curo1305
2.3 KiB
2.3 KiB
Project State
Project: DocuVault Status: Planning Current Phase: — Last Updated: 2026-05-21
Phase Status
| Phase | Name | Status |
|---|---|---|
| 1 | Infrastructure Foundation | Not Started |
| 2 | Users & Authentication | Not Started |
| 3 | Document Migration & Multi-User Isolation | Not Started |
| 4 | Folders, Sharing, Quotas & Document UX | Not Started |
| 5 | Cloud Storage Backends | Not Started |
Current Position
Phase: — Plan: — Progress: ░░░░░░░░░░ 0%
Performance Metrics
| Metric | Value |
|---|---|
| Phases complete | 0 / 5 |
| Requirements mapped | 54 / 54 |
| Plans written | 0 |
| Plans complete | 0 |
Accumulated Context
Key Decisions
| Decision | Rationale |
|---|---|
| PostgreSQL + MinIO | Multi-user quotas and horizontal scaling require shared, consistent state |
| HKDF per-user key derivation | Single Fernet key would be catastrophic on leak — must be derived before first credential is stored |
| Presigned MinIO URL flow | FastAPI handles metadata only; bytes never pass through the API layer |
| Atomic PostgreSQL quota UPDATE | Never perform quota arithmetic in Python between two DB statements |
| JWT in httpOnly cookie | Refresh token in httpOnly cookie; access token in Pinia memory only — never localStorage |
| Refresh token family revocation | RFC 9700 — reuse of a rotated token revokes entire family and alerts user |
| BackgroundTasks replacement | FastAPI BackgroundTasks is per-instance; replace with Celery+Redis or pgqueuer before horizontal scale |
| Admin impersonation excluded | Explicit architectural exclusion — no endpoint or UI pathway; violates privacy-first core value |
Open Questions
- Celery + Redis vs pgqueuer for Phase 3 (depends on Redis availability in deployment target)
- Verify cloud SDK minor versions on PyPI before Phase 5 pinning
- Confirm PyOTP
valid_windowdefault in current docs (recommendvalid_window=1for ±30s clock drift) - Audit existing codebase for any bcrypt hashes before removing passlib in Phase 2
Blockers
None.
Session Continuity
Updated at each phase transition.
| Field | Value |
|---|---|
| Last session | 2026-05-21 — Roadmap created |
| Next action | Run /gsd:plan-phase 1 to begin Phase 1 planning |
| Pending decisions | See Open Questions above |