This commit is contained in:
admin
+40
-9
@@ -12,14 +12,27 @@ You value **Data Integrity**, **Security**, and **Clean Architecture**.
|
||||
|
||||
## 🏗️ Project Overview
|
||||
|
||||
**LCBP3-DMS (Laem Chabang Port Phase 3 - Document Management System)** — Version 1.8.0 (Patch 1.8.1)
|
||||
**LCBP3-DMS (Laem Chabang Port Phase 3 - Document Management System)** — Version 1.8.1 (Patch)
|
||||
|
||||
### 📊 Project Status: UAT Ready (2026-03-11)
|
||||
|
||||
| Area | Status | Notes |
|
||||
|------|--------|-------|
|
||||
| Backend | ✅ Production Ready | 18 Modules, ADR-018 AI Isolation |
|
||||
| Frontend | ✅ 100% Complete | App Router, TanStack Query, Zustand |
|
||||
| Database | ✅ Schema v1.8.0 Stable | MariaDB 11.8, No-migration (ADR-009) |
|
||||
| Documentation | ✅ **10/10 Gaps Closed** | Product Vision → Release Policy |
|
||||
| AI Migration | 🔄 Pre-migration Setup | n8n + Ollama (ADR-017/018) |
|
||||
| Testing | 🔄 UAT In Progress | Per `01-05-acceptance-criteria.md` |
|
||||
| Deployment | 📋 Pending Go-Live | Blue-Green, QNAP Container Station |
|
||||
|
||||
- **Goal:** Manage construction documents (Correspondence, RFA, Contract Drawings, Shop Drawings)
|
||||
with complex multi-level approval workflows.
|
||||
- **Infrastructure:**
|
||||
- **QNAP NAS:** Container Station (Docker), Nginx Proxy Manager, MariaDB, Redis, Elasticsearch, ClamAV
|
||||
- **ASUSTOR NAS:** Ollama (AI Processing), n8n (Workflow Automation), Portainer
|
||||
- **Shared:** Gitea (Git + CI/CD), Prometheus + Loki + Grafana (Monitoring/Logging)
|
||||
- **QNAP NAS:** Container Station — DMS Frontend/Backend, MariaDB, Redis, Elasticsearch, Nginx Proxy Manager, n8n + n8n-db, Tika, Gitea, RocketChat, cAdvisor, exporters
|
||||
- **ASUSTOR NAS:** Portainer — Monitoring Hub (Grafana, Prometheus, Loki, Promtail, uptime-kuma), Gitea Runner (act_runner), Docker Registry, cAdvisor, Cloudflared
|
||||
- **Admin Desktop:** Ollama (AI Processing) — i9-9900K, 32GB RAM, RTX 2060 SUPER 8GB
|
||||
- **Shared Network:** Internal VLAN — QNAP scrapes by ASUSTOR Prometheus
|
||||
|
||||
## 💻 Tech Stack & Constraints
|
||||
|
||||
@@ -28,7 +41,7 @@ You value **Data Integrity**, **Security**, and **Clean Architecture**.
|
||||
- **Frontend:** Next.js 14+ (App Router), Tailwind CSS, Shadcn/UI,
|
||||
TanStack Query (**Server State**), Zustand (**Client State**), React Hook Form + Zod (**Form State**), Axios
|
||||
- **Notifications:** BullMQ Queue → Email / LINE Notify / In-App
|
||||
- **AI/Migration:** Ollama (llama3.2:3b / mistral:7b) on ASUSTOR + n8n orchestration
|
||||
- **AI/Migration:** Ollama (llama3.2:3b / mistral:7b) on Admin Desktop (RTX 2060 SUPER) + n8n on QNAP
|
||||
- **Language:** TypeScript (Strict Mode). **NO `any` types allowed.**
|
||||
|
||||
## 🛡️ Security & Integrity Rules
|
||||
@@ -39,16 +52,30 @@ You value **Data Integrity**, **Security**, and **Clean Architecture**.
|
||||
4. **Validation:** Use Zod (frontend) or Class-validator (backend DTO) for all inputs.
|
||||
5. **Password:** bcrypt with 12 salt rounds. Enforce password policy.
|
||||
6. **Rate Limiting:** Apply ThrottlerGuard on auth endpoints.
|
||||
7. **AI Isolation (ADR-018):** Ollama MUST run on ASUSTOR only. AI has NO direct DB access, NO write access to uploads. Output JSON only.
|
||||
7. **AI Isolation (ADR-018):** Ollama MUST run on Admin Desktop only (NOT on QNAP/production server). AI has NO direct DB access, NO write access to uploads. Output JSON only.
|
||||
|
||||
## 📋 Workflow & Spec Guidelines
|
||||
|
||||
- Always follow specs in `specs/` (v1.8.0). Priority: `06-Decision-Records` > `05-Engineering-Guidelines` > others.
|
||||
- Always follow specs in `specs/` (v1.8.1). Priority: `06-Decision-Records` > `05-Engineering-Guidelines` > others.
|
||||
- Always verify database schema against **`specs/03-Data-and-Storage/lcbp3-v1.8.0-schema-02-tables.sql`** before writing queries. (Schema split: `01-drop`, `02-tables`, `03-views-indexes`)
|
||||
- Check data dictionary at **`specs/03-Data-and-Storage/03-01-data-dictionary.md`** for field meanings and business rules.
|
||||
- Check seed data: **`lcbp3-v1.8.0-seed-basic.sql`** (reference data), **`lcbp3-v1.8.0-seed-permissions.sql`** (CASL permissions).
|
||||
- For migration context: **`specs/03-Data-and-Storage/03-04-legacy-data-migration.md`** and **`03-05-n8n-migration-setup-guide.md`**.
|
||||
|
||||
### 📁 Key Spec Documents (Quick Reference)
|
||||
|
||||
| เอกสาร | Path | ใช้เมื่อ |
|
||||
|--------|------|--------|
|
||||
| **Schema Tables** | `03-Data-and-Storage/lcbp3-v1.8.0-schema-02-tables.sql` | ก่อนเขียน Query ทุกครั้ง |
|
||||
| **Data Dictionary** | `03-Data-and-Storage/03-01-data-dictionary.md` | ตรวจ Field Meaning + Business Rules |
|
||||
| **Seed Permissions** | `03-Data-and-Storage/lcbp3-v1.8.0-seed-permissions.sql` | ตรวจ CASL Permission Matrix |
|
||||
| **Edge Cases** | `01-Requirements/01-06-edge-cases-and-rules.md` | 37 Rules ป้องกัน Bug |
|
||||
| **Migration Scope** | `03-Data-and-Storage/03-06-migration-business-scope.md` | งาน Migration Bot |
|
||||
| **Release Policy** | `04-Infrastructure-OPS/04-08-release-management-policy.md` | ก่อน Deploy / Hotfix |
|
||||
| **UAT Criteria** | `01-Requirements/01-05-acceptance-criteria.md` | ตรวจความสมบูรณ์ Feature |
|
||||
| **ADR-009** | `06-Decision-Records/ADR-009-db-strategy.md` | Schema Change Process |
|
||||
| **ADR-018** | `06-Decision-Records/ADR-018-ai-boundary.md` | AI/Ollama Integration Rules |
|
||||
|
||||
### ADR Reference (All 17 + Patch)
|
||||
|
||||
Adhere to all ADRs in `specs/06-Decision-Records/`:
|
||||
@@ -97,9 +124,13 @@ Use `/slash-command` to trigger these workflows. Always prefer spec-driven devel
|
||||
|
||||
- DO NOT use SQL Triggers (Business logic must be in NestJS services).
|
||||
- DO NOT use `.env` files for production deployment — QNAP Container Station requires secrets directly in `docker-compose.yml` environment section.
|
||||
- DO NOT run database migrations — modify the schema SQL file directly.
|
||||
- DO NOT run database migrations — modify the schema SQL file directly (ADR-009).
|
||||
- DO NOT invent table names or columns — use ONLY what is defined in the schema SQL file.
|
||||
- DO NOT generate code that violates OWASP Top 10 security practices.
|
||||
- DO NOT use `any` TypeScript type anywhere.
|
||||
- DO NOT let AI (Ollama) access production database directly — all writes go through DMS API.
|
||||
- DO NOT let AI (Ollama) access production database directly — all writes go through DMS API (ADR-018).
|
||||
- DO NOT bypass StorageService for file operations — all file moves must go through the API.
|
||||
- DO NOT deploy to Production without completing Release Gates — see `04-08-release-management-policy.md`.
|
||||
- DO NOT start Legacy Migration without Go/No-Go Gate #1 approval — see `03-06-migration-business-scope.md`.
|
||||
- DO NOT modify Migration Bot Token scope — IP Whitelist + 7-day Expiry + REVOKE after migration.
|
||||
- DO NOT close UAT sign-off without all Acceptance Criteria ✅ — see `01-05-acceptance-criteria.md`.
|
||||
|
||||
Reference in New Issue
Block a user