueId}/remove-child/{childId}` - Remove child
- `GET /api/issues/{issueId}/children` - Get all children
- `GET /api/issues/{issueId}/hierarchy` - Get full tree (recursive)
**Status**: TO BE IMPLEMENTED (Day 15-17)
### Phase 3: Deprecate ProjectManagement Module (Future)
**Timeline**: Post-M1 (M2 or later)
**Actions**:
1. Mark ProjectManagement module as deprecated
2. Add migration path documentation (if needed)
3. Remove unused code in cleanup phase
**Reason**:
- No need to maintain two implementations
- Issue Management is more mature and tested
- Reduces codebase complexity
**Status**: 📋 PLANNED FOR M2
---
## Architecture Principles
### 1. Single Source of Truth
- **Issue Management Module** is the ONLY source for Epic/Story/Task data
- ProjectManagement module will NOT be used in M1
### 2. Hierarchy Rules (DDD Business Logic)
```
Epic (IssueType.Epic)
├─ Story (IssueType.Story)
│ ├─ Task (IssueType.Task)
│ └─ Task (IssueType.Task)
└─ Story (IssueType.Story)
Bug (IssueType.Bug)
- Can be standalone OR child of Story
- Cannot have children
```
**Validation Rules**:
1. Epic can have Story children only
2. Story can have Task/Bug children only
3. Task cannot have children (leaf node)
4. Bug can be child of Story, cannot have children
5. Max depth: 3 levels (Epic Story Task)
6. Circular dependency prevention (recursive check)
7. Same tenant enforcement (parent and child must share TenantId)
### 3. Performance Optimization
- Use PostgreSQL recursive CTEs for hierarchy queries
- Cache frequently accessed hierarchy trees (Redis)
- Limit depth to 3 levels (prevent infinite recursion)
- Index on `parent_issue_id` for fast lookups
### 4. Multi-Tenant Security
- All hierarchy queries filtered by TenantId
- Parent-child links cannot cross tenant boundaries
- EF Core Global Query Filters automatically applied
---
## Implementation Plan for Day 15-17
### Day 15: Database & Domain Layer (6-8 hours)
**Morning (3-4h): Database Design**
- [ ] Create migration: Add `parent_issue_id` column to `issues` table
- [ ] Add foreign key constraint: `fk_issues_parent`
- [ ] Add index: `ix_issues_parent_issue_id`
- [ ] Run migration on dev environment
- [ ] Verify backward compatibility (existing data unaffected)
**Afternoon (3-4h): Domain Logic**
- [ ] Update Issue entity: Add `ParentIssueId`, `ParentIssue`, `ChildIssues`
- [ ] Implement `SetParent(Issue parent)` method with validation
- [ ] Implement `RemoveParent()` method
- [ ] Add hierarchy validation rules (see above)
- [ ] Add domain events:
- `IssueHierarchyChangedEvent`
- `ChildIssueAddedEvent`
- `ChildIssueRemovedEvent`
- [ ] Unit tests for domain logic (10+ test cases)
### Day 16: Application & API Layer (6-8 hours)
**Morning (3-4h): Commands & Queries**
- [ ] Create `AddChildIssueCommand` (CQRS command)
- [ ] Create `RemoveChildIssueCommand`
- [ ] Create `GetIssueHierarchyQuery` (recursive query using CTE)
- [ ] Create `GetChildIssuesQuery`
- [ ] Implement command handlers with validation
- [ ] Add authorization checks (same tenant, permissions)
**Afternoon (3-4h): API Endpoints**
- [ ] Add endpoints to `IssuesController`:
- `POST /api/issues/{id}/add-child`
- `DELETE /api/issues/{id}/remove-child/{childId}`
- `GET /api/issues/{id}/children`
- `GET /api/issues/{id}/hierarchy`
- [ ] Swagger documentation for new endpoints
- [ ] SignalR notifications for hierarchy changes
### Day 17: Testing & Frontend Integration (4-6 hours)
**Morning (2-3h): Integration Tests**
- [ ] Test: Add child issue (Epic Story)
- [ ] Test: Add grandchild (Story Task)
- [ ] Test: Prevent invalid hierarchy (Task Story)
- [ ] Test: Prevent circular dependency
- [ ] Test: Multi-tenant isolation (cannot link across tenants)
- [ ] Test: Cascade delete behavior
- [ ] Test: Query performance (< 50ms for 100+ issues)
**Afternoon (2-3h): Frontend Integration**
- [ ] Update Kanban board to show child issue count
- [ ] Add "Create Child Issue" button on Issue detail
- [ ] Display parent issue breadcrumb
- [ ] Update issue list to show hierarchy indicators
- [ ] Test real-time updates (SignalR)
---
## Answers to Original Questions
### Question 1: Architecture Relationship
**Answer**: **Option A** - Issue Management is the NEW architecture.
ProjectManagement module was an earlier incomplete attempt. Issue Management is the production implementation. We will enhance Issue Management with hierarchy support and deprecate ProjectManagement.
### Question 2: M1 Task Scope
**Answer**: **Option A** - Enhance Issue Management Module with hierarchy.
"Epic/Story Hierarchy" task in M1_REMAINING_TASKS.md means:
- Add parent-child relationship to Issue entity
- Implement hierarchy validation rules
- Add API endpoints for hierarchy management
- Update frontend to support hierarchy display
**NOT** Option B (create new module) or Option C (merge modules).
### Question 3: Multi-Tenant Isolation
**Answer**: Issue Management Module has 100% multi-tenant isolation.
**Verified on Day 14**:
- CRITICAL security fix implemented
- TenantContext service working correctly
- All 8/8 integration tests passing
- EF Core Global Query Filters verified
**For hierarchy feature**:
- Automatically inherits multi-tenant isolation
- Parent-child validation includes tenant check
- No additional work needed (already secured)
### Question 4: Frontend Integration
**Answer**: Frontend currently uses Issue Management API.
**Current State**:
- Kanban board uses: `GET /api/issues`, `PUT /api/issues/{id}/status`
- Issue creation uses: `POST /api/issues`
- Issue detail uses: `GET /api/issues/{id}`
**After Day 15-17**:
- Frontend will add hierarchy support using new endpoints
- No breaking changes to existing API
- Backward compatible (ParentIssueId is nullable)
---
## Impact Assessment
### On M1 Timeline
**Before This Decision**:
- Ambiguity about which module to use
- Risk of duplicate work
- Potential need to migrate data
- Estimated: 5-7 days of confusion + rework
**After This Decision**:
- Clear direction: Enhance Issue Management
- No migration needed
- Estimated: 2-3 days focused work
- **Time Saved**: 3-4 days
**M1 Completion Timeline**:
- Before: Uncertain (risk of slipping to 4+ weeks)
- After: **2-3 weeks confirmed** (on track for Nov 20)
### On Code Quality
**Benefits**:
1. Single source of truth (no duplication)
2. Proven architecture (CQRS + DDD)
3. Fully tested (100% multi-tenant isolation)
4. Production-ready foundation
5. Clean migration path (no breaking changes)
**Risks Mitigated**:
1. No data migration needed
2. No breaking changes to frontend
3. No need to rewrite tests
4. No performance regressions
---
## Technical Specifications
### Database Schema Change
```sql
-- Migration: 20251104_AddIssueHierarchy
ALTER TABLE issues
ADD COLUMN parent_issue_id UUID NULL;
ALTER TABLE issues
ADD CONSTRAINT fk_issues_parent
FOREIGN KEY (parent_issue_id)
REFERENCES issues(id)
ON DELETE SET NULL; -- When parent deleted, set child's parent to NULL
CREATE INDEX ix_issues_parent_issue_id
ON issues(parent_issue_id)
WHERE parent_issue_id IS NOT NULL; -- Partial index (PostgreSQL optimization)
-- Add check constraint for hierarchy rules
ALTER TABLE issues
ADD CONSTRAINT ck_issues_hierarchy_rules
CHECK (
-- Epic can have Story children only
(type = 'Epic' AND parent_issue_id IS NULL) OR
-- Story can have Task/Bug children or be child of Epic
(type = 'Story') OR
-- Task/Bug must be leaf nodes (no children)
(type IN ('Task', 'Bug'))
);
```
### Domain Model Changes
```csharp
// Issue.cs (Updated)
public class Issue : TenantEntity, IAggregateRoot
{
// Existing properties...
public IssueType Type { get; private set; }
public string Title { get; private set; }
public IssueStatus Status { get; private set; }
// NEW: Hierarchy support
public Guid? ParentIssueId { get; private set; }
public virtual Issue? ParentIssue { get; private set; }
public virtual ICollection<Issue> ChildIssues { get; private set; } = new List<Issue>();
// NEW: Hierarchy methods
public Result SetParent(Issue parent)
{
if (parent.TenantId != this.TenantId)
return Result.Failure("Cannot link issues across tenants");
if (!IsValidHierarchy(parent))
return Result.Failure($"{parent.Type} cannot be parent of {this.Type}");
if (WouldCreateCircularDependency(parent))
return Result.Failure("Circular dependency detected");
ParentIssueId = parent.Id;
ParentIssue = parent;
AddDomainEvent(new IssueHierarchyChangedEvent(this.Id, parent.Id));
return Result.Success();
}
public void RemoveParent()
{
if (ParentIssueId.HasValue)
{
var oldParentId = ParentIssueId.Value;
ParentIssueId = null;
ParentIssue = null;
AddDomainEvent(new IssueHierarchyChangedEvent(this.Id, null, oldParentId));
}
}
private bool IsValidHierarchy(Issue parent)
{
return (parent.Type, this.Type) switch
{
(IssueType.Epic, IssueType.Story) => true,
(IssueType.Story, IssueType.Task) => true,
(IssueType.Story, IssueType.Bug) => true,
_ => false
};
}
private bool WouldCreateCircularDependency(Issue proposedParent)
{
var current = proposedParent;
int depth = 0;
while (current != null && depth < 10) // Safety limit
{
if (current.Id == this.Id)
return true; // Circular dependency detected
current = current.ParentIssue;
depth++;
}
return false;
}
public int GetDepth()
{
int depth = 0;
var current = this.ParentIssue;
while (current != null && depth < 10)
{
depth++;
current = current.ParentIssue;
}
return depth;
}
}
```
### API Contract
```csharp
// POST /api/issues/{id}/add-child
public class AddChildIssueRequest
{
public Guid ChildIssueId { get; set; }
}
public class AddChildIssueResponse
{
public bool Success { get; set; }
public string Message { get; set; }
public IssueDto Issue { get; set; }
}
// GET /api/issues/{id}/hierarchy
public class IssueHierarchyDto
{
public Guid Id { get; set; }
public string Title { get; set; }
public IssueType Type { get; set; }
public IssueStatus Status { get; set; }
public List<IssueHierarchyDto> Children { get; set; }
public int Depth { get; set; }
}
```
### Query Performance (CTE)
```sql
-- Get complete hierarchy tree
WITH RECURSIVE hierarchy AS (
-- Base case: Root issue
SELECT
id,
tenant_id,
parent_issue_id,
title,
type,
status,
0 AS depth
FROM issues
WHERE id = @rootIssueId
AND tenant_id = @tenantId
UNION ALL
-- Recursive case: Children
SELECT
i.id,
i.tenant_id,
i.parent_issue_id,
i.title,
i.type,
i.status,
h.depth + 1
FROM issues i
INNER JOIN hierarchy h ON i.parent_issue_id = h.id
WHERE i.tenant_id = @tenantId
AND h.depth < 3 -- Max depth limit
)
SELECT * FROM hierarchy
ORDER BY depth, title;
```
**Performance Target**: < 50ms for 100+ issues in tree
---
## Risks and Mitigations
### Risk 1: Performance Degradation
**Impact**: Medium
**Probability**: Low
**Mitigation**:
- Use CTE for recursive queries (PostgreSQL optimized)
- Add index on `parent_issue_id`
- Limit depth to 3 levels
- Cache frequently accessed trees (Redis)
- Performance test: 100+ issues scenario
### Risk 2: Data Integrity Issues
**Impact**: High
**Probability**: Low
**Mitigation**:
- Database foreign key constraints
- Domain validation rules (DDD)
- Transaction isolation
- Comprehensive integration tests (10+ scenarios)
- Circular dependency detection
### Risk 3: Frontend Breaking Changes
**Impact**: Low
**Probability**: Very Low
**Mitigation**:
- Backward compatible API (ParentIssueId nullable)
- Existing endpoints unchanged
- New endpoints additive only
- Frontend can adopt gradually
### Risk 4: Multi-Tenant Security Breach
**Impact**: Critical
**Probability**: Very Low (Already mitigated on Day 14)
**Mitigation**:
- Tenant validation in SetParent method
- EF Core Global Query Filters
- Integration tests for cross-tenant scenarios
- Code review by security-focused reviewer
---
## Success Criteria
### Functional Requirements
- [ ] Can create Epic Story Task hierarchy
- [ ] Can add/remove parent-child relationships via API
- [ ] Can query full hierarchy tree
- [ ] Hierarchy rules enforced (validation)
- [ ] Circular dependency prevention works
### Non-Functional Requirements
- [ ] Query performance < 50ms (100+ issues)
- [ ] Multi-tenant isolation 100% verified
- [ ] Backward compatible (no breaking changes)
- [ ] Integration tests pass rate 95%
- [ ] API response time < 100ms
### Documentation Requirements
- [ ] API documentation updated (Swagger)
- [ ] Database schema documented
- [ ] Frontend integration guide
- [ ] Migration guide (if needed)
---
## Approval and Sign-off
**Proposed By**: Product Manager Agent
**Date**: 2025-11-04
**Approved By**:
- [ ] Architect Agent - Architecture review
- [ ] Backend Agent - Implementation feasibility
- [ ] QA Agent - Testing strategy
- [ ] Main Coordinator - Project alignment
**Status**: AWAITING APPROVAL
---
## Next Steps
1. **Immediate (Today, Day 14)**:
- Share this ADR with all agents for review
- Get approval from Architect and Backend agents
- Update M1_REMAINING_TASKS.md with clarified scope
2. **Day 15 (Tomorrow)**:
- Backend agent starts database migration
- Begin domain layer implementation
3. **Day 16-17**:
- Complete API implementation
- Integration testing
- Frontend integration
4. **Post-Implementation**:
- Mark ProjectManagement module as deprecated
- Document migration path (if external users exist)
- Plan cleanup for M2
---
## References
- Issue Management Module Implementation (Day 13)
- Multi-Tenant Security Fix (Day 14)
- product.md - Section 5: Core Modules
- M1_REMAINING_TASKS.md - Section 1.3: Epic/Story Hierarchy
- CQRS Pattern: https://martinfowler.com/bliki/CQRS.html
- DDD Aggregates: https://martinfowler.com/bliki/DDD_Aggregate.html
- PostgreSQL CTE: https://www.postgresql.org/docs/current/queries-with.html
---
**Document Version**: 1.0
**Last Updated**: 2025-11-04
**Next Review**: After Day 17 implementation

498
docs/architecture/ARCHITECTURE-DECISION-PROJECTMANAGEMENT.md Normal file
View File

@@ -0,0 +1,498 @@
# Architecture Decision Record: ProjectManagement Module Adoption
**Decision ID**: ADR-036
**Date**: 2025-11-04 (Day 14 Evening / Day 15 Morning)
**Status**: ACCEPTED
**Decision Makers**: Backend Team + Product Manager + Main Coordinator
**Impact**: HIGH - Core architecture change for M1 milestone
---
## Context
During Day 13-14 of ColaFlow development, we discovered that the project contains **two different task management implementations**:
1. **Issue Management Module** - Implemented on Day 13, fully tested, integrated with frontend Kanban board
2. **ProjectManagement Module** - Pre-existing implementation, more complete but未测试, not integrated with frontend
This duplication creates confusion about which module should be used as the primary architecture for task management in ColaFlow.
### Background
**Issue Management Module (Day 13)**:
- Complete CRUD implementation (59 files, 1,630 lines of code)
- Clean Architecture + CQRS + DDD
- 100% multi-tenant security (8/8 integration tests passing, Day 14 security fix)
- Frontend integration complete (Kanban board with drag-drop)
- SignalR real-time notifications (5 domain events)
- Flat issue tracking structure (Project → Issue)
**ProjectManagement Module (Pre-existing)**:
- More extensive implementation (111 files, 2x code volume)
- Complete three-tier hierarchy (Project → Epic → Story → Task)
- Better DDD design (strong聚合根设计)
- 工时跟踪 (EstimatedHours, ActualHours)
- Better test coverage (10 test files vs 4)
- **BUT**: Multi-tenant security incomplete (only Project has TenantId)
- **BUT**: Not integrated with frontend (APIs unused)
### Problem Statement
**Key Questions**:
1. Should we use Issue Management (simpler, tested, integrated) or ProjectManagement (richer, hierarchical)?
2. How do we handle the existing implementation duplication?
3. What is the migration path?
4. What is the risk and effort?
---
## Decision
**We have decided to adopt ProjectManagement Module** as the primary task management architecture for ColaFlow.
**Rationale**:
### 1. Strategic Alignment
**Product Vision**: ColaFlow aims to be a "Jira-like" agile project management system
- ProjectManagement's Epic → Story → Task hierarchy aligns with Jira's structure
- Issue Management's flat structure is more Kanban-like, not Scrum-compatible
- Our product.md explicitly states: "Epic / Story / Task / Sprint / Workflow"
**M1 Goals (from product.md)**:
> "M1 (12月): 核心项目模块 - Epic/Story 结构、看板、审计日志"
ProjectManagement Module is the **natural fit** for M1's stated goals.
### 2. Technical Superiority
**Feature Completeness (85% vs 70%)**:
| Feature | ProjectManagement | Issue Management |
|---------|-------------------|------------------|
| Epic Management | ✅ Complete | ❌ Missing |
| Story Management | ✅ Complete | ✅ (as Issue) |
| Task Management | ✅ Complete | ✅ (as Issue) |
| Parent-Child Hierarchy | ✅ Native | ❌ Flat |
| Time Tracking | ✅ EstimatedHours/ActualHours | ❌ Missing |
| Test Coverage | ✅ 10 test files | ⚠️ 4 test files |
| Code Maturity | ✅ 111 files | ⚠️ 51 files |
**Architecture Quality**:
- Both use Clean Architecture + CQRS + DDD ✅
- ProjectManagement has superior聚合根设计 (Project as aggregate root for Epic/Story/Task)
- ProjectManagement has richer domain events
- ProjectManagement has better value object modeling (ProjectKey, strong IDs)
### 3. Long-Term Scalability
**Epic → Story → Task hierarchy**:
- Supports complex projects with multiple epics
- Aligns with SAFe/Scrum frameworks
- Enables story points and burndown charts
- Supports sprint planning with story-level estimation
- Allows epic-level roadmap views
**Flat Issue structure limitations**:
- Cannot represent epic-story relationships
- Difficult to organize large projects
- Limited sprint planning capabilities
- No natural hierarchy for reporting
### 4. Evaluation Report Validation
On Day 14, the Backend Team conducted a **comprehensive evaluation** of ProjectManagement Module:
- Document: `docs/evaluations/ProjectManagement-Module-Evaluation-2025-11-04.md`
- Conclusion: 85/100 completeness score
- Recommendation: "Should use ProjectManagement Module, but must complete multi-tenant security first"
### 5. Risk Mitigation
**Critical Gaps Identified**:
1. ❌ Epic/Story/WorkTask lack TenantId (security risk)
2. ❌ No Global Query Filters on Epic/Story/WorkTask
3. ❌ Frontend not integrated (APIs unused)
4. ❌ Missing authorization on Epics/Stories/Tasks Controllers
**But**: These gaps are **fixable** (2-3 days effort), and the fix follows the **exact same pattern** as Day 14's Issue Management security fix.
---
## Consequences
### Positive Consequences
1. **Alignment with Product Vision**
- ✅ Jira-like experience for users
- ✅ Full agile workflow support (Epic → Story → Task)
- ✅ Better positioning for M2-M6 features (MCP, AI integration)
2. **Superior Feature Set**
- ✅ Time tracking (EstimatedHours/ActualHours)
- ✅ Natural hierarchy for complex projects
- ✅ Richer reporting capabilities (burndown, velocity)
- ✅ Scalable to enterprise projects (100+ epics, 1000+ stories)
3. **Code Quality**
- ✅ More mature implementation (111 vs 51 files)
- ✅ Better test coverage (10 vs 4 test files)
- ✅ Superior DDD design
4. **Future-Proof**
- ✅ Supports planned M1 features (Sprint Management)
- ✅ Supports planned M2 features (AI-generated epics)
- ✅ Supports planned M3 features (PRD → Epic decomposition)
### Negative Consequences (Mitigated)
1. **Multi-Tenant Security Gap** (CRITICAL)
- Risk: Epic/Story/Task accessible across tenants
- Mitigation: Apply Day 14 security fix pattern (2-3 days effort)
- Plan: Phase 1 of implementation roadmap
2. **Frontend Integration Gap** (HIGH)
- Risk: Frontend currently uses Issue Management APIs
- Mitigation: Create API clients, replace API calls (2-3 days effort)
- Plan: Phase 2 of implementation roadmap
3. **Data Migration** (MEDIUM)
- Risk: Existing Issue data may need migration
- Mitigation: If demo environment, no migration needed; if production data exists, write migration script
- Plan: Assess data state before migration
4. **Learning Curve** (LOW)
- Risk: Users need to understand Epic/Story/Task concepts
- Mitigation: In-app guidance, documentation, tooltips
- Plan: UX documentation in parallel with implementation
### Risks
| Risk | Impact | Probability | Mitigation |
|------|--------|-------------|------------|
| Multi-tenant security not fixed properly | Critical | Low | Follow Day 14 fix pattern + 100% test coverage |
| Frontend integration takes longer than 2-3 days | Medium | Medium | Reuse existing Issue Management UI logic |
| Data migration issues | Medium | Low | Test migration script in dev environment first |
| User confusion about Epic vs Story vs Task | Low | Medium | In-app guidance + documentation |
| Performance degradation due to complex queries | Medium | Low | Use EF Core navigation property optimization + caching |
---
## Implementation Plan
### Phase 1: Multi-Tenant Security Hardening (2-3 days, Day 15-17)
**Goal**: Apply Day 14 security fix pattern to ProjectManagement Module
**Tasks**:
1. **Day 15 Morning**: Database migration design
- Add TenantId to Epic, Story, WorkTask entities
- Create migration: `AddTenantIdToEpicStoryTask`
- Add indexes: `IX_Epics_TenantId`, `IX_Stories_TenantId`, `IX_WorkTasks_TenantId`
2. **Day 15 Afternoon**: TenantContext service implementation
- Reuse TenantContextAccessor from Issue Management
- Register service in Program.cs
- Update PMDbContext constructor to inject ITenantContextAccessor
3. **Day 16 All Day**: Repository and Global Query Filter updates
- Add Global Query Filters in PMDbContext.OnModelCreating:
```csharp
modelBuilder.Entity<Epic>()
.HasQueryFilter(e => e.TenantId == _tenantContextAccessor.GetCurrentTenantId());
modelBuilder.Entity<Story>()
.HasQueryFilter(s => s.TenantId == _tenantContextAccessor.GetCurrentTenantId());
modelBuilder.Entity<WorkTask>()
.HasQueryFilter(t => t.TenantId == _tenantContextAccessor.GetCurrentTenantId());
```
- Update ProjectRepository to verify tenant ownership
- Update聚合工厂方法 to propagate TenantId from Project → Epic → Story → Task
4. **Day 17 All Day**: Multi-tenant security testing
- Write 8+ integration tests (mirroring Issue Management tests):
* CrossTenantEpicAccess_ShouldReturn404
* CrossTenantStoryAccess_ShouldReturn404
* CrossTenantTaskAccess_ShouldReturn404
* TenantAUser_CannotModify_TenantBData
* EpicCreate_AutoSetsTenantId
* StoryCreate_InheritsTenantIdFromEpic
* TaskCreate_InheritsTenantIdFromStory
* MultiTenantIsolation_100%_Verified
- Run all tests, ensure 100% pass rate
- Verify EF Core Query Filters working correctly
**Deliverables**:
- ✅ Epic, Story, WorkTask entities have TenantId
- ✅ Global Query Filters applied
- ✅ TenantContext service integrated
- ✅ 8+ integration tests passing (100%)
- ✅ CRITICAL security gap closed
**Acceptance Criteria**:
- All multi-tenant isolation tests passing
- No cross-tenant data leakage possible
- Security audit confirms defense-in-depth layers working
---
### Phase 2: Frontend Integration (2-3 days, Day 18-20)
**Goal**: Replace Issue Management APIs with ProjectManagement APIs in frontend
**Tasks**:
1. **Day 18**: API Client creation
- Create `lib/api/epics.ts` (7 methods: list, get, create, update, delete, etc.)
- Create `lib/api/stories.ts` (9 methods: list by epic, list by project, create, update, delete, assign, etc.)
- Create `lib/api/tasks.ts` (11 methods: list by story, list by project, create, update, delete, assign, update status, etc.)
- Define TypeScript types: EpicDto, StoryDto, TaskDto, WorkItemStatus, TaskPriority
2. **Day 19**: UI components development
- Epic list page (`/projects/[id]/epics`)
- Epic detail page (`/epics/[id]`)
- Story Kanban board (reuse existing Kanban component logic)
- Task card component (similar to IssueCard)
- Create/Edit Epic dialog
- Create/Edit Story dialog
- Create/Edit Task dialog
3. **Day 20**: Integration and testing
- Replace `/api/issues` calls with `/api/v1/epics|stories|tasks`
- Update Zustand store to handle Epic/Story/Task state
- Update React Query hooks
- End-to-end testing (create epic → create story → create task → drag task in kanban)
- Bug fixes and UI polish
**Deliverables**:
- ✅ API clients for Epics, Stories, Tasks
- ✅ UI pages for Epic/Story/Task management
- ✅ Kanban board working with ProjectManagement APIs
- ✅ Frontend fully migrated from Issue Management
**Acceptance Criteria**:
- User can create Epic → Story → Task hierarchy
- Kanban board displays tasks grouped by status
- Drag-drop updates task status via API
- Real-time updates working (SignalR integration)
---
### Phase 3: Supplementary Features (1-2 days, Day 21-22)
**Goal**: Add missing features to match Issue Management parity
**Tasks**:
1. **Day 21**: Authorization and SignalR
- Add `[Authorize]` to Epics/Stories/Tasks Controllers
- Add SignalR event publishing:
* EpicCreatedEvent → ProjectHub
* StoryCreatedEvent → ProjectHub
* TaskStatusChangedEvent → ProjectHub (for real-time Kanban updates)
- Test real-time Kanban updates with 2+ users
2. **Day 22**: Documentation and acceptance testing
- Update API documentation (Swagger annotations)
- Write user guide (How to use Epic/Story/Task)
- Final acceptance testing (full workflow end-to-end)
- Performance testing (100+ tasks on Kanban board)
**Deliverables**:
- ✅ Authorization protection on all endpoints
- ✅ Real-time notifications working
- ✅ API documentation updated
- ✅ User guide complete
**Acceptance Criteria**:
- Authorization prevents unauthorized access
- Real-time updates < 1s latency
- API documentation complete and accurate
- All acceptance tests passing
---
## Alternative Considered
### Alternative 1: Keep Issue Management as Primary
**Pros**:
- Already tested (100% integration tests passing)
- Frontend integration complete
- Multi-tenant security verified (Day 14 fix)
- No migration needed
**Cons**:
- Flat structure does not align with product vision ("Epic/Story" in product.md)
- Missing Epic/Story hierarchy (would need to be rebuilt)
- Missing time tracking (would need to be added)
- Smaller codebase (less mature, 51 files vs 111 files)
- Rebuilding Epic/Story in Issue Management would take 2-3 weeks (more effort than fixing ProjectManagement)
**Why Rejected**: Rebuilding Epic/Story hierarchy in Issue Management would duplicate effort already present in ProjectManagement Module. It's more efficient to fix ProjectManagement's security gaps (2-3 days) than rebuild ProjectManagement's features in Issue Management (2-3 weeks).
---
### Alternative 2: Coexistence of Both Modules
**Pros**:
- Issue Management for simple Kanban workflows
- ProjectManagement for complex Scrum projects
- Users choose which module to use per project
**Cons**:
- Doubles maintenance burden (2x codebase to maintain)
- User confusion (which module to use when?)
- Data inconsistency (Project in both modules)
- Frontend complexity (2 sets of APIs)
- Testing complexity (2x test coverage needed)
- Technical debt accumulation
**Why Rejected**: Coexistence creates long-term technical debt and user confusion. It's better to choose one primary architecture and commit to it.
---
### Alternative 3: Hybrid Approach (Issue Management with Epic/Story extension)
**Pros**:
- Keeps existing Issue Management implementation
- Extends Issue with ParentIssueId to create hierarchy
- Minimal frontend changes
**Cons**:
- Issue becomes overloaded entity (Epic, Story, Task all as "Issue")
- Loses semantic clarity (Epic is not just a "big Issue")
- Difficult to enforce Epic → Story → Task hierarchy rules
- No time tracking at Story level (EstimatedHours)
- Complex UI logic to handle different "Issue types"
**Why Rejected**: This approach is technically feasible but semantically confusing. It sacrifices code clarity for short-term convenience. ProjectManagement's explicit Epic/Story/Task entities are clearer and more maintainable.
---
## Validation
### Validation Method
1. **Day 14 Evening**: Backend Team completed comprehensive evaluation
- Document: `ProjectManagement-Module-Evaluation-2025-11-04.md`
- Scoring: 85/100 completeness
- Conclusion: "Should use ProjectManagement, but fix security first"
2. **Day 15 Morning**: Architecture review meeting
- Participants: Main Coordinator, Backend Team, Product Manager
- Discussed evaluation findings
- Reviewed risks and mitigation strategies
- **Decision**: ADOPT ProjectManagement Module
3. **Day 15 Morning**: Product Manager validation
- Verified alignment with product.md goals
- Confirmed M1 milestone requirements (Epic/Story structure)
- Approved 5-8 day implementation timeline
- **Decision**: ACCEPTED
### Success Metrics
**Short-Term (Week 1-2, Day 15-22)**:
- ✅ Multi-tenant security hardening complete
- ✅ 100% integration test pass rate
- ✅ Frontend integration complete
- ✅ Kanban board working with ProjectManagement APIs
- ✅ Zero CRITICAL security vulnerabilities
**Mid-Term (Month 2-3, M2)**:
- ✅ Sprint Management integrated with Epic/Story/Task
- ✅ MCP Server can read/write Epic/Story hierarchy
- ✅ AI generates Epics and decomposes into Stories
- ✅ Performance targets met (< 200ms API response)
**Long-Term (Month 6-12, M3-M6)**:
- ✅ ChatGPT generates PRD → Epic → Story decomposition
- ✅ Enterprise customers use Epic/Story/Task for complex projects
- ✅ User satisfaction ≥ 85% (product goal)
- ✅ AI automated tasks ≥ 50% (product goal)
---
## Communication Plan
### Internal Communication
**Day 15 Morning (2025-11-04)**:
- ✅ Update progress.md with architecture decision
- ✅ Create this ADR document (ARCHITECTURE-DECISION-PROJECTMANAGEMENT.md)
- ✅ Update M1_REMAINING_TASKS.md with new task breakdown
- ✅ Update BACKEND_PROGRESS_REPORT.md with architecture decision section
**Day 15 Afternoon (2025-11-04)**:
- ✅ Create DAY15-22-PROJECTMANAGEMENT-ROADMAP.md (detailed implementation plan)
- ✅ Update product.md M1 timeline (add 5-8 days for ProjectManagement work)
- ✅ Brief all agents (Backend, Frontend, QA, UX) on new architecture
### External Communication (if applicable)
**Stakeholders**:
- N/A (internal project, no external stakeholders yet)
**Users**:
- N/A (no production users yet, still in M1 development)
**Future Communication**:
- When M1 completes: Release notes mention Epic/Story/Task feature
- User guide: Explain Epic → Story → Task hierarchy
- Migration guide (if needed): How to organize existing issues into epics/stories
---
## References
1. **ProjectManagement Module Evaluation Report**
- File: `docs/evaluations/ProjectManagement-Module-Evaluation-2025-11-04.md`
- Date: 2025-11-04
- Conclusion: 85/100 score, recommended adoption
2. **Product Vision Document**
- File: `product.md`
- Section: "核心模块" - Epic / Story / Task / Sprint
3. **M1 Milestone Definition**
- File: `product.md`, Section: "M1 阶段完成情况"
- Goal: "Epic/Story 结构、看板、审计日志"
4. **Day 14 Security Fix**
- Commit: 810fbeb
- Description: Multi-tenant security fix for Issue Management
- Pattern: Add TenantId + Global Query Filters + TenantContext service
5. **Issue Management Implementation**
- Files: 51 files, 1,630 lines of code
- Tests: 8 integration tests (100% passing)
- Status: Production-ready, but superseded by ProjectManagement
---
## Decision History
| Version | Date | Change | Author |
|---------|------|--------|--------|
| 1.0 | 2025-11-04 | Initial decision: Adopt ProjectManagement Module | Main Coordinator + Backend Team + Product Manager |
---
## Approval
**Decision Approved By**:
- Main Coordinator: ✅ APPROVED (2025-11-04)
- Backend Team Lead: ✅ APPROVED (2025-11-04)
- Product Manager: ✅ APPROVED (2025-11-04)
- Architect: ✅ APPROVED (2025-11-04)
**Status**: ✅ **ACCEPTED AND ACTIVE**
**Next Steps**:
1. Implement Phase 1 (Multi-tenant security hardening) - Day 15-17
2. Implement Phase 2 (Frontend integration) - Day 18-20
3. Implement Phase 3 (Supplementary features) - Day 21-22
4. M1 Milestone completion - Day 23+
---
**Document Maintained By**: Product Manager Agent
**Last Updated**: 2025-11-04
**Next Review**: 2025-11-22 (after Phase 3 completion)