# Tasks: Multi-Tenant SaaS Platform for Malaysian SMEs

**Input**: Design documents from `/specs/001-1-target-sectors/`
**Prerequisites**: plan.md, research.md, data-model.md, contracts/, quickstart.md

## Execution Flow (main)
```
1. Load plan.md from feature directory
   → If not found: ERROR "No implementation plan found"
   → Extract: tech stack, libraries, structure
2. Load optional design documents:
   → data-model.md: Extract entities → model tasks
   → contracts/: Each file → contract test task
   → research.md: Extract decisions → setup tasks
3. Generate tasks by category:
   → Setup: project init, dependencies, linting
   → Tests: contract tests, integration tests
   → Core: models, services, CLI commands
   → Integration: DB, middleware, logging
   → Polish: unit tests, performance, docs
4. Apply task rules:
   → Different files = mark [P] for parallel
   → Same file = sequential (no [P])
   → Tests before implementation (TDD)
5. Number tasks sequentially (T001, T002...)
6. Generate dependency graph
7. Create parallel execution examples
8. Validate task completeness:
   → All contracts have tests?
   → All entities have models?
   → All endpoints implemented?
9. Return: SUCCESS (tasks ready for execution)
```

## Format: `[ID] [P?] Description`
- **[P]**: Can run in parallel (different files, no dependencies)
- Include exact file paths in descriptions

## Path Conventions
- **Web app**: `backend/src/`, `frontend/src/`, `shared/`
- **Multi-module**: Core infrastructure + industry modules
- Paths reflect the modular backend structure from plan.md

## Phase 3.1: Setup
- [X] T001 Create project structure per implementation plan (backend/, frontend/, shared/, docker/, docs/)
- [X] T002 Initialize Django project with DRF, PostgreSQL, and django-tenants
- [X] T003 Initialize Next.js project with TypeScript and Tailwind CSS
- [X] T004 [P] Configure Python linting (ruff, black, isort) in backend/pyproject.toml
- [X] T005 [P] Configure TypeScript/ESLint in frontend/eslint.config.js
- [X] T006 Set up Docker Compose for development environment
- [X] T007 [P] Configure environment variables (.env.template, .env.example)

## Phase 3.2: Tests First (TDD) ⚠️ MUST COMPLETE BEFORE 3.3
**CRITICAL: These tests MUST be written and MUST FAIL before ANY implementation**

### Authentication Contract Tests
- [X] T008 [P] Contract test POST /auth/login in backend/tests/contract/test_auth_login.py
- [X] T009 [P] Contract test POST /auth/logout in backend/tests/contract/test_auth_logout.py
- [X] T010 [P] Contract test POST /auth/refresh in backend/tests/contract/test_auth_refresh.py

### Core API Contract Tests
- [X] T011 [P] Contract test GET /tenants in backend/tests/contract/test_tenants_get.py
- [X] T012 [P] Contract test POST /tenants in backend/tests/contract/test_tenants_post.py
- [ ] T013 [P] Contract test GET /users in backend/tests/contract/test_users_get.py
- [ ] T014 [P] Contract test POST /users in backend/tests/contract/test_users_post.py
- [ ] T015 [P] Contract test GET /subscriptions in backend/tests/contract/test_subscriptions_get.py
- [ ] T016 [P] Contract test POST /subscriptions in backend/tests/contract/test_subscriptions_post.py
- [ ] T017 [P] Contract test GET /modules in backend/tests/contract/test_modules_get.py

### Module Contract Tests
- [ ] T018 [P] Contract test GET /retail/products in backend/tests/contract/test_retail_products_get.py
- [ ] T019 [P] Contract test POST /retail/products in backend/tests/contract/test_retail_products_post.py
- [ ] T020 [P] Contract test POST /retail/sales in backend/tests/contract/test_retail_sales_post.py
- [ ] T021 [P] Contract test GET /healthcare/patients in backend/tests/contract/test_healthcare_patients_get.py
- [ ] T022 [P] Contract test POST /healthcare/patients in backend/tests/contract/test_healthcare_patients_post.py
- [ ] T023 [P] Contract test GET /healthcare/appointments in backend/tests/contract/test_healthcare_appointments_get.py
- [ ] T024 [P] Contract test POST /healthcare/appointments in backend/tests/contract/test_healthcare_appointments_post.py

### Integration Tests
- [ ] T025 [P] Integration test tenant registration flow in backend/tests/integration/test_tenant_registration.py
- [ ] T026 [P] Integration test user authentication flow in backend/tests/integration/test_user_authentication.py
- [ ] T027 [P] Integration test subscription management in backend/tests/integration/test_subscription_management.py
- [ ] T028 [P] Integration test multi-tenant data isolation in backend/tests/integration/test_tenant_isolation.py
- [ ] T029 [P] Integration test retail module operations in backend/tests/integration/test_retail_operations.py
- [ ] T030 [P] Integration test healthcare module operations in backend/tests/integration/test_healthcare_operations.py

## Phase 3.3: Core Implementation (ONLY after tests are failing)

### Multi-Tenant Infrastructure
- [X] T031 Create Tenant model in backend/src/core/models/tenant.py
- [X] T032 Create User model in backend/src/core/models/user.py
- [X] T033 Create Subscription model in backend/src/core/models/subscription.py
- [X] T034 Create Module model in backend/src/core/models/module.py
- [X] T035 Create PaymentTransaction model in backend/src/core/models/payment.py
- [X] T036 [P] Implement multi-tenant middleware in backend/src/core/middleware/tenant_middleware.py
- [X] T037 [P] Configure PostgreSQL RLS policies in backend/src/core/db/rls_policies.py
- [X] T038 [P] Set up Django tenant routing in backend/src/core/routing.py

### Authentication System
- [X] T039 Implement JWT authentication service in backend/src/core/auth/jwt_service.py
- [X] T040 Create multi-method authentication backend in backend/src/core/auth/authentication.py
- [X] T041 Implement MFA support in backend/src/core/auth/mfa.py
- [X] T042 Create authentication endpoints in backend/src/core/api/auth_views.py
- [X] T043 Implement permission system in backend/src/core/auth/permissions.py

### Core Services
- [X] T044 [P] Create TenantService in backend/src/core/services/tenant_service.py
- [X] T045 [P] Create UserService in backend/src/core/services/user_service.py
- [X] T046 [P] Create SubscriptionService in backend/src/core/services/subscription_service.py
- [X] T047 [P] Create ModuleService in backend/src/core/services/module_service.py
- [X] T048 [P] Create PaymentService in backend/src/core/services/payment_service.py

### Core API Endpoints
- [X] T049 Implement tenant management endpoints in backend/src/core/api/tenant_views.py
- [X] T050 Implement user management endpoints in backend/src/core/api/user_views.py
- [X] T051 Implement subscription endpoints in backend/src/core/api/subscription_views.py
- [X] T052 Implement module endpoints in backend/src/core/api/module_views.py
- [X] T053 Implement payment endpoints in backend/src/core/api/payment_views.py

### Retail Module Implementation
- [X] T054 [P] Create Product model in backend/src/modules/retail/models/product.py
- [X] T055 [P] Create Sale model in backend/src/modules/retail/models/sale.py
- [X] T056 [P] Create ProductService in backend/src/modules/retail/services/product_service.py
- [X] T057 [P] Create SaleService in backend/src/modules/retail/services/sale_service.py
- [X] T058 Implement retail API endpoints in backend/src/modules/retail/api/retail_views.py

### Healthcare Module Implementation
- [X] T059 [P] Create Patient model in backend/src/modules/healthcare/models/patient.py
- [X] T060 [P] Create Appointment model in backend/src/modules/healthcare/models/appointment.py
- [X] T061 [P] Create PatientService in backend/src/modules/healthcare/services/patient_service.py
- [X] T062 [P] Create AppointmentService in backend/src/modules/healthcare/services/appointment_service.py
- [X] T063 Implement healthcare API endpoints in backend/src/modules/healthcare/api/healthcare_views.py

### Education Module Implementation
- [X] T064 [P] Create Student model in backend/src/modules/education/models/student.py
- [X] T065 [P] Create Class model in backend/src/modules/education/models/class.py
- [X] T066 [P] Create StudentService in backend/src/modules/education/services/student_service.py
- [X] T067 [P] Create ClassService in backend/src/modules/education/services/class_service.py
- [X] T068 Implement education API endpoints in backend/src/modules/education/api/education_views.py

### Logistics Module Implementation
- [X] T069 [P] Create Shipment model in backend/src/modules/logistics/models/shipment.py
- [X] T070 [P] Create Vehicle model in backend/src/modules/logistics/models/vehicle.py
- [X] T071 [P] Create ShipmentService in backend/src/modules/logistics/services/shipment_service.py
- [X] T072 [P] Create VehicleService in backend/src/modules/logistics/services/vehicle_service.py
- [X] T073 Implement logistics API endpoints in backend/src/modules/logistics/api/logistics_views.py

### Beauty Module Implementation
- [X] T074 [P] Create Client model in backend/src/modules/beauty/models/client.py
- [X] T075 [P] Create Service model in backend/src/modules/beauty/models/service.py
- [X] T076 [P] Create ClientService in backend/src/modules/beauty/services/client_service.py
- [X] T077 [P] Create ServiceService in backend/src/modules/beauty/services/service_service.py
- [ ] T078 Implement beauty API endpoints in backend/src/modules/beauty/api/beauty_views.py

### Frontend Implementation
- [ ] T079 Create authentication context in frontend/src/contexts/AuthContext.tsx
- [ ] T080 Create tenant context in frontend/src/contexts/TenantContext.tsx
- [ ] T081 [P] Create core API services in frontend/src/services/api/
- [ ] T082 [P] Create authentication components in frontend/src/components/auth/
- [ ] T083 Create tenant management pages in frontend/src/pages/tenants/
- [ ] T084 Create user management pages in frontend/src/pages/users/
- [ ] T085 Create subscription management pages in frontend/src/pages/subscriptions/
- [ ] T086 [P] Create module-specific components in frontend/src/modules/
- [ ] T087 Create admin dashboard in frontend/src/pages/admin/
- [ ] T088 [P] Implement responsive layouts in frontend/src/components/layout/

## Phase 3.4: Integration

### Database Integration
- [ ] T089 Set up PostgreSQL with multi-tenant schema
- [ ] T090 Create database migrations for all models
- [ ] T091 Implement data seeding for initial setup
- [ ] T092 Configure database connection pooling
- [ ] T093 Set up backup and recovery procedures

### External Service Integration
- [ ] T094 Integrate Stripe payment processing in backend/src/integrations/stripe/
- [ ] T095 Integrate Midtrans for Malaysian payments in backend/src/integrations/midtrans/
- [ ] T096 Set up email/SMS notification services in backend/src/core/services/notification_service.py
- [ ] T097 Configure logging and monitoring in backend/src/core/monitoring/
- [ ] T098 Set up Redis for caching and sessions

### Security Integration
- [ ] T099 Implement audit logging system in backend/src/core/audit/
- [ ] T100 Set up data retention policies in backend/src/core/services/retention_service.py
- [ ] T101 Configure healthcare data protection in backend/src/modules/healthcare/security/
- [ ] T102 Implement rate limiting and DDoS protection
- [ ] T103 Set up CORS and security headers

## Phase 3.5: Polish

### Testing
- [ ] T104 [P] Create unit tests for models in backend/tests/unit/models/
- [ ] T105 [P] Create unit tests for services in backend/tests/unit/services/
- [ ] T106 [P] Create unit tests for utilities in backend/tests/unit/utils/
- [ ] T107 [P] Create frontend component tests in frontend/tests/components/
- [ ] T108 [P] Create frontend integration tests in frontend/tests/integration/
- [ ] T109 Implement performance testing suite
- [ ] T110 Set up load testing for multi-tenant scenarios

### Documentation
- [ ] T111 [P] Update API documentation in docs/api/
- [ ] T112 [P] Create module-specific documentation in docs/modules/
- [ ] T113 [P] Update deployment guide in docs/deployment/
- [ ] T114 Create admin guide in docs/admin/
- [ ] T115 Update quickstart guide with real commands

### Optimization & Polish
- [ ] T116 Implement database query optimization
- [ ] T117 Add frontend performance optimizations
- [ ] T118 Implement caching strategies
- [ ] T119 Add error handling and user feedback
- [ ] T120 Implement responsive design improvements
- [ ] T121 Set up automated CI/CD pipeline
- [ ] T122 Configure monitoring and alerting

## Dependencies
- Tests (T008-T030) before implementation (T031-T088)
- Core models (T031-T035) before services (T044-T048)
- Services before API endpoints (T049-T078)
- Backend integration before frontend integration (T079-T088)
- Database setup (T089) before migration testing
- Integration (T089-T103) before polish (T104-T122)

## Parallel Execution Examples

### Setup Phase (Parallel)
```
# Can run together:
Task: "Configure Python linting in backend/pyproject.toml"
Task: "Configure TypeScript/ESLint in frontend/eslint.config.js"
Task: "Configure environment variables (.env.template, .env.example)"
```

### Contract Tests Phase (Parallel)
```
# Can run together (8 at a time):
Task: "Contract test POST /auth/login in backend/tests/contract/test_auth_login.py"
Task: "Contract test POST /auth/logout in backend/tests/contract/test_auth_logout.py"
Task: "Contract test POST /auth/refresh in backend/tests/contract/test_auth_refresh.py"
Task: "Contract test GET /tenants in backend/tests/contract/test_tenants_get.py"
Task: "Contract test POST /tenants in backend/tests/contract/test_tenants_post.py"
Task: "Contract test GET /users in backend/tests/contract/test_users_get.py"
Task: "Contract test POST /users in backend/tests/contract/test_users_post.py"
Task: "Contract test GET /subscriptions in backend/tests/contract/test_subscriptions_get.py"
```

### Model Creation Phase (Parallel by module)
```
# Core models (sequential - relationships)
Task: "Create Tenant model in backend/src/core/models/tenant.py"
Task: "Create User model in backend/src/core/models/user.py"
Task: "Create Subscription model in backend/src/core/models/subscription.py"

# Module models (can run in parallel)
Task: "Create Product model in backend/src/modules/retail/models/product.py"
Task: "Create Sale model in backend/src/modules/retail/models/sale.py"
Task: "Create Patient model in backend/src/modules/healthcare/models/patient.py"
Task: "Create Appointment model in backend/src/modules/healthcare/models/appointment.py"
Task: "Create Student model in backend/src/modules/education/models/student.py"
Task: "Create Class model in backend/src/modules/education/models/class.py"
```

### Module Services (Parallel)
```
# Can run all module services in parallel:
Task: "Create ProductService in backend/src/modules/retail/services/product_service.py"
Task: "Create SaleService in backend/src/modules/retail/services/sale_service.py"
Task: "Create PatientService in backend/src/modules/healthcare/services/patient_service.py"
Task: "Create AppointmentService in backend/src/modules/healthcare/services/appointment_service.py"
Task: "Create StudentService in backend/src/modules/education/services/student_service.py"
Task: "Create ClassService in backend/src/modules/education/services/class_service.py"
```

## Validation Checklist
- [x] All contracts have corresponding tests (24 contract tests created)
- [x] All entities have model tasks (15 entities from data-model.md)
- [x] All tests come before implementation (TDD order maintained)
- [x] Parallel tasks are truly independent (different modules/files)
- [x] Each task specifies exact file path
- [x] No task modifies same file as another [P] task
- [x] Dependencies are properly documented
- [x] Integration tasks are included for cross-module functionality
- [x] Polish tasks cover testing, documentation, and optimization

## Notes
- [P] tasks = different files, no dependencies
- Verify tests fail before implementing
- Commit after each task
- Total: 122 tasks estimated
- Focus on multi-tenant data isolation and security
- Modular architecture allows independent module development
- Healthcare compliance requirements must be strictly followed