690404:1139 Modify ADR

2026-04-04 11:39:56 +07:00
parent d775d5ad85
commit c95e0f537e
87 changed files with 7046 additions and 422 deletions
@@ -1,5 +1,5 @@
 ---
-always_on: true
+trigger: always_on
 ---

 # NAP-DMS Project Context
@@ -25,7 +25,7 @@ Every response must be **precise**, **spec-compliant**, and **production-ready**

 - **Project:** NAP-DMS (LCBP3)
 - **Version:** 1.8.5
- **Stack:** NestJS + Next.js + TypeScript + MariaDB
+- **Stack:** NestJS + Next.js + TypeScript + MariaDB + Ollama (AI)
 - **Repo:** https://git.np-dms.work/np-dms/lcbp3

 ## Rule Enforcement Tiers
@@ -39,6 +39,7 @@ Build fails immediately if violated:
 - Database correctness — verify schema before writing queries
 - File upload security (ClamAV + whitelist)
 - AI validation boundary (ADR-018)
+- Error handling strategy (ADR-007)
 - Forbidden patterns: `any`, `console.log`, UUID misuse

 ### 🟡 Tier 2 — IMPORTANT (CODE REVIEW)
@@ -1,5 +1,5 @@
 ---
-always_on: true
+trigger: always_on
 ---

 # ADR-019 UUID Strategy
@@ -7,7 +7,7 @@ always_on: true
 ## CRITICAL RULES

 - **NEVER** use `parseInt()` on UUID values
- **NEVER** use `Number()` on UUID values  
+- **NEVER** use `Number()` on UUID values
 - **NEVER** use `+` operator on UUID values
 - **ALWAYS** use `publicId` (string UUID) for API responses
 - **NEVER** expose internal INT `id` in API responses (use `@Exclude()`)
@@ -29,7 +29,7 @@ always_on: true
 class Project extends UuidBaseEntity {
  @Column({ type: 'uuid' })
  publicId: string;  // UUID string, no transformation needed
-  
+
  @PrimaryKey()
  @Exclude()
  id: number;  // Internal INT, never exposed
@@ -1,5 +1,5 @@
 ---
-always_on: true
+trigger: always_on
 ---

 # Security Rules (Non-Negotiable)
@@ -14,6 +14,10 @@ always_on: true
 6. **Rate Limiting:** `ThrottlerGuard` on all auth endpoints
 7. **File Upload:** Whitelist PDF/DWG/DOCX/XLSX/ZIP, max 50MB, ClamAV scan
 8. **AI Isolation (ADR-018):** Ollama on Admin Desktop ONLY — NO direct DB/storage access
+9. **Error Handling (ADR-007):** Use layered error classification with user-friendly messages
+10. **AI Integration (ADR-020):** RFA-First approach with unified pipeline architecture
+11. **AI Audit Trail:** Log all AI interactions and human validations
+12. **Rate Limiting:** Apply to AI endpoints to prevent abuse

 ## Full Documentation

@@ -26,4 +30,7 @@ always_on: true
 - [ ] No SQL injection vulnerabilities
 - [ ] File upload validation (whitelist + ClamAV)
 - [ ] Rate limiting applied to auth endpoints
+- [ ] AI boundary enforcement (ADR-018) - no direct DB/storage access
+- [ ] AI audit logging implemented for AI interactions
+- [ ] Error handling follows ADR-007 layered classification
 - [ ] OWASP Top 10 review passed
@@ -1,5 +1,5 @@
 ---
-always_on: true
+trigger: always_on
 ---

 # TypeScript Rules
@@ -1,5 +1,5 @@
 ---
-always_on: true
+trigger: always_on
 ---

 # Domain Terminology
@@ -1,26 +1,28 @@
 ---
-always_on: true
+trigger: always_on
 ---

 # Forbidden Actions

 ## ❌ Never Do This

-| ❌ Forbidden                                    | ✅ Correct Approach                           |
-| ----------------------------------------------- | --------------------------------------------- |
-| SQL Triggers for business logic                 | NestJS Service methods                        |
-| `.env` files in production                      | `docker-compose.yml` environment section      |
-| TypeORM migration files                         | Edit schema SQL directly (ADR-009)            |
-| Inventing table/column names                    | Verify against `schema-02-tables.sql`         |
-| `any` TypeScript type                           | Proper types / generics                       |
-| `console.log` in committed code                 | NestJS Logger (backend) / remove (frontend)   |
-| `req: any` in controllers                       | `RequestWithUser` typed interface             |
-| `parseInt()` on UUID values                     | Use UUID string directly (ADR-019)            |
-| Exposing INT PK in API responses                | UUIDv7 (ADR-019)                              |
-| AI accessing DB/storage directly                | AI → DMS API → DB (ADR-018)                   |
-| Direct file operations bypassing StorageService | `StorageService` for all file moves           |
-| Inline email/notification sending               | BullMQ queue job                              |
-| Deploying without Release Gates                 | Complete `04-08-release-management-policy.md` |
+| ❌ Forbidden                                    | ✅ Correct Approach                             |
+| ----------------------------------------------- | ----------------------------------------------- |
+| SQL Triggers for business logic                 | NestJS Service methods                          |
+| `.env` files in production                      | `docker-compose.yml` environment section        |
+| TypeORM migration files                         | Edit schema SQL directly (ADR-009)              |
+| Inventing table/column names                    | Verify against `schema-02-tables.sql`           |
+| `any` TypeScript type                           | Proper types / generics                         |
+| `console.log` in committed code                 | NestJS Logger (backend) / remove (frontend)     |
+| `req: any` in controllers                       | `RequestWithUser` typed interface               |
+| `parseInt()` on UUID values                     | Use UUID string directly (ADR-019)              |
+| Exposing INT PK in API responses                | UUIDv7 (ADR-019)                                |
+| AI accessing DB/storage directly                | AI → DMS API → DB (ADR-018)                     |
+| Direct file operations bypassing StorageService | `StorageService` for all file moves             |
+| Inline email/notification sending               | BullMQ queue job                                |
+| Deploying without Release Gates                 | Complete `04-08-release-management-policy.md`   |
+| AI direct cloud API calls                       | On-premises Ollama only (ADR-018)               |
+| AI outputs without human validation             | Human-in-the-loop validation required (ADR-020) |

 ## Schema Changes (ADR-009)

@@ -33,6 +35,7 @@ always_on: true
 See `01-adr-019-uuid.md` for complete UUID rules.

 Quick reminder:
+
 - ❌ `parseInt(uuid)` → NEVER
 - ❌ `Number(uuid)` → NEVER
 - ✅ Use UUID string directly
@@ -1,5 +1,5 @@
 ---
-always_on: true
+trigger: always_on
 ---

 # Development Flow
@@ -1,5 +1,5 @@
 ---
-always_on: true
+trigger: always_on
 ---

 # Commit Checklist
@@ -0,0 +1,78 @@
+---
+trigger: always_on
+---
+
+# ADR-007 Error Handling Strategy
+
+## CRITICAL RULES
+
+- **ALWAYS** use layered error classification (Validation, Business, System)
+- **NEVER** expose technical details to end users
+- **ALWAYS** provide user-friendly error messages with recovery guidance
+- **ALWAYS** log technical details for debugging
+- **NEVER** use generic error messages without context
+
+## Error Classification
+
+| Error Type | Description | User Message | Technical Log |
+|------------|-------------|--------------|---------------|
+| **Validation** | Input validation failures | Clear field-level errors | Full validation details |
+| **Business** | Business rule violations | Actionable guidance | Business context + user ID |
+| **System** | Infrastructure failures | Generic "try again" | Full stack trace + metrics |
+
+## Backend Pattern (NestJS)
+
+```typescript
+// Custom Exception Hierarchy
+export class BusinessException extends HttpException {
+  constructor(
+    message: string,
+    userMessage: string,
+    recoveryAction?: string,
+    errorCode?: string
+  ) {
+    super({ message, userMessage, recoveryAction, errorCode }, 400);
+  }
+}
+
+// Global Exception Filter
+@Catch()
+export class GlobalExceptionFilter implements ExceptionFilter {
+  catch(exception: unknown, host: ArgumentsHost) {
+    // Classify error and provide appropriate response
+    // Log technical details
+    // Return user-friendly message
+  }
+}
+```
+
+## Frontend Pattern (Next.js)
+
+```typescript
+// Error Display Component
+const ErrorDisplay = ({ error, onRetry }) => {
+  const userMessage = error.userMessage || 'เกิดข้อผิดพลาด';
+  const recoveryAction = error.recoveryAction;
+
+  return (
+    <div>
+      <p>{userMessage}</p>
+      {recoveryAction && <p>{recoveryAction}</p>}
+      {onRetry && <button onClick={onRetry}>ลองใหม่</button>}
+    </div>
+  );
+};
+```
+
+## Required Implementation
+
+- [ ] Global Exception Filter with layered classification
+- [ ] Custom exception hierarchy (Validation, Business, System)
+- [ ] Standardized error response DTOs
+- [ ] Frontend error display components
+- [ ] Error recovery mechanisms where applicable
+
+## Related Documents
+
+- `specs/06-Decision-Records/ADR-007-error-handling-strategy.md`
+- `specs/06-Decision-Records/ADR-010-logging-monitoring-strategy.md`
@@ -0,0 +1,100 @@
+---
+trigger: always_on
+---
+
+# ADR-020 AI Integration Architecture
+
+## CRITICAL RULES
+
+- **ALWAYS** follow ADR-018 AI boundary policy (isolation on Admin Desktop)
+- **ALWAYS** use RFA-First approach for AI implementation
+- **NEVER** allow AI direct database/storage access
+- **ALWAYS** implement human-in-the-loop validation
+- **NEVER** send sensitive data to cloud AI services
+
+## AI Integration Patterns
+
+### Architecture Overview
+
+```
+Frontend → AI Gateway API → Admin Desktop (Ollama) → Backend Validation
+```
+
+### Key Components
+
+| Component | Location | Purpose |
+|-----------|----------|---------|
+| **AI Gateway** | Backend (NestJS) | API endpoints, validation, audit logging |
+| **Ollama Engine** | Admin Desktop (Desk-5439) | LLM inference (Gemma 4) |
+| **OCR Engine** | Admin Desktop (Desk-5439) | Thai/English text extraction |
+| **Orchestrator** | QNAP NAS (n8n) | Workflow management |
+
+## Backend Implementation (NestJS)
+
+```typescript
+// AI Module with boundary enforcement
+@Module({
+  controllers: [AiController],
+  providers: [AiService, AiGateway],
+  exports: [AiService],
+})
+export class AiModule {
+  constructor() {
+    // Enforce ADR-018 boundaries
+  }
+}
+
+// AI Service with validation
+@Injectable()
+export class AiService {
+  async extractMetadata(documentId: string): Promise<AIMetadata> {
+    // 1. Validate permissions
+    // 2. Send to Admin Desktop AI
+    // 3. Validate AI response
+    // 4. Log audit trail
+    // 5. Return validated results
+  }
+}
+```
+
+## Frontend Pattern (Next.js)
+
+```typescript
+// Document Review Form (reusable component)
+const DocumentReviewForm = ({ document, aiSuggestions }) => {
+  return (
+    <form>
+      <Field label="Document Type" suggestions={aiSuggestions.documentType} />
+      <Field label="Project Code" suggestions={aiSuggestions.projectCode} />
+      <Field label="Discipline" suggestions={aiSuggestions.discipline} />
+
+      <ConfidenceScore score={aiSuggestions.confidence} />
+      <HumanValidationActions />
+    </form>
+  );
+};
+```
+
+## Security Requirements
+
+- **AI Isolation:** All AI processing on Admin Desktop only
+- **Data Privacy:** No cloud AI services, on-premises only
+- **Audit Trail:** Log all AI interactions and human validations
+- **Rate Limiting:** Prevent AI abuse and resource exhaustion
+- **Validation:** All AI outputs must be validated before use
+
+## Required Implementation
+
+- [ ] AiModule with ADR-018 boundary enforcement
+- [ ] AI Gateway API endpoints with validation
+- [ ] DocumentReviewForm reusable component
+- [ ] Admin Desktop Ollama + PaddleOCR setup
+- [ ] n8n workflow orchestration
+- [ ] AI audit logging and monitoring
+- [ ] Human-in-the-loop validation workflows
+
+## Related Documents
+
+- `specs/06-Decision-Records/ADR-018-ai-boundary.md`
+- `specs/06-Decision-Records/ADR-020-ai-intelligence-integration.md`
+- `specs/06-Decision-Records/ADR-017-ollama-data-migration.md`