Fix backend: add passlib/bcrypt, fix datetime timezone issues

02-TECHNICAL-ARCHITECTURE.md

@@ -3,6 +3,7 @@
 ## System Architecture
 
 ### High-Level Architecture
+
 ```
 ┌─────────────────────────────────────────────────────┐
 │                  Frontend (React/Vue)                │
@@ -41,7 +42,9 @@
 ## Tech Stack
 
 ### Frontend
+
 **Primary Choice: React**
+
 - **Pros:** Large ecosystem, excellent offline support (PWA), familiar to most developers
 - **Alternatives:** Vue.js (simpler), Svelte (faster)
 - **UI Framework:** Tailwind CSS + shadcn/ui (clean, professional look)
@@ -50,7 +53,9 @@
 - **Offline:** Service Workers + IndexedDB for offline tree caching
 
 ### Backend
+
 **Primary Choice: Python FastAPI**
+
 - **Pros:** Modern, fast, async support, automatic API docs, matches Michael's learning path
 - **Alternatives:** Flask (simpler but less performant), Django (heavier)
 - **Authentication:** JWT tokens + httpOnly cookies
@@ -59,26 +64,33 @@
 - **Migration:** Alembic
 
 ### Database
+
 **Primary Choice: PostgreSQL**
+
 - **Pros:** JSON/JSONB support perfect for tree storage, reliable, scalable
-- **Schema Design:** 
+- **Schema Design:**
   - Hybrid approach: Relational for users/sessions, JSONB for tree structure
   - Full-text search for tree discovery
   - Indexes on frequently queried fields
 
 ### File Storage
+
 **Primary Choice: S3-compatible storage**
+
 - **Development:** MinIO (self-hosted, S3-compatible)
 - **Production:** AWS S3 or DigitalOcean Spaces
 - **Strategy:** Pre-signed URLs for uploads, CDN for delivery
 
 ### Hosting
+
 **Development:**
+
 - Frontend: Local dev server (Vite)
 - Backend: Local Python server
 - Database: Docker PostgreSQL
 
 **Production Options:**
+
 1. **Simple Start:** Railway or Render (full-stack hosting)
    - Cost: ~$10-20/month
    - Pros: Easy deployment, managed databases
@@ -99,6 +111,7 @@
 ### Database Schema
 
 #### Users Table
+
 ```sql
 CREATE TABLE users (
     id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
@@ -113,6 +126,7 @@ CREATE TABLE users (
 ```
 
 #### Teams Table
+
 ```sql
 CREATE TABLE teams (
     id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
@@ -122,6 +136,7 @@ CREATE TABLE teams (
 ```
 
 #### Trees Table
+
 ```sql
 CREATE TABLE trees (
     id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
@@ -144,6 +159,7 @@ CREATE INDEX idx_trees_search ON trees USING gin(to_tsvector('english', name ||
 ```
 
 #### Sessions Table
+
 ```sql
 CREATE TABLE sessions (
     id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
@@ -165,6 +181,7 @@ CREATE INDEX idx_sessions_dates ON sessions(started_at, completed_at);
 ```
 
 #### Attachments Table
+
 ```sql
 CREATE TABLE attachments (
     id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
@@ -368,6 +385,7 @@ CREATE TABLE attachments (
 ## API Endpoints
 
 ### Authentication
+
 ```
 POST   /api/auth/register       - Register new user
 POST   /api/auth/login          - Login
@@ -377,6 +395,7 @@ POST   /api/auth/refresh        - Refresh JWT token
 ```
 
 ### Trees
+
 ```
 GET    /api/trees               - List all trees (with filters)
 GET    /api/trees/:id           - Get specific tree
@@ -388,6 +407,7 @@ GET    /api/trees/search        - Full-text search trees
 ```
 
 ### Sessions
+
 ```
 GET    /api/sessions            - List user's sessions
 GET    /api/sessions/:id        - Get specific session
@@ -398,6 +418,7 @@ POST   /api/sessions/:id/export - Export session to formatted notes
 ```
 
 ### Attachments
+
 ```
 POST   /api/sessions/:id/attachments       - Upload attachment
 GET    /api/sessions/:id/attachments       - List attachments
@@ -406,6 +427,7 @@ DELETE /api/attachments/:id                - Delete attachment
 ```
 
 ### Teams (Phase 2)
+
 ```
 GET    /api/teams                - List teams
 POST   /api/teams                - Create team (admin only)
@@ -415,6 +437,7 @@ DELETE /api/teams/:id/members/:user_id - Remove team member
 ```
 
 ### Analytics (Phase 3)
+
 ```
 GET    /api/analytics/trees/:id/usage      - Tree usage statistics
 GET    /api/analytics/trees/:id/paths      - Common paths taken
@@ -423,6 +446,7 @@ GET    /api/analytics/user/history         - User's troubleshooting history
 ```
 
 ### Automation (Phase 4)
+
 ```
 GET    /api/automation/scripts              - List available automation scripts
 POST   /api/automation/execute              - Execute automation script
@@ -432,6 +456,7 @@ GET    /api/automation/history              - Automation execution history
 ## Security Considerations
 
 ### Authentication & Authorization
+
 - JWT tokens with short expiry (15 min access, 7 day refresh)
 - Role-based access control (RBAC)
 - Password requirements: min 10 chars, complexity
@@ -439,6 +464,7 @@ GET    /api/automation/history              - Automation execution history
 - Account lockout after failed attempts
 
 ### Data Protection
+
 - All passwords hashed with bcrypt (cost factor 12)
 - Sensitive data encrypted at rest
 - HTTPS only in production
@@ -447,6 +473,7 @@ GET    /api/automation/history              - Automation execution history
 - XSS prevention (input sanitization, CSP headers)
 
 ### File Upload Security
+
 - File type validation (whitelist only)
 - File size limits (10MB per file)
 - Virus scanning (ClamAV integration for Phase 3)
@@ -454,6 +481,7 @@ GET    /api/automation/history              - Automation execution history
 - Signed URLs with expiration
 
 ### API Security
+
 - Rate limiting (100 requests/min per user)
 - Request size limits
 - API versioning (/api/v1/...)
@@ -462,18 +490,21 @@ GET    /api/automation/history              - Automation execution history
 ## Performance Considerations
 
 ### Database
+
 - Indexes on frequently queried fields
 - Connection pooling
 - Query optimization (EXPLAIN ANALYZE)
 - Consider read replicas for Phase 3+
 
 ### Caching Strategy
+
 - Redis for session storage (Phase 2)
 - Cache frequently accessed trees
 - CDN for static assets
 - Browser caching headers
 
 ### Frontend Performance
+
 - Code splitting (lazy load routes)
 - Tree data cached in IndexedDB
 - Debounced search inputs
@@ -483,12 +514,14 @@ GET    /api/automation/history              - Automation execution history
 ## Monitoring & Observability
 
 ### Logging
+
 - Structured logging (JSON format)
 - Log levels: DEBUG, INFO, WARNING, ERROR, CRITICAL
 - Request ID tracking across services
 - User action auditing
 
 ### Metrics (Phase 3)
+
 - API response times
 - Database query performance
 - Error rates
@@ -496,6 +529,7 @@ GET    /api/automation/history              - Automation execution history
 - System resource usage
 
 ### Error Tracking
+
 - Sentry integration for error tracking
 - User-friendly error messages
 - Automatic error reporting with context
@@ -503,18 +537,21 @@ GET    /api/automation/history              - Automation execution history
 ## Deployment Strategy
 
 ### CI/CD Pipeline
+
 1. **Development:** Local development with hot reload
 2. **Testing:** Automated tests on PR
 3. **Staging:** Auto-deploy to staging environment
 4. **Production:** Manual approval → deploy
 
 ### Database Migrations
+
 - Alembic for schema migrations
 - Backwards-compatible changes
 - Rollback capability
 - Test migrations on staging first
 
 ### Backup Strategy
+
 - Automated daily database backups
 - Point-in-time recovery capability
 - File storage replication
@@ -523,18 +560,21 @@ GET    /api/automation/history              - Automation execution history
 ## Future Technical Considerations
 
 ### Scalability
+
 - Horizontal scaling (multiple app servers)
 - Database sharding (by team_id)
 - Microservices architecture (if needed)
 - Message queue for async tasks (Celery + Redis)
 
 ### Mobile Apps
+
 - React Native for iOS/Android
 - Shared API backend
 - Offline-first architecture
 - Push notifications for team updates
 
 ### AI/ML Integration (Phase 5+)
+
 - Suggest next steps based on past sessions
 - Auto-categorize tickets
 - Predict resolution time