# Current State

> **Purpose:** Quick-reference file showing exactly where the project stands.
> **For Claude Code:** Read this first to understand what's done and what's next.
> **Last Updated:** March 19, 2026

---

## Active Phase: Phase 4 - Enterprise & Growth Features (In Progress)

---

## What's Complete

### Core Platform
- FastAPI project structure with 35+ API endpoints
- PostgreSQL database with Docker, 75+ Alembic migrations
- User authentication (JWT, register, login, refresh, logout, invite codes)
- Refresh token rotation with JTI-based revocation
- Trees CRUD with full-text search (FTS index)
- Sessions tracking with decisions, outcomes, and variables
- Export API (Markdown, Text, HTML)
- Role-based access control (super_admin, team_admin, engineer, viewer)
- Production-ready logging with correlation IDs
- 100+ integration tests
- Rate limiting on auth endpoints (disabled in DEBUG)
- Audit log table with JSONB details
- Soft delete for trees with cascade cleanup

### Frontend Core
- React 19 + Vite + TypeScript + Tailwind CSS v4 (`@tailwindcss/vite`)
- **Slate & Ice Design System** — Dark glassmorphism, ice-cyan gradient accents, glass-card system
- **Brand fonts:** Bricolage Grotesque (headings), IBM Plex Sans (body), JetBrains Mono (labels)
- Authentication UI (login, register, email verification)
- Tree library/browsing page with grid/list/table views
- Tree navigation interface (session player)
- Session management with history and detail pages
- **Tree Editor** — Form-based with visual preview, Zustand + immer + zundo (undo/redo)
- **Markdown rendering** in session player and node editor
- **Tree Organization** — Categories, tags (autocomplete), user folders (3-level hierarchy), filters
- **RBAC & Permissions** — `usePermissions` hook, ProtectedRoute with role guards
- **Session Scratchpad** — Floating overlay (Ctrl+/), auto-save, markdown preview
- **Admin Panel** — 8 pages (dashboard, users, invite codes, audit logs, plan limits, feature flags, settings, categories)
- **Session Quick Wins** — Timer, keyboard hints, repeat last, auto-recovery, copy step, delete tree
- **Session Outcomes** — Outcome modal on completion, step timing tracking
- **Session Sharing** — Share links, public/account views, MySharesPage
- **Procedural Editor UX** — Section headers, collapsible advanced fields, URL intake, tag input
- **Type-aware Routing** — Centralized `getTreeNavigatePath`/`getTreeEditorPath` helpers
- **Account Management** — Profile settings, delete/leave/transfer, chat retention
- **PostHog Analytics** — Event tracking, user identification, autocapture

### FlowPilot AI System (Phases 1-3 Complete)

**Phase 1 — AI Session Engine:**
- FlowPilotEngine with multi-step guided troubleshooting
- AI copilot panel + standalone assistant chat with RAG
- Confidence-tiered model routing via `settings.get_model_for_action()`
- Intake form with ticket/client fields, session pause/resume
- AI-generated ticket summaries, outcome tracking

**Phase 2 — PSA Integration & Escalation:**
- ConnectWise PSA integration (ticket linking, note posting, member mapping)
- PSA documentation auto-push with retry scheduler
- Session pause/resume, mid-session ticket linking
- Escalation handoff workflow with LLM-enhanced briefing package
- Escalation pickup flow for senior engineers
- PSA settings UI on IntegrationsPage
- In-session script generator

**Phase 3 — Knowledge Flywheel:**
- AI session analysis → automatic flow proposal generation
- FlowProposal model with review queue (approve, edit & publish, dismiss, reject)
- Knowledge gap detection (weak options, high escalation domains)
- FlowPilot analytics dashboard (metrics, confidence tiers, PSA stats, gaps)
- APScheduler batch analysis job with `max_instances=1`
- Auto-reinforcement for sessions matching existing flows

### Phase 4 Slice 2 — Notification System (Just Completed)
- NotificationConfig, NotificationLog, Notification models + migration
- Multi-channel delivery: in-app, email (Resend), Slack webhooks, Teams webhooks
- Notification service with event routing and fire-and-forget delivery
- APScheduler retry job with exponential backoff (30s, 2m, 10m, max 3 retries)
- 9 API endpoints (config CRUD + in-app notification management)
- Wired into escalation, proposal approval, and knowledge flywheel events
- Frontend: NotificationsPanel (bell icon + dropdown), NotificationSettings UI
- Notifications tab on IntegrationsPage
- Pydantic validation for event keys, cross-tenant protection

### Security Hardening (Phases A-D Complete)
- Registration role hardcoded to `engineer`
- HTML export XSS fix (html.escape)
- Secret key validator (rejects default when DEBUG=False)
- Role CHECK constraint on users table
- Tree access check on session start
- Centralized permissions in `permissions.py`
- `is_active` field on User model, enforced in auth
- Admin user management endpoints (6 endpoints)
- Password complexity validation (uppercase, lowercase, digit, min 10 chars)
- Soft delete cascade cleanup (folder/tag junctions)
- SQL wildcard escaping in tag search
- PSA credentials encrypted at rest (Fernet)

### Maintenance Flows
- Batch session launch, saved target lists
- APScheduler scheduling with croniter + pytz

### Survey System
- Public survey page, admin invite tracking
- Response viewer with CSV export
- Email-to-self, thank-you page
- Admin read/unread/archive/delete management

### Documentation
- CLAUDE.md (comprehensive project context)
- UI-DESIGN-SYSTEM.md, REBRAND-IMPLEMENTATION-GUIDE.md
- ConnectWise API reference docs in `docs/connectwise/`
- Feature specifications through Phase 4
- Phase implementation plans in `docs/plans/`

---

## What's In Progress

| Task | Status | Notes |
|------|--------|-------|
| Phase 4 Slice 1 — Public Templates Gallery | Not Started | SEO/lead-gen surface for flow templates |
| Phase 4 Slice 3 — Session Export | Not Started | PDF (weasyprint), markdown, clipboard copy |
| Phase 4 Slice 4 — Mobile/Responsive | Not Started | Tablet/phone polish for field technicians |
| Phase 4 Slice 5 — Enterprise Readiness | Not Started | Custom branding, PSA stubs, SSO groundwork |

---

## What's Next (Priority Order)

### Immediate (Phase 4 Remaining Slices)
1. Public Templates Gallery (SEO, lead generation)
2. Session Export (PDF, markdown, copy-to-clipboard)
3. Mobile/Responsive polish
4. Enterprise readiness (branding, rate limiting, SSO prep)

### Soon (Phase 5)
- Additional PSA integrations (Autotask/Kaseya)
- PowerShell automation framework
- Advanced analytics and reporting

### Later
- Enterprise SSO (SAML/OIDC)
- White-label deployment
- Marketplace for community flow templates

---

## Environment Quick Reference

### Start Development
```bash
# Start PostgreSQL (Docker Compose)
docker compose up -d

# Backend (from backend/)
source venv/bin/activate
uvicorn app.main:app --reload

# Frontend (from frontend/)
npm run dev
```

### URLs
- Frontend: http://192.168.0.9:5173
- Backend API: http://192.168.0.9:8000
- API Docs: http://192.168.0.9:8000/api/docs

### Run Tests
```bash
cd backend && pytest --override-ini="addopts="
```

---

## Blockers / Known Issues

| Issue | Workaround | Status |
|-------|------------|--------|
| `analysis_status` has no CheckConstraint | Valid values documented in code comments | Low priority |
| Review queue/analytics pages have no frontend role gate | Backend 403 protects data; UX could show message | Low priority |
| Review queue capped at 50 with no pagination UI | Filters can narrow results | Low priority |