kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

In progress

Browse Source
This commit is contained in:
Yaojia Wang
2025-11-03 20:02:41 +01:00
parent cbc040621f
commit 32a25b3b35
10 changed files with 6500 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

549
reports/2025-11-03-Day-7-10-Roadmap.md Normal file
View File

@@ -0,0 +1,549 @@
# ColaFlow Days 7-10 Roadmap
**Date**: 2025-11-03
**Prepared By**: Product Manager Agent
**Sprint**: M1 Sprint 2 - Enterprise-Grade Multi-Tenancy & SSO
**Status**: Planning Complete
---
## Overview
This roadmap outlines Days 7-10 of the 10-day sprint, building on the foundation established in Days 1-6 (Authentication, RBAC, Role Management).
**Strategic Goal**: Complete M1.1 core features and prepare for M2 MCP integration.
---
## Day 7: Email Service + Verification + Password Reset
**Duration**: 8 hours
**Priority**: P1 (High - Security and UX)
**Dependencies**: None (independent feature)
### Objectives
1. Integrate email service (SendGrid or SMTP)
2. Implement email verification flow
3. Implement password reset flow
4. Create email templates
5. Add rate limiting for security
### Deliverables
**Backend**:
- Email service abstraction (`IEmailService`)
- SendGrid implementation (primary)
- SMTP fallback implementation
- Email verification tokens (24-hour expiration)
- Password reset tokens (1-hour expiration)
- Rate limiting (max 5 verification emails/hour, max 3 reset emails/hour)
**API Endpoints**:
1. `POST /api/auth/verify-email` - Verify email with token
2. `POST /api/auth/resend-verification` - Resend verification email
3. `POST /api/auth/forgot-password` - Request password reset
4. `POST /api/auth/reset-password` - Reset password with token
**Database**:
- Add `email_verified` column to `identity.users`
- Add `email_verified_at` column
- Create `email_verification_tokens` table
- Create `password_reset_tokens` table
**Email Templates**:
- Welcome + verification email
- Password reset email
- Password changed confirmation email
**Tests**:
- 20+ integration tests
- Email delivery verification (use test inbox)
- Token expiration tests
- Rate limiting tests
### Success Criteria
- ✅ Emails sent successfully (99% delivery rate)
- ✅ Verification flow completes in < 30 seconds
- Password reset flow completes in < 30 seconds
- Rate limiting prevents abuse
- 100% test coverage
---
## Day 8: Project-Level Roles + Audit Logging
**Duration**: 8 hours
**Priority**: P0 (Critical - Required for M1 Projects module)
**Dependencies**: Day 6 (Role Management API)
### Objectives
1. Design and implement project-level role system
2. Implement role inheritance logic
3. Create authorization policies for project operations
4. Implement comprehensive audit logging
5. Prepare for M1.1 Projects CRUD
### Deliverables
**Domain Layer**:
- `ProjectRole` enum (ProjectOwner, ProjectManager, ProjectMember, ProjectGuest)
- `UserProjectRole` entity
- `IUserProjectRoleRepository` interface
- Role inheritance rules:
- TenantOwner ProjectOwner (all projects)
- TenantAdmin ProjectManager (all projects)
- Project-specific roles override tenant defaults
**Database**:
```sql
CREATE TABLE projects.user_project_roles (
id UUID PRIMARY KEY,
user_id UUID NOT NULL,
project_id UUID NOT NULL,
role VARCHAR(50) NOT NULL,
assigned_at TIMESTAMP NOT NULL,
assigned_by_user_id UUID NULL,
UNIQUE(user_id, project_id)
);
```
**Authorization Policies**:
- `RequireProjectOwner` - Full control over project
- `RequireProjectManager` - Manage tasks and team
- `RequireProjectMember` - Create and update tasks
- `RequireProjectAccess` - Read-only access
**Audit Logging**:
```sql
CREATE TABLE audit.audit_logs (
id UUID PRIMARY KEY,
tenant_id UUID NOT NULL,
user_id UUID NOT NULL,
action VARCHAR(100) NOT NULL,
entity_type VARCHAR(50) NOT NULL,
entity_id UUID NULL,
old_value JSONB NULL,
new_value JSONB NULL,
ip_address VARCHAR(50) NULL,
user_agent VARCHAR(500) NULL,
timestamp TIMESTAMP NOT NULL DEFAULT NOW()
);
```
**API Endpoints**:
1. `POST /api/projects/{projectId}/members` - Add member to project
2. `PUT /api/projects/{projectId}/members/{userId}/role` - Update member role
3. `DELETE /api/projects/{projectId}/members/{userId}` - Remove member
4. `GET /api/projects/{projectId}/members` - List project members
5. `GET /api/audit/logs` - Query audit logs (TenantOwner only)
**Tests**:
- 25+ integration tests
- Role inheritance tests
- Authorization policy tests
- Audit log verification
### Success Criteria
- Role inheritance works correctly
- All API operations logged
- Authorization policies enforce project-level permissions
- 100% test coverage
---
## Day 9: M1 Core Projects Module - Multi-Tenant Update
**Duration**: 8 hours
**Priority**: P0 (Critical - M1.1 core feature)
**Dependencies**: Day 8 (Project-level roles)
### Objectives
1. Update existing Projects module for multi-tenancy
2. Add project-level authorization
3. Integrate project roles
4. Complete Epics, Stories, Tasks multi-tenant update
5. Test full workflow (register create project manage tasks)
### Deliverables
**Database Migration**:
- Add `tenant_id` column to `projects.projects`
- Add `tenant_id` column to `projects.epics`
- Add `tenant_id` column to `projects.stories`
- Add `tenant_id` column to `projects.tasks`
- Update foreign keys
- Add EF Core global query filters
**Application Layer Updates**:
- Update all commands to include tenant context
- Add project role validation
- Update queries to filter by tenant
**API Updates**:
- Protect all endpoints with project-level authorization
- Example: `[Authorize(Policy = "RequireProjectMember")]`
- Add tenant validation middleware
**Tests**:
- 30+ integration tests
- Cross-tenant isolation tests
- Project role authorization tests
- Full workflow tests (E2E)
### Success Criteria
- All Projects/Epics/Stories/Tasks isolated by tenant
- Project-level authorization works
- No cross-tenant data leakage
- 100% test coverage
- Full E2E workflow passes
---
## Day 10: Kanban Workflow + Sprint Management
**Duration**: 8 hours
**Priority**: P1 (High - M1.1 core feature)
**Dependencies**: Day 9 (Projects module updated)
### Objectives
1. Implement Sprint management
2. Enhance Kanban board with sprint support
3. Add sprint burndown chart data
4. Implement sprint velocity tracking
5. Complete M1.1 core features
### Deliverables
**Domain Layer**:
- `Sprint` entity
- `SprintId` value object
- Sprint status (Planning, Active, Completed)
- Sprint business rules (start/end dates, task capacity)
**Database**:
```sql
CREATE TABLE projects.sprints (
id UUID PRIMARY KEY,
project_id UUID NOT NULL,
tenant_id UUID NOT NULL,
name VARCHAR(100) NOT NULL,
goal TEXT NULL,
start_date DATE NOT NULL,
end_date DATE NOT NULL,
status VARCHAR(20) NOT NULL,
created_at TIMESTAMP NOT NULL,
FOREIGN KEY (project_id) REFERENCES projects.projects(id)
);
ALTER TABLE projects.tasks
ADD COLUMN sprint_id UUID NULL,
ADD CONSTRAINT fk_tasks_sprints FOREIGN KEY (sprint_id) REFERENCES projects.sprints(id);
```
**API Endpoints**:
1. `POST /api/projects/{projectId}/sprints` - Create sprint
2. `PUT /api/projects/{projectId}/sprints/{sprintId}` - Update sprint
3. `DELETE /api/projects/{projectId}/sprints/{sprintId}` - Delete sprint
4. `POST /api/projects/{projectId}/sprints/{sprintId}/start` - Start sprint
5. `POST /api/projects/{projectId}/sprints/{sprintId}/complete` - Complete sprint
6. `GET /api/projects/{projectId}/sprints` - List sprints
7. `GET /api/projects/{projectId}/sprints/{sprintId}/burndown` - Burndown data
8. `POST /api/projects/{projectId}/tasks/{taskId}/assign-to-sprint` - Add task to sprint
**Analytics**:
- Sprint burndown chart data (remaining story points per day)
- Sprint velocity (completed story points per sprint)
- Sprint completion percentage
- Team capacity utilization
**Tests**:
- 20+ integration tests
- Sprint workflow tests
- Burndown calculation tests
- Velocity tracking tests
### Success Criteria
- Full sprint lifecycle works (create start complete)
- Tasks can be assigned to sprints
- Burndown chart data accurate
- Velocity tracking functional
- 100% test coverage
- **M1.1 COMPLETE**
---
## Summary Timeline
| Day | Feature | Priority | Hours | Dependencies | Risk |
|-----|---------|----------|-------|--------------|------|
| **6** | Role Management API | P0 | 6-8 | Day 5 RBAC | LOW |
| **7** | Email Service + Verification + Password Reset | P1 | 8 | None | MEDIUM |
| **8** | Project-Level Roles + Audit Logging | P0 | 8 | Day 6 | MEDIUM |
| **9** | Projects Multi-Tenant Update | P0 | 8 | Day 8 | MEDIUM |
| **10** | Kanban Workflow + Sprint Management | P1 | 8 | Day 9 | LOW |
**Total Days**: 5 days (Days 6-10)
**Total Hours**: 38-40 hours
**Critical Path**: Day 6 Day 8 Day 9 Day 10
---
## Milestone Completion Status
### M1.1 - Core Project Module (Days 1-10)
**Progress**: 83% 100% (after Day 10)
**Completed** (Days 1-5):
- Domain layer (Projects, Epics, Stories, Tasks)
- Infrastructure layer (EF Core, PostgreSQL)
- Application layer (CQRS commands/queries)
- API layer (RESTful endpoints)
- Unit tests (96.98% coverage)
- JWT authentication
- Refresh token mechanism
- RBAC system (5 tenant roles)
**Remaining** (Days 6-10):
- [ ] Role Management API (Day 6)
- [ ] Email verification (Day 7)
- [ ] Project-level roles (Day 8)
- [ ] Multi-tenant Projects update (Day 9)
- [ ] Sprint management (Day 10)
**After Day 10**:
- M1.1 **100% COMPLETE**
- Ready for M1.2 (SSO Integration)
- Ready for M2 (MCP Server)
---
## Days 11-12: M2 MCP Server Foundation (Optional Extension)
**Duration**: 16 hours (2 days)
**Priority**: P0 (Critical for M2 milestone)
**Dependencies**: Days 6-10 complete
### Objectives
1. Design MCP authentication architecture
2. Implement MCP token generation
3. Create preview and approval workflow
4. Implement basic MCP resources
5. Implement basic MCP tools
### High-Level Deliverables
**MCP Authentication**:
- MCP token format: `mcp_<tenant_slug>_<random_32_chars>`
- Token scopes: read, create, update, delete, execute
- Token expiration: 90 days (configurable)
- Token revocation
**Database**:
```sql
CREATE TABLE identity.mcp_tokens (
id UUID PRIMARY KEY,
tenant_id UUID NOT NULL,
token_hash VARCHAR(500) NOT NULL UNIQUE,
name VARCHAR(100) NOT NULL,
scopes JSONB NOT NULL,
expires_at TIMESTAMP NOT NULL,
created_by_user_id UUID NOT NULL,
created_at TIMESTAMP NOT NULL,
last_used_at TIMESTAMP NULL
);
```
**Preview System**:
```sql
CREATE TABLE mcp.previews (
id UUID PRIMARY KEY,
tenant_id UUID NOT NULL,
mcp_token_id UUID NOT NULL,
operation VARCHAR(100) NOT NULL,
entity_type VARCHAR(50) NOT NULL,
entity_id UUID NULL,
diff JSONB NOT NULL,
status VARCHAR(20) NOT NULL, -- Pending, Approved, Rejected
created_at TIMESTAMP NOT NULL,
reviewed_by_user_id UUID NULL,
reviewed_at TIMESTAMP NULL
);
```
**MCP Resources** (Read-only):
- `projects.search` - Search projects
- `projects.get` - Get project details
- `tasks.list` - List tasks
- `tasks.get` - Get task details
- `reports.daily` - Daily progress report
**MCP Tools** (Write with preview):
- `create_task` - Create task (requires approval)
- `update_task_status` - Update task status (requires approval)
- `add_comment` - Add comment to task (auto-approved)
- `assign_task` - Assign task to user (requires approval)
**API Endpoints**:
1. `POST /api/mcp/tokens` - Generate MCP token
2. `GET /api/mcp/tokens` - List tokens
3. `DELETE /api/mcp/tokens/{tokenId}` - Revoke token
4. `POST /api/mcp/preview` - Create preview for approval
5. `POST /api/mcp/preview/{previewId}/approve` - Approve preview
6. `POST /api/mcp/preview/{previewId}/reject` - Reject preview
7. `GET /api/mcp/resources/{resourceId}` - MCP resource endpoint
8. `POST /api/mcp/tools/{toolName}` - MCP tool endpoint
**Tests**:
- 40+ integration tests
- MCP authentication tests
- Preview workflow tests
- Resource access tests
- Tool execution tests
### Success Criteria
- MCP tokens generated and validated
- Preview workflow works (create approve/reject execute)
- All MCP resources accessible
- All MCP tools functional
- 100% test coverage
- **M2.1 Foundation COMPLETE**
---
## Risk Management
### High-Risk Items
| Risk | Impact | Probability | Mitigation |
|------|--------|-------------|------------|
| Day 8 complexity (project roles) | HIGH | MEDIUM | Start simple, iterate later |
| Email service delays (Day 7) | MEDIUM | MEDIUM | Use SMTP fallback |
| Scope creep (Days 11-12) | HIGH | HIGH | Strictly time-box, defer to Sprint 3 |
| Cross-tenant bugs (Day 9) | HIGH | LOW | Comprehensive integration tests |
### Mitigation Strategies
1. **Daily check-ins**: Review progress at end of each day
2. **Time-boxing**: Strictly limit each day to 8 hours
3. **Test-first approach**: Write tests before implementation
4. **Code reviews**: Backend agent reviews all code
5. **Incremental delivery**: Deploy after each day
---
## Success Metrics
### Sprint Success Criteria (Days 6-10)
- All deliverables completed on time
- Zero critical bugs in production
- 100% test coverage maintained
- M1.1 milestone 100% complete
- Ready for M2 MCP integration
### Quality Metrics
- **Test Coverage**: 85% (current: 96.98%)
- **API Response Time**: < 200ms (p95)
- **Bug Density**: 0.5 bugs per feature
- **Code Quality**: No SonarQube violations
- **Documentation**: 100% API endpoints documented
### Business Metrics
- **Feature Completion Rate**: 100% (no deferred features)
- **Development Velocity**: 5 features in 5 days
- **Time to Market**: M1.1 completed in 10 days (on schedule)
- **Customer Value**: Complete authentication + authorization + role management
---
## Recommendations
### Immediate Actions (Day 6)
1. Approve Day 6 planning document
2. Assign Role Management API to backend agent
3. Begin implementation (6-8 hours)
4. Deploy to development environment
### Medium-Term Actions (Days 7-10)
1. Review and approve each day's plan before starting
2. Daily progress check-ins
3. Continuous integration testing
4. Code reviews after each feature
### Long-Term Actions (M2)
1. Plan M2 MCP integration (16-hour sprint)
2. Design AI agent interaction patterns
3. Implement preview and approval workflow
4. Test ChatGPT/Claude integration
---
## Alternative Scenarios
### Scenario 1: Days 11-12 Deferred
**If** scope exceeds 10 days:
- **Action**: Defer MCP foundation to Sprint 3
- **Impact**: Delays M2 milestone by 1-2 weeks
- **Mitigation**: Focus on M1.1 completion first
### Scenario 2: Email Service Issues (Day 7)
**If** SendGrid integration fails:
- **Action**: Use SMTP fallback (Gmail or local SMTP)
- **Impact**: Slower email delivery, no analytics
- **Mitigation**: Implement SendGrid in Sprint 3
### Scenario 3: Project Roles Too Complex (Day 8)
**If** role inheritance exceeds 8 hours:
- **Action**: Simplify to basic project roles (no inheritance)
- **Impact**: TenantOwner must be explicitly added to projects
- **Mitigation**: Add inheritance in Sprint 3
---
## Conclusion
**Days 7-10 Roadmap**: Comprehensive plan to complete M1.1 milestone
**Key Milestones**:
- Day 7: Email infrastructure
- Day 8: Project-level authorization
- Day 9: Multi-tenant Projects
- Day 10: Sprint management
- **M1.1 100% COMPLETE**
**Next Sprint** (M1.2 - Optional):
- Days 11-12: MCP Server foundation
- M2 milestone kickoff
**Strategic Value**:
- Complete authentication/authorization stack
- Enable multi-tenant SaaS operations
- Prepare for AI/MCP integration
- Deliver enterprise-grade features
---
**Document Status**: Planning Complete - Ready for Execution
**Prepared By**: Product Manager Agent
**Date**: 2025-11-03
**Version**: 1.0