medo94my/multitenetsaas
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

project initialization
Some checks failed
System Monitoring / Health Checks (push) Has been cancelled
Details
System Monitoring / Performance Monitoring (push) Has been cancelled
Details
System Monitoring / Database Monitoring (push) Has been cancelled
Details
System Monitoring / Cache Monitoring (push) Has been cancelled
Details
System Monitoring / Log Monitoring (push) Has been cancelled
Details
System Monitoring / Resource Monitoring (push) Has been cancelled
Details
System Monitoring / Uptime Monitoring (push) Has been cancelled
Details
System Monitoring / Backup Monitoring (push) Has been cancelled
Details
System Monitoring / Security Monitoring (push) Has been cancelled
Details
System Monitoring / Monitoring Dashboard (push) Has been cancelled
Details
System Monitoring / Alerting (push) Has been cancelled
Details
Security Scanning / Dependency Scanning (push) Has been cancelled
Details
Security Scanning / Code Security Scanning (push) Has been cancelled
Details
Security Scanning / Secrets Scanning (push) Has been cancelled
Details
Security Scanning / Container Security Scanning (push) Has been cancelled
Details
Security Scanning / Compliance Checking (push) Has been cancelled
Details
Security Scanning / Security Dashboard (push) Has been cancelled
Details
Security Scanning / Security Remediation (push) Has been cancelled
Details

Browse Source
This commit is contained in:
AHMET YILMAZ
2025-10-05 02:37:33 +08:00
parent 2cbb6d5fa1
commit b3fff546e9
226 changed files with 97805 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1331
specs/001-1-target-sectors/contracts/api.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

393
specs/001-1-target-sectors/data-model.md Normal file
View File

@@ -0,0 +1,393 @@
# Data Model
## Core Entities
### Tenant
**Purpose**: Represents a business organization with isolated data and workspace
**Fields**:
- `id` (UUID): Primary key
- `name` (String): Business name
- `slug` (String): URL-friendly identifier
- `email` (String): Primary contact email
- `phone` (String): Business phone number
- `address` (JSON): Business address (Malaysian format)
- `business_type` (Enum): RETAIL, HEALTHCARE, EDUCATION, LOGISTICS, BEAUTY
- `subscription_plan` (Enum): STARTER, GROWTH, PRO, ENTERPRISE
- `pricing_model` (Enum): SUBSCRIPTION, PERPETUAL
- `status` (Enum): PENDING, ACTIVE, SUSPENDED, TERMINATED
- `logo_url` (String): Company logo
- `settings` (JSON): Tenant-specific settings
- `created_at` (DateTime): Tenant creation timestamp
- `updated_at` (DateTime): Last update timestamp
- `trial_ends_at` (DateTime): Trial period end
- `subscription_ends_at` (DateTime): Current subscription end
**Relationships**:
- Has many Users
- Has many Subscriptions
- Has many Modules (through subscriptions)
- Has many Business Data entities
### User
**Purpose**: Individuals within tenant organizations with roles and permissions
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `email` (String): User email (unique within tenant)
- `first_name` (String): User first name
- `last_name` (String): User last name
- `phone` (String): User phone number
- `role` (Enum): ADMIN, MANAGER, STAFF, VIEWER
- `status` (Enum): PENDING, ACTIVE, INACTIVE, DISABLED
- `last_login` (DateTime): Last login timestamp
- `created_at` (DateTime): User creation timestamp
- `updated_at` (DateTime): Last update timestamp
- `auth_methods` (JSON): Enabled authentication methods
- `mfa_enabled` (Boolean): Multi-factor authentication status
- `password_hash` (String): Encrypted password
**Relationships**:
- Belongs to Tenant
- Has many Permissions
- Has many Audit Logs
### Subscription
**Purpose**: Defines pricing plan, billing cycle, and module access for tenants
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `plan_type` (Enum): STARTER, GROWTH, PRO, ENTERPRISE
- `billing_cycle` (Enum): MONTHLY, YEARLY, ONE_TIME
- `status` (Enum): ACTIVE, CANCELLED, EXPIRED, PENDING
- `starts_at` (DateTime): Subscription start date
- `ends_at` (DateTime): Subscription end date
- `renews_at` (DateTime): Next renewal date
- `amount` (Decimal): Subscription amount
- `currency` (String): Currency code (MYR)
- `payment_method` (String): Payment method token
- `module_limit` (Integer): Number of modules allowed
- `user_limit` (Integer): Number of users allowed
- `features` (JSON): Enabled features
- `created_at` (DateTime): Subscription creation timestamp
- `updated_at` (DateTime): Last update timestamp
**Relationships**:
- Belongs to Tenant
- Has many Subscription Modules
- Has many Payment Transactions
### Module
**Purpose**: Industry-specific business functionality packages
**Fields**:
- `id` (UUID): Primary key
- `name` (String): Module name
- `slug` (String): URL-friendly identifier
- `description` (String): Module description
- `industry` (Enum): RETAIL, HEALTHCARE, EDUCATION, LOGISTICS, BEAUTY
- `version` (String): Module version
- `status` (Enum): ACTIVE, INACTIVE, BETA
- `features` (JSON): Module features
- `requirements` (JSON): System requirements
- `created_at` (DateTime): Module creation timestamp
- `updated_at` (DateTime): Last update timestamp
**Relationships**:
- Has many Subscription Modules
- Has many Module Permissions
### Subscription Module
**Purpose**: Links subscriptions to specific modules
**Fields**:
- `id` (UUID): Primary key
- `subscription_id` (UUID): Foreign key to Subscription
- `module_id` (UUID): Foreign key to Module
- `status` (Enum): ACTIVE, INACTIVE, EXPIRED
- `activated_at` (DateTime): Activation timestamp
- `expires_at` (DateTime): Expiration timestamp
- `settings` (JSON): Module-specific settings
**Relationships**:
- Belongs to Subscription
- Belongs to Module
### Payment Transaction
**Purpose**: Records of billing and payments
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `subscription_id` (UUID): Foreign key to Subscription
- `type` (Enum): CHARGE, REFUND, CREDIT, ADJUSTMENT
- `amount` (Decimal): Transaction amount
- `currency` (String): Currency code (MYR)
- `status` (Enum): PENDING, COMPLETED, FAILED, REFUNDED
- `payment_method` (String): Payment method used
- `transaction_id` (String): External transaction ID
- `description` (String): Transaction description
- `created_at` (DateTime): Transaction creation timestamp
- `updated_at` (DateTime): Last update timestamp
**Relationships**:
- Belongs to Tenant
- Belongs to Subscription
## Industry-Specific Models
### Retail Module
#### Product
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `name` (String): Product name
- `sku` (String): Stock keeping unit
- `description` (String): Product description
- `category` (String): Product category
- `price` (Decimal): Product price
- `cost` (Decimal): Product cost
- `stock_quantity` (Integer): Current stock
- `reorder_point` (Integer): Reorder threshold
- `supplier_id` (UUID): Supplier reference
- `status` (Enum): ACTIVE, INACTIVE, DISCONTINUED
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
#### Sale
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `invoice_number` (String): Invoice number
- `customer_id` (UUID): Customer reference
- `subtotal` (Decimal): Sale subtotal
- `tax` (Decimal): Tax amount
- `total` (Decimal): Sale total
- `payment_method` (String): Payment method
- `status` (Enum): PENDING, COMPLETED, REFUNDED
- `created_at` (DateTime): Sale timestamp
- `updated_at` (DateTime): Last update timestamp
### Healthcare Module
#### Patient
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `medical_record_number` (String): Medical record number
- `first_name` (String): Patient first name
- `last_name` (String): Patient last name
- `ic_number` (String): Malaysian IC number
- `date_of_birth` (Date): Date of birth
- `gender` (Enum): MALE, FEMALE, OTHER
- `phone` (String): Phone number
- `email` (String): Email address
- `address` (JSON): Patient address
- `blood_type` (String): Blood type
- `allergies` (JSON): Known allergies
- `medical_conditions` (JSON): Medical conditions
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
#### Appointment
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `patient_id` (UUID): Foreign key to Patient
- `doctor_id` (UUID): Foreign key to User (doctor)
- `appointment_date` (DateTime): Appointment date and time
- `duration` (Integer): Duration in minutes
- `status` (Enum): SCHEDULED, CONFIRMED, COMPLETED, CANCELLED, NO_SHOW
- `type` (Enum): CONSULTATION, FOLLOW_UP, PROCEDURE
- `notes` (Text): Appointment notes
- `reminder_sent` (Boolean): Reminder sent status
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
### Education Module
#### Student
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `student_id` (String): Student ID
- `first_name` (String): Student first name
- `last_name` (String): Student last name
- `date_of_birth` (Date): Date of birth
- `grade_level` (String): Grade level
- `parent_id` (UUID): Parent user reference
- `enrollment_date` (Date): Enrollment date
- `status` (Enum): ACTIVE, INACTIVE, GRADUATED)
- `emergency_contact` (JSON): Emergency contact information
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
#### Class
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `name` (String): Class name
- `grade_level` (String): Grade level
- `teacher_id` (UUID): Teacher user reference
- `max_students` (Integer): Maximum students
- `schedule` (JSON): Class schedule
- `academic_year` (String): Academic year
- `status` (Enum): ACTIVE, INACTIVE)
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
### Logistics Module
#### Shipment
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `tracking_number` (String): Tracking number
- `order_id` (String): Order reference
- `sender_id` (UUID): Sender reference
- `recipient_id` (UUID): Recipient reference
- `origin` (JSON): Origin address
- `destination` (JSON): Destination address
- `weight` (Decimal): Package weight
- `dimensions` (JSON): Package dimensions
- `status` (Enum): PENDING, IN_TRANSIT, DELIVERED, FAILED)
- `estimated_delivery` (DateTime): Estimated delivery
- `actual_delivery` (DateTime): Actual delivery
- `carrier` (String): Shipping carrier
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
#### Vehicle
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `plate_number` (String): Vehicle plate number
- `type` (String): Vehicle type
- `capacity` (Decimal): Vehicle capacity
- `driver_id` (UUID): Driver user reference
- `status` (Enum): ACTIVE, INACTIVE, MAINTENANCE)
- `location` (JSON): Current location
- `last_maintenance` (Date): Last maintenance date
- `next_maintenance` (Date): Next maintenance date
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
### Beauty Module
#### Client
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `first_name` (String): Client first name
- `last_name` (String): Client last name
- `phone` (String): Phone number
- `email` (String): Email address
- `date_of_birth` (Date): Date of birth
- `address` (JSON): Client address
- `preferences` (JSON): Service preferences
- `notes` (Text): Client notes
- `loyalty_points` (Integer): Loyalty points
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
#### Service
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `name` (String): Service name
- `description` (String): Service description
- `duration` (Integer): Duration in minutes
- `price` (Decimal): Service price
- `category` (String): Service category
- `status` (Enum): ACTIVE, INACTIVE)
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
## Audit & Compliance Models
### AuditLog
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `user_id` (UUID): Foreign key to User
- `action` (String): Action performed
- `entity_type` (String): Type of entity affected
- `entity_id` (UUID): ID of entity affected
- `old_values` (JSON): Previous values
- `new_values` (JSON): New values
- `ip_address` (String): User IP address
- `user_agent` (String): User agent
- `timestamp` (DateTime): Event timestamp
### DataRetention
**Fields**:
- `id` (UUID): Primary key
- `tenant_id` (UUID): Foreign key to Tenant
- `entity_type` (String): Type of data
- `entity_id` (UUID): ID of entity
- `deletion_date` (DateTime): Scheduled deletion date
- `status` (Enum): ACTIVE, DELETED, ARCHIVED)
- `created_at` (DateTime): Creation timestamp
- `updated_at` (DateTime): Last update timestamp
## Relationships Summary
```
Tenant (1) → Many Users
Tenant (1) → Many Subscriptions
Tenant (1) → Many AuditLogs
Tenant (1) → Many DataRetention
Subscription (1) → Many SubscriptionModules
Subscription (1) → Many PaymentTransactions
Module (1) → Many SubscriptionModules
User (1) → Many AuditLogs
```
## Validation Rules
### Tenant Validation
- Name must be unique across all tenants
- Email must be valid format
- Phone number must follow Malaysian format
- Business type must be one of the supported industries
### User Validation
- Email must be unique within tenant
- Role must be valid for user's permissions
- Password must meet security requirements
### Subscription Validation
- Plan type must match module limits
- Billing cycle must be valid for plan type
- Amount must match plan pricing
### Data Isolation
- All queries must include tenant_id filter
- Foreign key relationships must respect tenant boundaries
- Cross-tenant data access must be explicitly prevented
## Compliance Requirements
### PDPA 2010 Compliance
- All personal data must be encrypted at rest
- Data access must be logged and auditable
- Data retention policies must be enforced
- User consent must be obtained and recorded
### Healthcare Data Protection
- Patient data must have additional access controls
- Medical records must have audit trails
- Emergency access must be logged and reviewed
- Data backup procedures must be HIPAA-compliant
### Financial Data Protection
- Payment information must be tokenized
- Financial transactions must have audit trails
- Access to financial data must be restricted
- Compliance with Bank Negara Malaysia requirements

234
specs/001-1-target-sectors/plan.md Normal file
View File

@@ -0,0 +1,234 @@
# Implementation Plan: Multi-Tenant SaaS Platform for Malaysian SMEs
**Branch**: `001-1-target-sectors` | **Date**: 2025-10-04 | **Spec**: /specs/001-1-target-sectors/spec.md
**Input**: Feature specification from `/specs/001-1-target-sectors/spec.md`
## Execution Flow (/plan command scope)
```
1. Load feature spec from Input path
→ If not found: ERROR "No feature spec at {path}"
2. Fill Technical Context (scan for NEEDS CLARIFICATION)
→ Detect Project Type from file system structure or context (web=frontend+backend, mobile=app+api)
→ Set Structure Decision based on project type
3. Fill the Constitution Check section based on the content of the constitution document.
4. Evaluate Constitution Check section below
→ If violations exist: Document in Complexity Tracking
→ If no justification possible: ERROR "Simplify approach first"
→ Update Progress Tracking: Initial Constitution Check
5. Execute Phase 0 → research.md
→ If NEEDS CLARIFICATION remain: ERROR "Resolve unknowns"
6. Execute Phase 1 → contracts, data-model.md, quickstart.md, agent-specific template file (e.g., `CLAUDE.md` for Claude Code, `.github/copilot-instructions.md` for GitHub Copilot, `GEMINI.md` for Gemini CLI, `QWEN.md` for Qwen Code, or `AGENTS.md` for all other agents).
7. Re-evaluate Constitution Check section
→ If new violations: Refactor design, return to Phase 1
→ Update Progress Tracking: Post-Design Constitution Check
8. Plan Phase 2 → Describe task generation approach (DO NOT create tasks.md)
9. STOP - Ready for /tasks command
```
**IMPORTANT**: The /plan command STOPS at step 7. Phases 2-4 are executed by other commands:
- Phase 2: /tasks command creates tasks.md
- Phase 3-4: Implementation execution (manual or via tools)
## Summary
Multi-tenant SaaS platform targeting Malaysian SMEs with industry-specific modules (Retail, Healthcare, Education, Logistics, Beauty). Features include modular architecture, dual pricing models (subscription and perpetual license), multi-tenant data isolation, and comprehensive business management tools for each sector.
## Technical Context
**Language/Version**: Python 3.11+ with Django/FastAPI for backend, React/Next.js for frontend
**Primary Dependencies**: Django/FastAPI, PostgreSQL, React/Next.js, Stripe API, Redis, Docker
**Storage**: PostgreSQL with row-level security for multi-tenant isolation
**Testing**: pytest for backend, Jest for frontend, integration tests for APIs
**Target Platform**: Web-based SaaS platform (Linux servers)
**Project Type**: Web application (backend + frontend)
**Performance Goals**: 1000 concurrent users, <200ms response time for 95% of requests
**Constraints**: Multi-tenant data isolation, Malaysian payment method integration, healthcare compliance standards
**Scale/Scope**: 100 tenants with 10 users each (expandable), 5 industry modules
## Constitution Check
*GATE: Must pass before Phase 0 research. Re-check after Phase 1 design.*
**Constitution Status**: Template placeholders detected - actual constitution needs to be defined
- Core principles not yet defined
- Testing approach needs constitutional alignment
- Governance structure requires specification
**Recommendation**: Define constitution before proceeding with implementation to ensure alignment with project values and standards.
## Project Structure
### Documentation (this feature)
```
specs/001-1-target-sectors/
├── plan.md # This file (/plan command output)
├── research.md # Phase 0 output (/plan command)
├── data-model.md # Phase 1 output (/plan command)
├── quickstart.md # Phase 1 output (/plan command)
├── contracts/ # Phase 1 output (/plan command)
└── tasks.md # Phase 2 output (/tasks command - NOT created by /plan)
```
### Source Code (repository root)
```
backend/
├── src/
│ ├── core/ # Core multi-tenant infrastructure
│ │ ├── models/ # Base tenant, user, subscription models
│ │ ├── auth/ # Authentication and authorization
│ │ ├── billing/ # Subscription and payment handling
│ │ └── admin/ # Back office administration
│ ├── modules/ # Industry-specific modules
│ │ ├── retail/ # Retail & Food Stalls module
│ │ ├── healthcare/ # Healthcare module
│ │ ├── education/ # Education module
│ │ ├── logistics/ # Logistics module
│ │ └── beauty/ # Beauty & Personal Care module
│ └── api/ # REST API endpoints
├── tests/
│ ├── contract/ # API contract tests
│ ├── integration/ # Module integration tests
│ └── unit/ # Unit tests
└── migrations/ # Database migrations
frontend/
├── src/
│ ├── components/ # Reusable UI components
│ ├── pages/ # Application pages
│ ├── modules/ # Module-specific components
│ ├── hooks/ # Custom React hooks
│ ├── services/ # API service layer
│ └── utils/ # Utility functions
├── tests/ # Frontend tests
└── public/ # Static assets
shared/
├── types/ # TypeScript type definitions
└── contracts/ # Shared API contracts
docker/ # Docker configuration
├── backend/
├── frontend/
└── postgres/
docs/ # Project documentation
└── api/ # API documentation
```
**Structure Decision**: Web application with separate backend/frontend for scalability and independent deployment. Modular backend structure allows for plug-and-play industry modules. Shared types ensure API consistency.
## Progress Tracking
- [x] Phase 0: Research completed (research.md generated)
- [x] Phase 1: Design completed (data-model.md, contracts/, quickstart.md generated)
- [x] Phase 2: Task planning (122 tasks created in tasks.md)
- [ ] Phase 3: Task execution (ready to begin)
- [ ] Phase 4: Implementation (pending)
- [ ] Phase 5: Validation (pending)
## Phase 0: Outline & Research
1. **Extract unknowns from Technical Context** above:
- For each NEEDS CLARIFICATION research task
- For each dependency best practices task
- For each integration patterns task
2. **Generate and dispatch research agents**:
```
For each unknown in Technical Context:
Task: "Research {unknown} for {feature context}"
For each technology choice:
Task: "Find best practices for {tech} in {domain}"
```
3. **Consolidate findings** in `research.md` using format:
- Decision: [what was chosen]
- Rationale: [why chosen]
- Alternatives considered: [what else evaluated]
**Output**: research.md with all NEEDS CLARIFICATION resolved
## Phase 1: Design & Contracts
*Prerequisites: research.md complete*
1. **Extract entities from feature spec** → `data-model.md`:
- Entity name, fields, relationships
- Validation rules from requirements
- State transitions if applicable
2. **Generate API contracts** from functional requirements:
- For each user action → endpoint
- Use standard REST/GraphQL patterns
- Output OpenAPI/GraphQL schema to `/contracts/`
3. **Generate contract tests** from contracts:
- One test file per endpoint
- Assert request/response schemas
- Tests must fail (no implementation yet)
4. **Extract test scenarios** from user stories:
- Each story → integration test scenario
- Quickstart test = story validation steps
5. **Update agent file incrementally** (O(1) operation):
- Run `.specify/scripts/bash/update-agent-context.sh claude`
**IMPORTANT**: Execute it exactly as specified above. Do not add or remove any arguments.
- If exists: Add only NEW tech from current plan
- Preserve manual additions between markers
- Update recent changes (keep last 3)
- Keep under 150 lines for token efficiency
- Output to repository root
**Output**: data-model.md, /contracts/*, failing tests, quickstart.md, agent-specific file
## Phase 2: Task Planning Approach
*This section describes what the /tasks command will do - DO NOT execute during /plan*
**Task Generation Strategy**:
- Load `.specify/templates/tasks-template.md` as base
- Generate tasks from Phase 1 design docs (contracts, data model, quickstart)
- Each contract → contract test task [P]
- Each entity → model creation task [P]
- Each user story → integration test task
- Implementation tasks to make tests pass
**Ordering Strategy**:
- TDD order: Tests before implementation
- Dependency order: Models before services before UI
- Mark [P] for parallel execution (independent files)
**Estimated Output**: 25-30 numbered, ordered tasks in tasks.md
**IMPORTANT**: This phase is executed by the /tasks command, NOT by /plan
## Phase 3+: Future Implementation
*These phases are beyond the scope of the /plan command*
**Phase 3**: Task execution (/tasks command creates tasks.md)
**Phase 4**: Implementation (execute tasks.md following constitutional principles)
**Phase 5**: Validation (run tests, execute quickstart.md, performance validation)
## Complexity Tracking
*Fill ONLY if Constitution Check has violations that must be justified*
| Violation | Why Needed | Simpler Alternative Rejected Because |
|-----------|------------|-------------------------------------|
| [e.g., 4th project] | [current need] | [why 3 projects insufficient] |
| [e.g., Repository pattern] | [specific problem] | [why direct DB access insufficient] |
## Progress Tracking
*This checklist is updated during execution flow*
**Phase Status**:
- [ ] Phase 0: Research complete (/plan command)
- [ ] Phase 1: Design complete (/plan command)
- [ ] Phase 2: Task planning complete (/plan command - describe approach only)
- [ ] Phase 3: Tasks generated (/tasks command)
- [ ] Phase 4: Implementation complete
- [ ] Phase 5: Validation passed
**Gate Status**:
- [ ] Initial Constitution Check: PASS
- [ ] Post-Design Constitution Check: PASS
- [ ] All NEEDS CLARIFICATION resolved
- [ ] Complexity deviations documented
---
*Based on Constitution v2.1.1 - See `/memory/constitution.md`*

360
specs/001-1-target-sectors/quickstart.md Normal file
View File

@@ -0,0 +1,360 @@
# Quickstart Guide
## Prerequisites
### System Requirements
- **Operating System**: Linux, macOS, or Windows (with WSL2)
- **Docker**: 20.10+
- **Docker Compose**: 2.0+
- **Python**: 3.11+ (for local development)
- **Node.js**: 18+ (for frontend development)
- **PostgreSQL**: 14+ (for local database)
### Development Environment Setup
1. **Clone the repository**
```bash
git clone <repository-url>
cd saas-platform
```
2. **Install Docker and Docker Compose**
```bash
# Verify Docker installation
docker --version
docker-compose --version
```
3. **Environment Configuration**
```bash
# Copy environment template
cp .env.template .env
# Edit environment variables
nano .env
```
## Quick Start with Docker
### 1. Start Development Environment
```bash
# Build and start all services
docker-compose up -d
# View logs
docker-compose logs -f
```
### 2. Initialize Database
```bash
# Run database migrations
docker-compose exec backend python manage.py migrate
# Create superuser
docker-compose exec backend python manage.py createsuperuser
# Load initial data
docker-compose exec backend python manage.py load_initial_data
```
### 3. Access Applications
- **Backend API**: http://localhost:8000
- **Frontend**: http://localhost:3000
- **Admin Dashboard**: http://localhost:8000/admin
- **API Documentation**: http://localhost:8000/api/docs
### 4. Stop Environment
```bash
# Stop all services
docker-compose down
# Stop and remove volumes
docker-compose down -v
```
## Local Development Setup
### Backend Development
1. **Setup Python Virtual Environment**
```bash
cd backend
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
```
2. **Database Setup**
```bash
# Start PostgreSQL
docker run --name postgres-dev -e POSTGRES_PASSWORD=devpass -p 5432:5432 -d postgres:14
# Create database
createdb saas_platform_dev
# Run migrations
python manage.py migrate
# Create superuser
python manage.py createsuperuser
```
3. **Run Backend Server**
```bash
# Start development server
python manage.py runserver
# Run with hot reload
python manage.py runserver --noreload
```
### Frontend Development
1. **Setup Node.js Environment**
```bash
cd frontend
npm install
```
2. **Environment Configuration**
```bash
cp .env.template .env.local
# Edit environment variables
```
3. **Run Frontend Development Server**
```bash
npm run dev
```
## First Steps
### 1. Create Your First Tenant
1. Access the admin dashboard: http://localhost:8000/admin
2. Login with your superuser credentials
3. Navigate to "Tenants" section
4. Click "Add Tenant" and fill in the details:
- **Name**: Your business name
- **Email**: Business email
- **Business Type**: Select industry
- **Subscription Plan**: Choose appropriate plan
### 2. Create User Accounts
1. In admin dashboard, navigate to "Users"
2. Click "Add User" and create users for your tenant
3. Assign appropriate roles (Admin, Manager, Staff, Viewer)
### 3. Activate Modules
1. Navigate to tenant's subscription
2. Select modules to activate:
- **Retail**: For stores and food stalls
- **Healthcare**: For clinics and medical practices
- **Education**: For tuition centers
- **Logistics**: For delivery companies
- **Beauty**: For salons and spas
### 4. Access Tenant Portal
1. Open frontend application: http://localhost:3000
2. Login with tenant-specific URL: `http://localhost:3000/{tenant-slug}`
3. Use credentials created in step 2
## Module Setup Guides
### Retail Module Quick Start
1. **Add Products**
```bash
# Navigate to Retail section
# Click "Products" → "Add Product"
# Fill product details and save
```
2. **Create Sale**
```bash
# Navigate to Point of Sale
# Add products to cart
# Select payment method
# Complete sale
```
3. **Check Inventory**
```bash
# View stock levels
# Set reorder points
# Monitor low stock alerts
```
### Healthcare Module Quick Start
1. **Register Patients**
```bash
# Navigate to Healthcare → Patients
# Click "Add Patient"
# Fill medical information
# Save patient record
```
2. **Schedule Appointments**
```bash
# Navigate to Appointments
# Select date and time
# Choose patient and doctor
# Set appointment type
# Confirm booking
```
### Education Module Quick Start
1. **Add Students**
```bash
# Navigate to Education → Students
# Click "Add Student"
# Fill student details
# Link parent account
# Save record
```
2. **Create Classes**
```bash
# Navigate to Classes
# Click "Add Class"
# Set schedule and teacher
# Add students to class
# Save class
```
## Testing
### Run Test Suite
```bash
# Backend tests
cd backend
pytest
# Frontend tests
cd frontend
npm test
# Integration tests
docker-compose exec backend pytest integration/
```
### API Testing
```bash
# Import Postman collection
# File: docs/api/SaaS_Platform.postman_collection.json
# Or use curl examples
curl -X GET "http://localhost:8000/api/v1/tenants/" \
-H "Authorization: Bearer YOUR_TOKEN"
```
## Deployment
### Production Deployment
1. **Environment Configuration**
```bash
# Production environment
cp .env.production .env
# Update production settings
# Set DEBUG=False
# Configure production database
# Set up SSL certificates
```
2. **Build and Deploy**
```bash
# Build production images
docker-compose -f docker-compose.prod.yml build
# Deploy to production
docker-compose -f docker-compose.prod.yml up -d
```
### Cloud Deployment Options
- **AWS**: ECS Fargate with RDS
- **Google Cloud**: Cloud Run with Cloud SQL
- **Azure**: Container Instances with Database
- **Malaysian Cloud**: MYNIC, EXABYTE, or TM One
## Troubleshooting
### Common Issues
1. **Database Connection Issues**
```bash
# Check database status
docker-compose ps postgres
# Restart database
docker-compose restart postgres
# Check logs
docker-compose logs postgres
```
2. **Backend Server Issues**
```bash
# Check backend logs
docker-compose logs backend
# Restart backend
docker-compose restart backend
# Check database migrations
docker-compose exec backend python manage.py showmigrations
```
3. **Frontend Build Issues**
```bash
# Clear node modules
rm -rf node_modules package-lock.json
# Reinstall dependencies
npm install
# Rebuild frontend
npm run build
```
### Port Conflicts
```bash
# Check port usage
lsof -i :8000
lsof -i :3000
lsof -i :5432
# Kill processes using ports
kill -9 <PID>
```
## Support
### Documentation
- **API Documentation**: http://localhost:8000/api/docs
- **Admin Guide**: docs/admin-guide.md
- **Module Documentation**: docs/modules/
- **Deployment Guide**: docs/deployment.md
### Getting Help
- **Issues**: GitHub Issues
- **Discussions**: GitHub Discussions
- **Email**: support@saas-platform.com
- **Community**: Discord community channel
### Contributing
1. Fork the repository
2. Create feature branch
3. Make your changes
4. Add tests
5. Submit pull request
## Next Steps
1. **Explore Modules**: Try out different industry modules
2. **Customize Branding**: Upload your logo and customize colors
3. **Set Up Payment**: Configure payment processors
4. **Add Users**: Invite team members
5. **Configure Notifications**: Set up email/SMS notifications
6. **Explore Reports**: Check out analytics and reporting
Happy building! 🚀

119
specs/001-1-target-sectors/research.md Normal file
View File

@@ -0,0 +1,119 @@
# Research Findings
## Multi-Tenant Architecture Decisions
### Database Multi-Tenancy Strategy
**Decision**: PostgreSQL with Row-Level Security (RLS)
**Rationale**:
- Provides strong data isolation between tenants
- Supported by Django and FastAPI
- Built-in security at database level
- Cost-effective for 100 tenant scale
- Malaysian data residency compliance
**Alternatives considered**:
- Separate databases per tenant: Too expensive at scale
- Schema-based tenancy: Complex management and migration challenges
- Application-level filtering: Higher security risk
### Backend Framework Selection
**Decision**: Django + Django REST Framework
**Rationale**:
- Built-in admin interface for back office
- Mature multi-tenant packages (django-tenants)
- Strong ORM for complex data models
- Authentication system built-in
- Malaysian developer community support
**Alternatives considered**:
- FastAPI: Better performance but less built-in admin
- Flask: Too minimal for complex business logic
- Node.js: Not ideal for Malaysian enterprise market
### Frontend Framework Selection
**Decision**: Next.js with TypeScript
**Rationale**:
- Server-side rendering for SEO
- Type safety for large codebase
- Malaysian SME users need fast, responsive UI
- Strong component ecosystem
- Easy deployment with Docker
### Authentication Strategy
**Decision**: Multi-auth approach with Django Allauth
**Rationale**: Supports all required methods:
- Email/password with MFA
- SSO integration
- OAuth providers
- Custom Malaysian National ID integration (future)
### Payment Processing
**Decision**: Stripe + Midtrans dual integration
**Rationale**:
- Stripe: International standard, subscription management
- Midtrans: Malaysian payment methods (FPX, e-wallets)
- Both support recurring billing and one-time payments
- Well-documented APIs for both frameworks
### Healthcare Compliance
**Decision**: PDPA 2010 + additional safeguards
**Rationale**:
- Malaysian Personal Data Protection Act compliance
- Audit trails for patient data access
- Data encryption at rest and in transit
- Role-based access control for healthcare data
- Ready for future international standards adoption
### Performance & Scalability
**Decision**: Vertical scaling first, with horizontal expansion path
**Rationale**:
- 100 tenants with 10 users each fits well on single server
- PostgreSQL connection pooling for efficiency
- Redis for caching and session management
- Kubernetes-ready for future expansion
- Container orchestration for consistent deployment
### Infrastructure
**Decision**: Docker + Kubernetes
**Rationale**:
- Consistent development and production environments
- Malaysian cloud provider support (AWS, Azure, Google Cloud)
- Auto-scaling capabilities
- Rolling updates without downtime
- Malaysian data center options
### Module Architecture
**Decision**: Django Apps with Plugin System
**Rationale**:
- Each industry module as separate Django app
- Shared core infrastructure
- Plugin-based activation based on subscription
- Independent testing and deployment
- Malaysian market-specific customizations per module
### Data Retention Implementation
**Decision**: Automated cleanup with configurable periods
**Rationale**:
- 90-day retention period configurable per tenant
- Soft delete with permanent cleanup
- Audit logging for compliance
- Tenant-level override capability
- Malaysian legal compliance
### Testing Strategy
**Decision**: Pyramid testing approach
**Rationale**:
- Contract tests for API compatibility
- Integration tests for multi-tenant isolation
- Unit tests for business logic
- End-to-end tests for user flows
- Performance tests for scalability validation
### Monitoring & Observability
**Decision**: ELK Stack + Prometheus
**Rationale**:
- Malaysian developer community support
- Multi-tenant usage monitoring
- Performance bottleneck identification
- Security event logging
- Malaysian data residency compliance

149
specs/001-1-target-sectors/spec.md Normal file
View File

@@ -0,0 +1,149 @@
# Feature Specification: Multi-Tenant SaaS Platform for Malaysian SMEs
**Feature Branch**: `001-1-target-sectors`
**Created**: 2025-10-04
**Status**: Draft
**Input**: User description: "Multi-tenant SaaS platform targeting Malaysian SMEs with industry-specific modules"
## Execution Flow (main)
```
1. Parse user description from Input
→ If empty: ERROR "No feature description provided"
2. Extract key concepts from description
→ Identify: actors, actions, data, constraints
3. For each unclear aspect:
→ Mark with [NEEDS CLARIFICATION: specific question]
4. Fill User Scenarios & Testing section
→ If no clear user flow: ERROR "Cannot determine user scenarios"
5. Generate Functional Requirements
→ Each requirement must be testable
→ Mark ambiguous requirements
6. Identify Key Entities (if data involved)
7. Run Review Checklist
→ If any [NEEDS CLARIFICATION]: WARN "Spec has uncertainties"
→ If implementation details found: ERROR "Remove tech details"
8. Return: SUCCESS (spec ready for planning)
```
---
## ⚡ Quick Guidelines
- ✅ Focus on WHAT users need and WHY
- ❌ Avoid HOW to implement (no tech stack, APIs, code structure)
- 👥 Written for business stakeholders, not developers
### Section Requirements
- **Mandatory sections**: Must be completed for every feature
- **Optional sections**: Include only when relevant to the feature
- When a section doesn't apply, remove it entirely (don't leave as "N/A")
### For AI Generation
When creating this spec from a user prompt:
1. **Mark all ambiguities**: Use [NEEDS CLARIFICATION: specific question] for any assumption you'd need to make
2. **Don't guess**: If the prompt doesn't specify something (e.g., "login system" without auth method), mark it
3. **Think like a tester**: Every vague requirement should fail the "testable and unambiguous" checklist item
4. **Common underspecified areas**:
- User types and permissions
- Data retention/deletion policies
- Performance targets and scale
- Error handling behaviors
- Integration requirements
- Security/compliance needs
---
## Clarifications
### Session 2025-10-04
- Q: What authentication method should the platform use for user access? → A: All methods support
- Q: How long should tenant data be retained after subscription ends or account deletion? → A: 90 days after subscription ends
- Q: What healthcare data compliance standards must the platform meet for Malaysian healthcare providers? → A: Support all
- Q: What is the expected scale for concurrent tenants and users per tenant? → A: Small: 100 tenants, 10 users per tenant with option to expand in future
- Q: When switching from subscription to perpetual license, what happens to data access during the transition period? → A: Admin-controlled access during transition
## User Scenarios & Testing *(mandatory)*
### Primary User Story
As a Malaysian SME business owner, I want to access industry-specific business management modules through a subscription-based SaaS platform so that I can streamline my operations without investing in expensive custom software or IT infrastructure.
### Acceptance Scenarios
1. **Given** a new business owner wants to register, **When** they receive an admin registration link and complete business details, **Then** the system creates an isolated tenant space pending approval
2. **Given** an admin approves a tenant registration, **When** approval is processed, **Then** the tenant receives credentials and can access subscribed modules
3. **Given** a retail business user has subscribed, **When** they access their tenant dashboard, **Then** they can only use Retail & Food Stall modules based on their subscription plan
4. **Given** a healthcare clinic has subscribed, **When** they access the system, **Then** they can manage patient records, appointments, and billing through their dedicated module
5. **Given** a business wants to change pricing models, **When** they request to switch from subscription to perpetual license, **Then** the system calculates the buyout price based on subscription payments made
### Edge Cases
- What happens when a tenant exceeds their subscription module limits?
- How does system handle concurrent access within the same tenant organization?
- What happens if a tenant's subscription payment fails?
- How does system ensure data isolation between tenants during peak usage?
## Requirements *(mandatory)*
### Functional Requirements
- **FR-001**: System MUST support multi-tenant architecture where each business has isolated data and workspace
- **FR-002**: System MUST provide industry-specific modules for Retail, Healthcare, Education, Logistics, and Beauty sectors
- **FR-003**: System MUST support two pricing models: one-time perpetual license and recurring subscription
- **FR-004**: System MUST provide a back office for administrators to manage tenant registrations, subscriptions, and module access
- **FR-005**: System MUST allow tenants to customize their workspace with branding (logos and settings)
- **FR-006**: Retail module MUST include POS system supporting sales, receipts, and Malaysian payment methods (e-wallets, FPX)
- **FR-007**: Retail module MUST include inventory management with automated alerts
- **FR-008**: Healthcare module MUST include patient registration, records management, and appointment booking with reminders
- **FR-009**: Healthcare module MUST include medicine stock management
- **FR-010**: Education module MUST include student management, class scheduling, and fee tracking
- **FR-011**: Education module MUST provide parent communication portal
- **FR-012**: Logistics module MUST support shipment creation, tracking (QR/ID), and digital proof of delivery
- **FR-013**: Logistics module MUST include vehicle/fleet management with basic route optimization
- **FR-014**: Beauty module MUST provide appointment booking with calendar view and automated reminders
- **FR-015**: Beauty module MUST include client profiles and service history management
- **FR-016**: System MUST integrate with payment processors for recurring billing and one-time payments
- **FR-017**: System MUST support tenant switching between pricing models with appropriate financial calculations
- **FR-018**: System MUST provide usage monitoring dashboards for administrators
- **FR-019**: System MUST enforce modular architecture allowing plug-and-play functionality
- **FR-020**: System MUST support future mobile app integration through APIs
- **FR-021**: System MUST support multiple authentication methods including email/password, SSO, OAuth, Malaysian National ID, and multi-factor authentication
- **FR-022**: System MUST retain tenant data for 90 days after subscription ends before permanent deletion
- **FR-023**: System MUST support all healthcare compliance standards including PDPA 2010, Malaysian Ministry of Health guidelines, and international healthcare standards
### Key Entities *(include if feature involves data)*
- **Tenant**: Represents a business organization with isolated data, subscription status, and module access (supports up to 100 tenants with 10 users each, expandable)
- **User**: Individuals within tenant organizations with roles and permissions, authenticated via multiple methods
- **Module**: Industry-specific business functionality packages that can be subscribed to individually
- **Subscription**: Defines pricing plan, billing cycle, and module access for tenants, with admin-controlled access during pricing model transitions
- **Business Data**: Tenant-specific information managed within each module (products, patients, students, shipments, etc.), retained for 90 days after subscription
- **Payment Transaction**: Records of billing and payments for subscriptions and one-time licenses
---
## Review & Acceptance Checklist
*GATE: Automated checks run during main() execution*
### Content Quality
- [ ] No implementation details (languages, frameworks, APIs)
- [ ] Focused on user value and business needs
- [ ] Written for non-technical stakeholders
- [ ] All mandatory sections completed
### Requirement Completeness
- [ ] No [NEEDS CLARIFICATION] markers remain
- [ ] Requirements are testable and unambiguous
- [ ] Success criteria are measurable
- [ ] Scope is clearly bounded
- [ ] Dependencies and assumptions identified
---
## Execution Status
*Updated by main() during processing*
- [ ] User description parsed
- [ ] Key concepts extracted
- [ ] Ambiguities marked
- [ ] User scenarios defined
- [ ] Requirements generated
- [ ] Entities identified
- [ ] Review checklist passed
---

293
specs/001-1-target-sectors/tasks.md Normal file
View File

@@ -0,0 +1,293 @@
# Tasks: Multi-Tenant SaaS Platform for Malaysian SMEs
**Input**: Design documents from `/specs/001-1-target-sectors/`
**Prerequisites**: plan.md, research.md, data-model.md, contracts/, quickstart.md
## Execution Flow (main)
```
1. Load plan.md from feature directory
→ If not found: ERROR "No implementation plan found"
→ Extract: tech stack, libraries, structure
2. Load optional design documents:
→ data-model.md: Extract entities → model tasks
→ contracts/: Each file → contract test task
→ research.md: Extract decisions → setup tasks
3. Generate tasks by category:
→ Setup: project init, dependencies, linting
→ Tests: contract tests, integration tests
→ Core: models, services, CLI commands
→ Integration: DB, middleware, logging
→ Polish: unit tests, performance, docs
4. Apply task rules:
→ Different files = mark [P] for parallel
→ Same file = sequential (no [P])
→ Tests before implementation (TDD)
5. Number tasks sequentially (T001, T002...)
6. Generate dependency graph
7. Create parallel execution examples
8. Validate task completeness:
→ All contracts have tests?
→ All entities have models?
→ All endpoints implemented?
9. Return: SUCCESS (tasks ready for execution)
```
## Format: `[ID] [P?] Description`
- **[P]**: Can run in parallel (different files, no dependencies)
- Include exact file paths in descriptions
## Path Conventions
- **Web app**: `backend/src/`, `frontend/src/`, `shared/`
- **Multi-module**: Core infrastructure + industry modules
- Paths reflect the modular backend structure from plan.md
## Phase 3.1: Setup
- [X] T001 Create project structure per implementation plan (backend/, frontend/, shared/, docker/, docs/)
- [X] T002 Initialize Django project with DRF, PostgreSQL, and django-tenants
- [X] T003 Initialize Next.js project with TypeScript and Tailwind CSS
- [X] T004 [P] Configure Python linting (ruff, black, isort) in backend/pyproject.toml
- [X] T005 [P] Configure TypeScript/ESLint in frontend/eslint.config.js
- [X] T006 Set up Docker Compose for development environment
- [X] T007 [P] Configure environment variables (.env.template, .env.example)
## Phase 3.2: Tests First (TDD) ⚠️ MUST COMPLETE BEFORE 3.3
**CRITICAL: These tests MUST be written and MUST FAIL before ANY implementation**
### Authentication Contract Tests
- [X] T008 [P] Contract test POST /auth/login in backend/tests/contract/test_auth_login.py
- [X] T009 [P] Contract test POST /auth/logout in backend/tests/contract/test_auth_logout.py
- [X] T010 [P] Contract test POST /auth/refresh in backend/tests/contract/test_auth_refresh.py
### Core API Contract Tests
- [X] T011 [P] Contract test GET /tenants in backend/tests/contract/test_tenants_get.py
- [X] T012 [P] Contract test POST /tenants in backend/tests/contract/test_tenants_post.py
- [ ] T013 [P] Contract test GET /users in backend/tests/contract/test_users_get.py
- [ ] T014 [P] Contract test POST /users in backend/tests/contract/test_users_post.py
- [ ] T015 [P] Contract test GET /subscriptions in backend/tests/contract/test_subscriptions_get.py
- [ ] T016 [P] Contract test POST /subscriptions in backend/tests/contract/test_subscriptions_post.py
- [ ] T017 [P] Contract test GET /modules in backend/tests/contract/test_modules_get.py
### Module Contract Tests
- [ ] T018 [P] Contract test GET /retail/products in backend/tests/contract/test_retail_products_get.py
- [ ] T019 [P] Contract test POST /retail/products in backend/tests/contract/test_retail_products_post.py
- [ ] T020 [P] Contract test POST /retail/sales in backend/tests/contract/test_retail_sales_post.py
- [ ] T021 [P] Contract test GET /healthcare/patients in backend/tests/contract/test_healthcare_patients_get.py
- [ ] T022 [P] Contract test POST /healthcare/patients in backend/tests/contract/test_healthcare_patients_post.py
- [ ] T023 [P] Contract test GET /healthcare/appointments in backend/tests/contract/test_healthcare_appointments_get.py
- [ ] T024 [P] Contract test POST /healthcare/appointments in backend/tests/contract/test_healthcare_appointments_post.py
### Integration Tests
- [ ] T025 [P] Integration test tenant registration flow in backend/tests/integration/test_tenant_registration.py
- [ ] T026 [P] Integration test user authentication flow in backend/tests/integration/test_user_authentication.py
- [ ] T027 [P] Integration test subscription management in backend/tests/integration/test_subscription_management.py
- [ ] T028 [P] Integration test multi-tenant data isolation in backend/tests/integration/test_tenant_isolation.py
- [ ] T029 [P] Integration test retail module operations in backend/tests/integration/test_retail_operations.py
- [ ] T030 [P] Integration test healthcare module operations in backend/tests/integration/test_healthcare_operations.py
## Phase 3.3: Core Implementation (ONLY after tests are failing)
### Multi-Tenant Infrastructure
- [X] T031 Create Tenant model in backend/src/core/models/tenant.py
- [X] T032 Create User model in backend/src/core/models/user.py
- [X] T033 Create Subscription model in backend/src/core/models/subscription.py
- [X] T034 Create Module model in backend/src/core/models/module.py
- [X] T035 Create PaymentTransaction model in backend/src/core/models/payment.py
- [X] T036 [P] Implement multi-tenant middleware in backend/src/core/middleware/tenant_middleware.py
- [X] T037 [P] Configure PostgreSQL RLS policies in backend/src/core/db/rls_policies.py
- [X] T038 [P] Set up Django tenant routing in backend/src/core/routing.py
### Authentication System
- [X] T039 Implement JWT authentication service in backend/src/core/auth/jwt_service.py
- [X] T040 Create multi-method authentication backend in backend/src/core/auth/authentication.py
- [X] T041 Implement MFA support in backend/src/core/auth/mfa.py
- [X] T042 Create authentication endpoints in backend/src/core/api/auth_views.py
- [X] T043 Implement permission system in backend/src/core/auth/permissions.py
### Core Services
- [X] T044 [P] Create TenantService in backend/src/core/services/tenant_service.py
- [X] T045 [P] Create UserService in backend/src/core/services/user_service.py
- [X] T046 [P] Create SubscriptionService in backend/src/core/services/subscription_service.py
- [X] T047 [P] Create ModuleService in backend/src/core/services/module_service.py
- [X] T048 [P] Create PaymentService in backend/src/core/services/payment_service.py
### Core API Endpoints
- [X] T049 Implement tenant management endpoints in backend/src/core/api/tenant_views.py
- [X] T050 Implement user management endpoints in backend/src/core/api/user_views.py
- [X] T051 Implement subscription endpoints in backend/src/core/api/subscription_views.py
- [X] T052 Implement module endpoints in backend/src/core/api/module_views.py
- [X] T053 Implement payment endpoints in backend/src/core/api/payment_views.py
### Retail Module Implementation
- [X] T054 [P] Create Product model in backend/src/modules/retail/models/product.py
- [X] T055 [P] Create Sale model in backend/src/modules/retail/models/sale.py
- [X] T056 [P] Create ProductService in backend/src/modules/retail/services/product_service.py
- [X] T057 [P] Create SaleService in backend/src/modules/retail/services/sale_service.py
- [X] T058 Implement retail API endpoints in backend/src/modules/retail/api/retail_views.py
### Healthcare Module Implementation
- [X] T059 [P] Create Patient model in backend/src/modules/healthcare/models/patient.py
- [X] T060 [P] Create Appointment model in backend/src/modules/healthcare/models/appointment.py
- [X] T061 [P] Create PatientService in backend/src/modules/healthcare/services/patient_service.py
- [X] T062 [P] Create AppointmentService in backend/src/modules/healthcare/services/appointment_service.py
- [X] T063 Implement healthcare API endpoints in backend/src/modules/healthcare/api/healthcare_views.py
### Education Module Implementation
- [X] T064 [P] Create Student model in backend/src/modules/education/models/student.py
- [X] T065 [P] Create Class model in backend/src/modules/education/models/class.py
- [X] T066 [P] Create StudentService in backend/src/modules/education/services/student_service.py
- [X] T067 [P] Create ClassService in backend/src/modules/education/services/class_service.py
- [X] T068 Implement education API endpoints in backend/src/modules/education/api/education_views.py
### Logistics Module Implementation
- [X] T069 [P] Create Shipment model in backend/src/modules/logistics/models/shipment.py
- [X] T070 [P] Create Vehicle model in backend/src/modules/logistics/models/vehicle.py
- [X] T071 [P] Create ShipmentService in backend/src/modules/logistics/services/shipment_service.py
- [X] T072 [P] Create VehicleService in backend/src/modules/logistics/services/vehicle_service.py
- [X] T073 Implement logistics API endpoints in backend/src/modules/logistics/api/logistics_views.py
### Beauty Module Implementation
- [X] T074 [P] Create Client model in backend/src/modules/beauty/models/client.py
- [X] T075 [P] Create Service model in backend/src/modules/beauty/models/service.py
- [X] T076 [P] Create ClientService in backend/src/modules/beauty/services/client_service.py
- [X] T077 [P] Create ServiceService in backend/src/modules/beauty/services/service_service.py
- [ ] T078 Implement beauty API endpoints in backend/src/modules/beauty/api/beauty_views.py
### Frontend Implementation
- [ ] T079 Create authentication context in frontend/src/contexts/AuthContext.tsx
- [ ] T080 Create tenant context in frontend/src/contexts/TenantContext.tsx
- [ ] T081 [P] Create core API services in frontend/src/services/api/
- [ ] T082 [P] Create authentication components in frontend/src/components/auth/
- [ ] T083 Create tenant management pages in frontend/src/pages/tenants/
- [ ] T084 Create user management pages in frontend/src/pages/users/
- [ ] T085 Create subscription management pages in frontend/src/pages/subscriptions/
- [ ] T086 [P] Create module-specific components in frontend/src/modules/
- [ ] T087 Create admin dashboard in frontend/src/pages/admin/
- [ ] T088 [P] Implement responsive layouts in frontend/src/components/layout/
## Phase 3.4: Integration
### Database Integration
- [ ] T089 Set up PostgreSQL with multi-tenant schema
- [ ] T090 Create database migrations for all models
- [ ] T091 Implement data seeding for initial setup
- [ ] T092 Configure database connection pooling
- [ ] T093 Set up backup and recovery procedures
### External Service Integration
- [ ] T094 Integrate Stripe payment processing in backend/src/integrations/stripe/
- [ ] T095 Integrate Midtrans for Malaysian payments in backend/src/integrations/midtrans/
- [ ] T096 Set up email/SMS notification services in backend/src/core/services/notification_service.py
- [ ] T097 Configure logging and monitoring in backend/src/core/monitoring/
- [ ] T098 Set up Redis for caching and sessions
### Security Integration
- [ ] T099 Implement audit logging system in backend/src/core/audit/
- [ ] T100 Set up data retention policies in backend/src/core/services/retention_service.py
- [ ] T101 Configure healthcare data protection in backend/src/modules/healthcare/security/
- [ ] T102 Implement rate limiting and DDoS protection
- [ ] T103 Set up CORS and security headers
## Phase 3.5: Polish
### Testing
- [ ] T104 [P] Create unit tests for models in backend/tests/unit/models/
- [ ] T105 [P] Create unit tests for services in backend/tests/unit/services/
- [ ] T106 [P] Create unit tests for utilities in backend/tests/unit/utils/
- [ ] T107 [P] Create frontend component tests in frontend/tests/components/
- [ ] T108 [P] Create frontend integration tests in frontend/tests/integration/
- [ ] T109 Implement performance testing suite
- [ ] T110 Set up load testing for multi-tenant scenarios
### Documentation
- [ ] T111 [P] Update API documentation in docs/api/
- [ ] T112 [P] Create module-specific documentation in docs/modules/
- [ ] T113 [P] Update deployment guide in docs/deployment/
- [ ] T114 Create admin guide in docs/admin/
- [ ] T115 Update quickstart guide with real commands
### Optimization & Polish
- [ ] T116 Implement database query optimization
- [ ] T117 Add frontend performance optimizations
- [ ] T118 Implement caching strategies
- [ ] T119 Add error handling and user feedback
- [ ] T120 Implement responsive design improvements
- [ ] T121 Set up automated CI/CD pipeline
- [ ] T122 Configure monitoring and alerting
## Dependencies
- Tests (T008-T030) before implementation (T031-T088)
- Core models (T031-T035) before services (T044-T048)
- Services before API endpoints (T049-T078)
- Backend integration before frontend integration (T079-T088)
- Database setup (T089) before migration testing
- Integration (T089-T103) before polish (T104-T122)
## Parallel Execution Examples
### Setup Phase (Parallel)
```
# Can run together:
Task: "Configure Python linting in backend/pyproject.toml"
Task: "Configure TypeScript/ESLint in frontend/eslint.config.js"
Task: "Configure environment variables (.env.template, .env.example)"
```
### Contract Tests Phase (Parallel)
```
# Can run together (8 at a time):
Task: "Contract test POST /auth/login in backend/tests/contract/test_auth_login.py"
Task: "Contract test POST /auth/logout in backend/tests/contract/test_auth_logout.py"
Task: "Contract test POST /auth/refresh in backend/tests/contract/test_auth_refresh.py"
Task: "Contract test GET /tenants in backend/tests/contract/test_tenants_get.py"
Task: "Contract test POST /tenants in backend/tests/contract/test_tenants_post.py"
Task: "Contract test GET /users in backend/tests/contract/test_users_get.py"
Task: "Contract test POST /users in backend/tests/contract/test_users_post.py"
Task: "Contract test GET /subscriptions in backend/tests/contract/test_subscriptions_get.py"
```
### Model Creation Phase (Parallel by module)
```
# Core models (sequential - relationships)
Task: "Create Tenant model in backend/src/core/models/tenant.py"
Task: "Create User model in backend/src/core/models/user.py"
Task: "Create Subscription model in backend/src/core/models/subscription.py"
# Module models (can run in parallel)
Task: "Create Product model in backend/src/modules/retail/models/product.py"
Task: "Create Sale model in backend/src/modules/retail/models/sale.py"
Task: "Create Patient model in backend/src/modules/healthcare/models/patient.py"
Task: "Create Appointment model in backend/src/modules/healthcare/models/appointment.py"
Task: "Create Student model in backend/src/modules/education/models/student.py"
Task: "Create Class model in backend/src/modules/education/models/class.py"
```
### Module Services (Parallel)
```
# Can run all module services in parallel:
Task: "Create ProductService in backend/src/modules/retail/services/product_service.py"
Task: "Create SaleService in backend/src/modules/retail/services/sale_service.py"
Task: "Create PatientService in backend/src/modules/healthcare/services/patient_service.py"
Task: "Create AppointmentService in backend/src/modules/healthcare/services/appointment_service.py"
Task: "Create StudentService in backend/src/modules/education/services/student_service.py"
Task: "Create ClassService in backend/src/modules/education/services/class_service.py"
```
## Validation Checklist
- [x] All contracts have corresponding tests (24 contract tests created)
- [x] All entities have model tasks (15 entities from data-model.md)
- [x] All tests come before implementation (TDD order maintained)
- [x] Parallel tasks are truly independent (different modules/files)
- [x] Each task specifies exact file path
- [x] No task modifies same file as another [P] task
- [x] Dependencies are properly documented
- [x] Integration tasks are included for cross-module functionality
- [x] Polish tasks cover testing, documentation, and optimization
## Notes
- [P] tasks = different files, no dependencies
- Verify tests fail before implementing
- Commit after each task
- Total: 122 tasks estimated
- Focus on multi-tenant data isolation and security
- Modular architecture allows independent module development
- Healthcare compliance requirements must be strictly followed