2nd Brain

Plan

/home/darth/Documents/moltbotShare/MultiApps/Plan.md

Plan.md - MultiApps ToDo Plan (baseline)

This file is a baseline plan as if nothing is finished yet. All items are unchecked so progress can be reviewed and marked later. Scope is based on rules.md, README.md, PRD.md, and AblaufProtokoll.md. The folder "obsolent" is ignored by definition.

1) Project structure and standards

  • Verify monorepo layout and allowed tech (no SvelteKit, no TypeScript, no React).
  • Ensure all Svelte views are presentational only; logic and validation are server-side.
  • Confirm DRY and simplicity principles across modules.
  • Document architecture in a dedicated, up-to-date doc file.
  • Confirm default dev flow uses npm run dev and no build unless required.

2) Central backend (Express)

  • Verify entrypoint in backend/server.js and request routing.
  • Implement or confirm API gateway behavior for app-specific services.
  • Implement /apps/<slug> delivery (static and dev proxy rules).
  • Implement access control checks on app start (login + entitlement).
  • Implement security middleware (auth, rate limits if required, CORS as needed).

3) Auth and user management

  • Implement JWT auth with httpOnly cookies and refresh token flow.
  • Implement register/login/logout endpoints.
  • Implement "single login per user" constraint.
  • Implement fingerprint storage and verification per user.
  • Implement password reset flow (forgot/reset).
  • Implement account deletion with safety confirmation.

4) Database and models (MongoDB)

  • Define schemas for users, apps, translations, highscores, subscriptions/billing.
  • Implement DB connection and error handling.
  • Implement seeding scripts for apps and default users.
  • Ensure translations are only in DB (no translation files in repo).
  • Ensure highscores are stored in DB (not client storage).

5) Landing (frontend-svelte)

  • Implement dynamic app listing from DB/registry.
  • Implement centralized login and profile navigation.
  • Implement user-facing status for app access (free/paid, active/locked).
  • Implement language selection driven by DB translations.
  • Implement footer links to TOS and privacy pages.

6) App registry and app portfolio

  • Maintain SSOT in appRegistry.js with slugs, names, embed flags, dev ports.
  • Ensure registry and DB app list are consistent.
  • Confirm each app in /apps follows Svelte.js only.
  • Track app status (ready/coming_soon/maintenance) via DB.
  • Clarify placeholder/concept apps and mark their status.

7) Monetization and entitlements

  • Define free/paid tier schema per app in DB.
  • Implement entitlement checks and feature gates in backend.
  • Implement billing provider integration (Stripe or dummy link for testing).
  • Implement subscription lifecycle handling (start/cancel/expiry).

8) Admin dashboard

  • Implement admin overview endpoint and data aggregation.
  • Implement admin CRUD for users and apps.
  • Implement admin access policy (admin has full access).
  • Implement UI in landing/admin view for management actions.

9) App delivery and dev tooling

  • Confirm dev proxy rules for apps with their own dev server.
  • Ensure static assets are correctly served for /apps/<slug>/*.
  • Ensure dev server ports align with registry.
  • Confirm npm run dev orchestration and logging.

10) Localization and content

  • Implement translation fetch and caching strategy on server.
  • Implement context-specific "Korrektur vorschlagen" behavior.
  • Verify translation coverage for landing and key app surfaces.

11) Documentation and workflow

  • Keep AblaufProtokoll.md updated for each change.
  • Keep README.md up to date with architecture and dev workflow.
  • Document deployment setup (reverse proxy, SSL).
  • Document data protection and TOS linkage requirements.

12) Verification

  • Define minimal manual test checklist for auth, app access, and landing.
  • Run tests only when a change explicitly requires it.
Attachments
Noch keine.