kvisi/Status
SB
status

What's locked · partial · parallel · blocking

Every section below derives from lib/data/adrs.ts + lib/data/locks.ts — single source of truth, no silent drift.

Phase-0 blockers

2 open — must be resolved before scaffold ships
  • blockerADR-0007DR & retentionopen

    Phase-0 minimum ratified: HA VPN, circuit breaker, baseline RPO/RTO. Retention/cross-region DR/PII anon deferred.

    gatesE5.2
  • blockerADR-0008SQL Server connection poolingopen

    Only remaining hard Phase-0 blocker. Sizing vs on-prem headroom, flap behavior, TDS-aware circuit breaker.

    gatesE0.1

Partial — Phase-0 minimum ratified, fill-out deferred

2 ADRs · safe to start Phase 0; later phases pull rest of the decision
  • partialADR-0006B2B multi-tenancyopen

    Phase-0 minimum ratified: shared-schema + company_id column. Authz/bulk-import/pricing deferred to pre-Phase-4.

    gatesE4.3
  • partialADR-0007DR & retentionopen

    Phase-0 minimum ratified: HA VPN, circuit breaker, baseline RPO/RTO. Retention/cross-region DR/PII anon deferred.

    gatesE5.2

Tracks running in parallel

5 non-blocking · can run alongside Phase 0–2
  • Creds rotation
    P0P1P2

    Drain the 12 plaintext credential sets from Web.config out of git.

  • DBA SP inventory
    P1P2P3

    Frequency-rank the 80+ stored procedures. Blocks E4.5.

  • Q1 · legacy access
    P0P1

    Repo access for the unknown ~85 AccountController routes.

  • Q4 · captcha
    P3

    Migrate legacy JPEG generator → hCaptcha (or keep).

  • Q5 · admin scope
    P4

    Decide admin panel rewrite vs port-as-is. Drives ~30 ep delta.

Locked decisions

18 items · not up for re-debate without an ADR amendment
  • ADR-0001FP stack (neverthrow + Remeda + ts-pattern on NestJS)
  • ADR-0003Architecture shape — 2 deployables
  • ADR-0005Auth & authz model
  • ADR-0009IaC tool choice
  • stackStack · NestJS 11 + neverthrow + Remeda + ts-pattern + Zod + Prisma + Kysely
  • platform2 deployables · Core API (ECS Fargate) + Async Workers (Lambda + SQS)
  • platformEventBridge deferred to Phase 3 — direct SQS in Phase 0–2
  • platformOutbox-pattern payloads versioned from day 1
  • stackAuth · JWT RS256 · ~15min lifetime · refresh-token rotation · RBAC baseline
  • stackB2B tenancy · shared-schema + company_id discriminator (Phase 0 minimum)
  • platformDR · HA VPN tunnels + TDS-aware circuit breaker (Phase 0 minimum)
  • platformIaC · CDK + SST on top, 3 stacks, Organizations multi-account
  • processPer-endpoint feature flags via OpenFeature + Unleash
  • processStrangler-fig at the ALB layer · per-cluster cutover
  • platformDebezium CDC · SQL Server → Postgres during dual-write windows
  • processParity gate · Diffy-style out-of-process traffic comparator
  • processMutation gate · Stryker ≥ 70% on payments, auth, pricing (advisory elsewhere)
  • processSix-folder DDD enforced by dependency-cruiser