# GoodGo Platform AI — Implementation Plan

**Last Updated:** 2026-04-08

---

## Milestones

### Milestone 1: Walking Skeleton (Phase 0)

**Goal:** Any engineer can clone, install, and start developing.

**Execution Order:**

1. **[TEC-1415] Monorepo Scaffolding** + **[TEC-1416] Docker Compose** (parallel — no deps)
2. **[TEC-1420] ESLint/Prettier** (after F1)
3. **[TEC-1417] Prisma Schema** (after F1 + F2)
4. **[TEC-1418] Shared Module** (after F1)
5. **[TEC-1419] CI/CD Pipeline** (after F1)

```
F1 (Monorepo) ──┬── F6 (Lint/Prettier)
                 ├── F3 (Prisma Schema) ←── F2 (Docker)
                 ├── F4 (Shared Module)
                 └── F5 (CI/CD)
F2 (Docker) ─────┘
```

### Milestone 2: Core Product (Phase 1)

**Goal:** Users can register, post listings, and search properties.

**Execution Order:**

1. **[TEC-1421] Auth Backend** (after F3, F4)
2. **[TEC-1425] Security Hardening** + **[TEC-1426] Error Handling** (parallel, after F1/F4)
3. **[TEC-1422] Auth Frontend** (after C1)
4. **[TEC-1423] Listings Backend** (after C1)
5. **[TEC-1424] Search Backend** (after C3)
6. **[TEC-1427] Listings Frontend** (after C3)
7. **[TEC-1428] Search + Landing Frontend** (after C5)

```
F3 + F4 ──→ C1 (Auth BE) ──┬── C2 (Auth FE)
                            ├── C3 (Listings BE) ──┬── C5 (Search BE) ──→ C6 (Search FE)
                            │                      └── C4 (Listings FE)
                            ├── X1 (Security)
                            └── X3 (Error Handling)
```

### Milestone 3: Monetization (Phase 2)

**Goal:** Revenue-generating MVP with payments, subscriptions, and admin tools.

```
C1 ──→ M1 (Payments) ──→ M2 (Subscriptions)
C1 ──→ M3 (Notifications)
C1 + C3 ──→ M4 (Admin)
Phase 1 ──→ X4 (E2E Tests)
```

### Milestone 4: AI-Powered (Phase 3)

**Goal:** Differentiated product with AI features.

```
F2 ──→ A1 (AI/ML Container) ──→ A2 (Analytics)
C5 + A2 ──→ A3 (MCP Servers)
```

---

## Dependency Map

| Task          | Depends On |
| ------------- | ---------- |
| TEC-1415 (F1) | None       |
| TEC-1416 (F2) | None       |
| TEC-1417 (F3) | F1, F2     |
| TEC-1418 (F4) | F1         |
| TEC-1419 (F5) | F1         |
| TEC-1420 (F6) | F1         |
| TEC-1421 (C1) | F3, F4     |
| TEC-1422 (C2) | C1         |
| TEC-1423 (C3) | C1, F3     |
| TEC-1424 (C5) | C3, F2     |
| TEC-1425 (X1) | F1         |
| TEC-1426 (X3) | F4         |
| TEC-1427 (C4) | C3         |
| TEC-1428 (C6) | C5         |
| TEC-1429 (M1) | C1         |
| TEC-1430 (M2) | M1         |
| TEC-1431 (M3) | C1         |
| TEC-1432 (M4) | C1, C3     |
| TEC-1433 (X4) | Phase 1    |

### Milestone 5: Production Hardening (Phase 4)

**Goal:** Fix all critical security issues. Establish production deployment capability.

**Execution Order:**

1. **[TEC-1449] JWT Secret Fix** + **[TEC-1451] HMAC Timing Fix** + **[TEC-1452] MinIO Fix** + **[TEC-1453] CSRF** (parallel — no deps between them)
2. **[TEC-1455] DB Index** (independent — can run parallel with above)
3. **[TEC-1450] Deployment Pipeline** (after security fixes verified)
4. **[TEC-1457] Backups + Logs** (after deployment infra exists)
5. **[TEC-1456] Test Coverage** (parallel — independent of infra)

```
TEC-1449 (JWT) ──────┐
TEC-1451 (HMAC) ─────┤
TEC-1452 (MinIO) ────┼──→ TEC-1450 (Deploy Pipeline) ──→ TEC-1457 (Backups + Logs)
TEC-1453 (CSRF) ─────┘
TEC-1455 (DB Index) ──────────────────────────────────(independent)
TEC-1456 (Tests) ─────────────────────────────────────(independent)
```

### Milestone 6: Quality & Polish (Phase 5)

**Goal:** Production-quality UX, documentation, and performance.

```
Phase 4 done ──→ TEC-1458 (Redis Caching)
                 TEC-1459 (Frontend Polish)    (parallel)
                 TEC-1460 (OpenAPI/Swagger)    (parallel)
                 TEC-1461 (Documentation)      (parallel)
```

---

## Dependency Map (Phase 4-5)

| Task            | Depends On        |
| --------------- | ----------------- |
| TEC-1449        | None              |
| TEC-1450        | TEC-1449 (security first) |
| TEC-1451        | None              |
| TEC-1452        | None              |
| TEC-1453        | None              |
| TEC-1455        | None              |
| TEC-1456        | None              |
| TEC-1457        | TEC-1450          |
| TEC-1458        | Phase 4           |
| TEC-1459        | None              |
| TEC-1460        | None              |
| TEC-1461        | None              |

---

## Rollout Notes

- **Phase 0-3 complete** — 23/23 tasks done
- **Phase 4 is immediate priority** — security fixes must land before any production deployment
- **TEC-1449 (JWT) is the single most critical fix** — blocks production deployment
- **Security tasks (TEC-1449, 1451, 1452, 1453) can all run in parallel** — assign to Security Engineer + Senior Backend
- **TEC-1450 (Deployment Pipeline) should start after security fixes** — no point deploying insecure code
- **TEC-1456 (Tests) and TEC-1455 (DB Index) are independent** — can run anytime
- **Phase 5 tasks are all independent** — can run fully in parallel once Phase 4 is done
- **Critical path:** TEC-1449 → TEC-1450 → TEC-1457 (security → deploy → observability)