SurfSense/_bmad-output/implementation-artifacts/sprint-status.yaml

# generated: 2026-04-13T02:50:25+07:00
# last_updated: 2026-04-13T02:50:25+07:00
# project: SurfSense
# project_key: NOKEY
# tracking_system: file-system
# story_location: {project-root}/_bmad-output/implementation-artifacts

# STATUS DEFINITIONS:
# ==================
# Epic Status:
#   - backlog: Epic not yet started
#   - in-progress: Epic actively being worked on
#   - done: All stories in epic completed
#
# Epic Status Transitions:
#   - backlog → in-progress: Automatically when first story is created (via create-story)
#   - in-progress → done: Manually when all stories reach 'done' status
#
# Story Status:
#   - backlog: Story only exists in epic file
#   - ready-for-dev: Story file created in stories folder
#   - in-progress: Developer actively working on implementation
#   - review: Ready for code review (via Dev's code-review workflow)
#   - done: Story completed
#
# Retrospective Status:
#   - optional: Can be completed but not required
#   - done: Retrospective has been completed
#
# WORKFLOW NOTES:
# ===============
# - Epic transitions to 'in-progress' automatically when first story is created
# - Stories can be worked in parallel if team capacity allows
# - Developer typically creates next story after previous one is 'done' to incorporate learnings
# - Dev moves story to 'review', then runs code-review (fresh context, different LLM recommended)

generated: 2026-04-13T02:50:25+07:00
last_updated: 2026-04-15T03:00:00+07:00
project: SurfSense
project_key: NOKEY
tracking_system: file-system
story_location: "{project-root}/_bmad-output/implementation-artifacts"

development_status:
  epic-1: done
  1-1-project-infrastructure-database-init: done
  1-2-backend-auth-api-jwt: done
  1-3-frontend-auth-ui: done
  epic-1-retrospective: optional
  epic-2: done
  2-1-celery-worker-pdf-parser: done
  2-2-upload-api-rate-limiting: done
  2-3-knowledge-base-ui-micro-sync-indicators: done
  2-4-delete-document-flow: done
  epic-2-retrospective: optional
  epic-3: in-progress
  3-1-chat-session-api: done
  3-2-rag-engine-sse-endpoint: done
  3-3-chat-ui-sse-client: done
  3-4-split-pane-layout-interactive-citation: done
  3-5-model-selection-via-quota: done
  epic-3-retrospective: optional
  epic-4: done
  4-1-chat-history-sync: done
  4-2-graceful-degradation-offline-ui: done
  4-3-global-network-sync-indicators: done
  epic-4-retrospective: optional
  epic-5: in-progress
  5-1-pricing-plan-selection-ui: done
  5-2-stripe-payment-integration: done
  5-3-stripe-webhook-sync: done
  5-4-usage-tracking-rate-limit-enforcement: done
  5-5-admin-seed-and-approval-flow: done
  5-6-admin-only-model-config: done
  epic-5-retrospective: optional
feat: initialize agent and claude skill libraries with comprehensive knowledge bases, workflow templates, and implementation artifacts. 2026-04-13 09:49:58 +07:00			`# generated: 2026-04-13T02:50:25+07:00`
			`# last_updated: 2026-04-13T02:50:25+07:00`
			`# project: SurfSense`
			`# project_key: NOKEY`
			`# tracking_system: file-system`
			`# story_location: {project-root}/_bmad-output/implementation-artifacts`

			`# STATUS DEFINITIONS:`
			`# ==================`
			`# Epic Status:`
			`# - backlog: Epic not yet started`
			`# - in-progress: Epic actively being worked on`
			`# - done: All stories in epic completed`
			`#`
			`# Epic Status Transitions:`
			`# - backlog → in-progress: Automatically when first story is created (via create-story)`
			`# - in-progress → done: Manually when all stories reach 'done' status`
			`#`
			`# Story Status:`
			`# - backlog: Story only exists in epic file`
			`# - ready-for-dev: Story file created in stories folder`
			`# - in-progress: Developer actively working on implementation`
			`# - review: Ready for code review (via Dev's code-review workflow)`
			`# - done: Story completed`
			`#`
			`# Retrospective Status:`
			`# - optional: Can be completed but not required`
			`# - done: Retrospective has been completed`
			`#`
			`# WORKFLOW NOTES:`
			`# ===============`
			`# - Epic transitions to 'in-progress' automatically when first story is created`
			`# - Stories can be worked in parallel if team capacity allows`
			`# - Developer typically creates next story after previous one is 'done' to incorporate learnings`
			`# - Dev moves story to 'review', then runs code-review (fresh context, different LLM recommended)`

			`generated: 2026-04-13T02:50:25+07:00`
Epic 5 Complete: Billing, Subscriptions, and Admin Features Resolve all 5 deferred items from Epic 5 adversarial code review: - Migration 124: Add CASCADE to subscriptionstatus enum drop (prevent orphaned references) - Stripe rate limiting: In-memory per-user limiter (20 calls/60s) on verify-checkout-session - Subscription request cooldown: 24h cooldown before resubmitting rejected requests - Token reset date: Initialize on first subscription activation - Checkout URL validation: Confirmed HTTPS-only (Stripe always returns HTTPS) Implement Story 5.4 (Usage Tracking & Rate Limit Enforcement): - Page quota pre-check at HTTP upload layer - Extend UserRead schema with token quota fields - Frontend 402 error handling in document upload - Quota indicator in dashboard sidebar Story 5.5 (Admin Seed & Approval Flow): - Seed admin user migration with default credentials warning - Subscription approval/rejection routes with admin guard - 24h rejection cooldown enforcement Story 5.6 (Admin-Only Model Config): - Global model config visible across all search spaces - Per-search-space model configs with user access control - Superuser CRUD for global configs Additional fixes from code review: - PageLimitService: PAST_DUE subscriptions enforce free-tier limits - TokenQuotaService: PAST_DUE subscriptions enforce free-tier limits - Config routes: Fixed user_id.is_(None) filter on mutation endpoints - Stripe webhook: Added guard against silent plan downgrade on unrecognized price_id All changes formatted with Ruff (Python) and Biome (TypeScript). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-15 03:54:45 +07:00			`last_updated: 2026-04-15T03:00:00+07:00`
feat: initialize agent and claude skill libraries with comprehensive knowledge bases, workflow templates, and implementation artifacts. 2026-04-13 09:49:58 +07:00			`project: SurfSense`
			`project_key: NOKEY`
			`tracking_system: file-system`
			`story_location: "{project-root}/_bmad-output/implementation-artifacts"`

			`development_status:`
			`epic-1: done`
			`1-1-project-infrastructure-database-init: done`
			`1-2-backend-auth-api-jwt: done`
			`1-3-frontend-auth-ui: done`
			`epic-1-retrospective: optional`
			`epic-2: done`
			`2-1-celery-worker-pdf-parser: done`
			`2-2-upload-api-rate-limiting: done`
			`2-3-knowledge-base-ui-micro-sync-indicators: done`
			`2-4-delete-document-flow: done`
			`epic-2-retrospective: optional`
			`epic-3: in-progress`
			`3-1-chat-session-api: done`
			`3-2-rag-engine-sse-endpoint: done`
			`3-3-chat-ui-sse-client: done`
			`3-4-split-pane-layout-interactive-citation: done`
feat(story-3.5): add cloud-mode LLM model selection with token quota enforcement Implement system-managed model catalog, subscription tier enforcement, atomic token quota tracking, and frontend cloud/self-hosted conditional rendering. Apply all 20 BMAD code review patches including security fixes (cross-user API key hijack), race condition mitigation (atomic SQL UPDATE), and SSE mid-stream quota error handling. Co-Authored-By: Claude Sonnet 4 <noreply@anthropic.com> 2026-04-14 17:01:21 +07:00			`3-5-model-selection-via-quota: done`
feat: initialize agent and claude skill libraries with comprehensive knowledge bases, workflow templates, and implementation artifacts. 2026-04-13 09:49:58 +07:00			`epic-3-retrospective: optional`
			`epic-4: done`
			`4-1-chat-history-sync: done`
			`4-2-graceful-degradation-offline-ui: done`
			`4-3-global-network-sync-indicators: done`
			`epic-4-retrospective: optional`
feat(story-5.1): add subscription pricing UI with Stripe checkout integration Replace PAYG pricing tiers with subscription model (Free/Pro/Enterprise), enable Monthly/Yearly billing toggle, wire Pro CTA to Stripe checkout with authenticatedFetch, toast error feedback, double-click guard, checkout_url validation, and offline graceful degradation. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-14 23:28:14 +07:00			`epic-5: in-progress`
			`5-1-pricing-plan-selection-ui: done`
feat(story-5.2): add Stripe subscription checkout with session verification Add POST /api/v1/stripe/create-subscription-checkout endpoint with get_or_create_stripe_customer (SELECT FOR UPDATE), plan_id→price_id mapping from env vars, active subscription guard (409), and session_id in success URL. Add GET /verify-checkout-session endpoint for server-side payment verification. Add /subscription-success frontend page with loading/verified/failed states. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-14 23:58:57 +07:00			`5-2-stripe-payment-integration: done`
feat(story-5.3): add Stripe webhook subscription lifecycle handlers - Add migration 125: subscription_current_period_end column - Add PLAN_LIMITS config (free/pro_monthly/pro_yearly token + pages limits) - Add subscription webhook handlers: created/updated/deleted, invoice payment - Handle checkout.session.completed for subscription mode separately from PAYG - Idempotency: subscription_id + status + plan_id + period_end guard - pages_limit upgraded on activation, gracefully downgraded on cancel - Token reset on subscription_create and subscription_cycle billing events - Period_end forward-only guard against out-of-order webhook delivery Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-15 00:43:07 +07:00			`5-3-stripe-webhook-sync: done`
Epic 5 Complete: Billing, Subscriptions, and Admin Features Resolve all 5 deferred items from Epic 5 adversarial code review: - Migration 124: Add CASCADE to subscriptionstatus enum drop (prevent orphaned references) - Stripe rate limiting: In-memory per-user limiter (20 calls/60s) on verify-checkout-session - Subscription request cooldown: 24h cooldown before resubmitting rejected requests - Token reset date: Initialize on first subscription activation - Checkout URL validation: Confirmed HTTPS-only (Stripe always returns HTTPS) Implement Story 5.4 (Usage Tracking & Rate Limit Enforcement): - Page quota pre-check at HTTP upload layer - Extend UserRead schema with token quota fields - Frontend 402 error handling in document upload - Quota indicator in dashboard sidebar Story 5.5 (Admin Seed & Approval Flow): - Seed admin user migration with default credentials warning - Subscription approval/rejection routes with admin guard - 24h rejection cooldown enforcement Story 5.6 (Admin-Only Model Config): - Global model config visible across all search spaces - Per-search-space model configs with user access control - Superuser CRUD for global configs Additional fixes from code review: - PageLimitService: PAST_DUE subscriptions enforce free-tier limits - TokenQuotaService: PAST_DUE subscriptions enforce free-tier limits - Config routes: Fixed user_id.is_(None) filter on mutation endpoints - Stripe webhook: Added guard against silent plan downgrade on unrecognized price_id All changes formatted with Ruff (Python) and Biome (TypeScript). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-15 03:54:45 +07:00			`5-4-usage-tracking-rate-limit-enforcement: done`
			`5-5-admin-seed-and-approval-flow: done`
			`5-6-admin-only-model-config: done`
feat: initialize agent and claude skill libraries with comprehensive knowledge bases, workflow templates, and implementation artifacts. 2026-04-13 09:49:58 +07:00			`epic-5-retrospective: optional`