Initial commit: Brachnha Insight project setup

- Next.js 14+ with App Router and TypeScript - Tailwind CSS and ShadCN UI styling - Zustand state management - Dexie.js for IndexedDB (local-first data) - Auth.js v5 for authentication - BMAD framework integration Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-26 12:28:43 +07:00
commit 3fbbb1a93b
812 changed files with 150531 additions and 0 deletions
--- a/_bmad-output/planning-artifacts/implementation-readiness-report-2026-01-23.md
+++ b/_bmad-output/planning-artifacts/implementation-readiness-report-2026-01-23.md
@@ -0,0 +1,196 @@
+# Implementation Readiness Assessment Report
+
+**Date:** 2026-01-23
+**Project:** Test01
+
+## 1. Document Inventory
+
+**Status:** ✅ Complete
+**Verified Documents:**
+
+- **PRD:** `prd.md`
+- **Architecture:** `architecture.md`
+- **Epics:** `epics.md`
+- **UX Design:** `ux-design-specification.md`
+
+All required documents are present and accounted for.
+
+## 2. PRD Analysis
+
+### Functional Requirements
+
+**Dual-Agent Pipeline**
+- **FR-01:** System can detect "Venting" vs. "Insight" intent from initial user input.
+- **FR-02:** "Teacher Agent" can generate probing questions to elicit specific missing details based on the user's initial input.
+- **FR-03:** "Ghostwriter Agent" can transform the structured interview data into a grammatically correct and structured "Enlightenment" artifact.
+- **FR-04:** Users can "Regenerate" the outcome with specific critique.
+- **FR-05:** System provides a "Fast Track" option to bypass the interview and go straight to generation.
+
+**Content Management**
+- **FR-06:** Users can view a chronological feed of past "Enlightenments" (history).
+- **FR-07:** Users can "One-Click Copy" the formatted text to clipboard.
+- **FR-08:** Users can delete past entries.
+- **FR-09:** Users can edit the generated draft manually before exporting.
+
+**PWA & Offline Capabilities**
+- **FR-10:** Users can access the app and view history while offline.
+- **FR-11:** Users can complete a full "Venting Session" offline; system queues generation for reconnection.
+- **FR-12:** System actively prompts users to "Add to Home Screen" (A2HS).
+
+**Data & Privacy**
+- **FR-13:** System stores all chat history locally (persistent client-side storage) by default.
+- **FR-14:** Users can export their entire history as a JSON/Markdown file.
+
+**AI Configuration & Settings (BYOD)**
+- **FR-15:** Users can configure a custom OpenAI-compatible Base URL.
+- **FR-16:** Users can securely save API Credentials (stored in local storage, never transmitted to backend).
+- **FR-17:** Users can specify the Model Name.
+- **FR-18:** System validates the connection to the custom provider upon saving.
+- **FR-19:** Users can switch between configured providers globally.
+
+**Total FRs:** 19
+
+### Non-Functional Requirements
+
+**Performance & Responsiveness**
+- **NFR-01 (Chat Latency):** "Teacher" agent must generate first follow-up question within **< 3 seconds**.
+- **NFR-02 (App Load Time):** App must be interactive in **< 1.5 seconds** on 4G networks.
+
+**Privacy & Security**
+- **NFR-03 (Data Sovereignty):** User chat logs AND API Keys are stored **100% Client-Side**.
+- **NFR-04 (Inference Privacy):** Data sent to LLM API must be stateless.
+- **NFR-08 (Secure Key Storage):** API Keys must be encrypted at rest or stored in secure local storage capabilities.
+
+**Reliability & Offline**
+- **NFR-05 (Offline Behavior):** App shell and local history accessible in Aeroplane Mode.
+- **NFR-06 (Data Persistence):** Drafts auto-saved locally every **2 seconds**.
+
+**Accessibility**
+- **NFR-07 (Visual Accessibility):** Dark Mode is default. Contrast ratios must meet **WCAG AA** standards.
+
+**Total NFRs:** 8
+
+### Additional Requirements & Constraints
+
+- **Compliance:** Data Privacy for Adult Learners, Content Moderation.
+- **Tone Safety:** Professional tone.
+- **Hallucination Prevention:** Strict prompt engineering.
+- **Accessibility:** WCAG 2.1 AA.
+- **PWA Constraints:** Offline mode, Service Workers.
+- **Responsive Design:** Mobile-first, desktop center container.
+- **SEO:** Public marketing page SEO.
+
+### PRD Completeness Assessment
+
+The PRD is very detailed and structured. Requirements are explicitly numbered.
+**Assessment:** ✅ High Completeness.
+
+## 3. Epic Coverage Validation
+
+### Coverage Matrix
+
+| FR Number | PRD Requirement      | Epic Coverage | Status    |
+| :-------- | :------------------- | :------------ | :-------- |
+| FR-01     | Intent Detection     | Epic 1        | ✅ Covered |
+| FR-02     | Teacher Agent Logic  | Epic 1        | ✅ Covered |
+| FR-03     | Ghostwriter Logic    | Epic 2        | ✅ Covered |
+| FR-04     | Regeneration         | Epic 2        | ✅ Covered |
+| FR-05     | Fast Track           | Epic 1        | ✅ Covered |
+| FR-06     | History Feed         | Epic 3        | ✅ Covered |
+| FR-07     | Copy to Clipboard    | Epic 2        | ✅ Covered |
+| FR-08     | Delete Entries       | Epic 3        | ✅ Covered |
+| FR-09     | Manual Edit          | Epic 2        | ✅ Covered |
+| FR-10     | Offline Access       | Epic 3        | ✅ Covered |
+| FR-11     | Offline Sync         | Epic 3        | ✅ Covered |
+| FR-12     | PWA Install          | Epic 3        | ✅ Covered |
+| FR-13     | Local Storage        | Epic 1        | ✅ Covered |
+| FR-14     | Data Export          | Epic 3        | ✅ Covered |
+| FR-15     | Custom API URL       | **NOT FOUND** | ❌ MISSING |
+| FR-16     | Save API Credentials | **NOT FOUND** | ❌ MISSING |
+| FR-17     | Specify Model Name   | **NOT FOUND** | ❌ MISSING |
+| FR-18     | Validate Connection  | **NOT FOUND** | ❌ MISSING |
+| FR-19     | Switch Providers     | **NOT FOUND** | ❌ MISSING |
+
+### Missing Requirements
+
+5 Functional Requirements are missing from the Epics document. These relate to the recently added "Bring Your Own AI" (BYOD) capabilities in the PRD (added 2026-01-23).
+
+#### Critical Missing FRs
+- **FR-15:** Users can configure a custom OpenAI-compatible Base URL.
+- **FR-16:** Users can securely save API Credentials (stored in local storage, never transmitted to backend).
+- **FR-17:** Users can specify the Model Name (e.g., `gpt-4o`, `deepseek-chat`).
+- **FR-18:** System validates the connection to the custom provider upon saving.
+- **FR-19:** Users can switch between configured providers globally.
+
+**Impact:** The core "Technical Differentiator" of BYOD Architecture is largely unimplemented in the Epics. This is a critical gap for the MVP if BYOD is a Phase 1 requirement.
+
+**Recommendation:** Create a new **Epic 4: "Power User Settings"** or add stories to Epic 3 to handle AI Configuration, Secure Storage of Keys, and Provider switching.
+
+### Coverage Statistics
+- Total PRD FRs: 19
+- FRs covered in epics: 14
+- Coverage percentage: 73.6%
+
+## 4. UX Alignment Assessment
+
+### UX Document Status
+✅ **Found** (`ux-design-specification.md`)
+
+### Alignment Issues
+
+#### ⚠️ Critical Architecture Conflict (BYOD vs. Proxy)
+- **PRD Alignment:** The PRD (updated 2026-01-23) specifically requires a **"Bring Your Own AI" (BYOD)** model where "Users provide their own API keys... No middle-man server" (FR-15, FR-16, NFR-03).
+- **Architecture Conflict:** The `architecture.md` (dated 2026-01-21) specifies a "Vercel Edge Functions as API Proxy" pattern to "Hide LLM API keys from the client" (SaaS model).
+- **Impact:** The approved architecture effectively blocks the implementation of the BYOD requirement. A middle-man proxy contradicts NFR-03 ("No user content or keys are sent to any middle-man server").
+
+#### ⚠️ Missing UX Flows (BYOD)
+- **Gap:** The UX Specification does not contain screens or flows for the "Settings" or "API Configuration" screens required by FR-15 to FR-19.
+- **Impact:** Developers will have no design guidance for this complex configuration flow.
+
+### Warnings
+- **Architecture is outdated:** It reflects the project state before the "BYOD" requirement.
+- **UX is outdated:** It lacks the Power User configuration journeys.
+
+## 5. Epic Quality Review
+
+### Structure & Sizing
+- **Structure:** Epics are user-focused and value-driven.
+- **Sizing:** Stories are adequately sized for individual completion.
+- **Dependencies:** Logical progression from Core (Epic 1) -> Feature (Epic 2) -> Reliability (Epic 3).
+
+### Violations & Concerns
+
+#### 🔴 Critical Violations
+1.  **Story 1.3 Implementation Conflict:** Story 1.3 AC states "Then it goes through a Vercel Edge Function proxy... API keys are not exposed to the client." This explicitly implements the **SaaS Proxy pattern**, which directly contradicts the **BYOD requirement** (FR-15) and NFR-03. Implementing this story as written will result in a defective product that fails 5 Functional Requirements.
+2.  **Missing Configuration Stories:** There are no stories for "Settings", "Configuration", or "API Key Management", leaving the BYOD requirement completely unplanned.
+
+#### 🟠 Major Issues
+1.  **Ambiguous "Sync" (Story 3.3):** The term "Sync" in Story 3.3 ("Offline Sync Queue") is ambiguous. Given NFR-03 ("No user content sent to cloud"), "Sync" likely refers to "Replaying actions to the LLM API" for generation. However, the AC "indicator updates to 'Synced'" implies data synchronization. This needs clarification to avoid developers building a cloud sync engine unnecessarily.
+
+### Recommendations
+1.  **Refactor Epic 1:** Rewrite Story 1.3 to support Client-Side API calls (or stateless proxy with user-provided keys) to align with BYOD.
+2.  **Create Epic 4:** Define "Settings & Configuration" Epic to handle all BYOD Logic (Input keys, Validate, Save to LocalStorage).
+3.  **Clarify Story 3.3:** Rename to "Offline Action Replay" and clarify the ACs to refer to "Processing Pending Generations" rather than "Syncing".
+
+## 6. Summary and Recommendations
+
+### Overall Readiness Status
+
+🚫 **NEEDS WORK** (Assessment: NOT READY for Implementation)
+
+### Critical Issues Requiring Immediate Action
+
+1.  **Resolve BYOD vs. SaaS Architecture Conflict:** The Architecture and Stories (1.3) are designed for a centralised SaaS app with a hidden API key, but the PRD demands a strict "Bring Your Own AI" / Client-Side privacy model. This is a fundamental blocker.
+2.  **Fill Coverage Gaps:** 5 FRs related to AI Provider Configuration (FR-15 to FR-19) are missing from Epics and UX.
+3.  **Ambiguity in Sync Requirements:** Developers may waste time building unnecessary cloud sync infrastructure if Story 3.3 is not clarified.
+
+### Recommended Next Steps
+
+1.  **Update Architecture:** Modify `architecture.md` to support "Input Key + Client-Side Calls" pattern or "Stateless Gateway". Remove the mandatory "Proxy to hide keys" requirement.
+2.  **Update UX:** Create a "Settings" page mock for API Key entry and Model selection.
+3.  **Create Epic 4:** "Power User Settings" to implement the `Settings -> API Provider` user journey.
+4.  **Refactor Story 1.3:** Remove the "hidden proxy" AC and replace with "uses configured provider".
+
+### Final Note
+
+This assessment identified **3 Critical Conflicts** and **5 Missing Requirements**. The project is **NOT READY** for implementation until the BYOD Architecture conflict is resolved. Developing Epic 1 as effectively specified would create technical debt that would be immediately discarded.