Constellation Project Tracker — Implementation Plan
Document: Feature Roadmap & Implementation Plan Module: Enterprise Project Coordination (Section 4.4) Date: 30 March 2026 Version: 2.0 Prepared by: B2B Online
1. Executive Summary
The Constellation Project Tracker is the enterprise project coordination module within the Constellation platform. It supports multiple industry verticals — manufacturing, service delivery, software development, and procurement — through configurable project templates. It enables organisations to manage complex, multi-stage programmes while giving customers (contracting agencies) real-time visibility, approval workflows, and structured communication. The module also absorbs support ticket management and quality workflows (Constellation Spec Section 4.6), providing SLA-tracked customer tickets, root cause analysis, and quality issue tracking within the same infrastructure.
This document presents the current state of delivery, the platform integration status, and the concrete roadmap for all remaining phases — including Issue Management, Support Tickets & Quality Management, AI-first capabilities, and AI-assisted development workflows.
2. What Has Been Delivered
The following capabilities are live and available in the current deployment.
Programme & Project Management
- Programme hierarchy — Programmes group related projects with aggregated progress tracking and status lifecycle (Active / On Hold / Completed / Cancelled)
- Programme delegates — Named users with VIEWER / EDITOR / MANAGER access per programme
- Project management — Full project lifecycle with configurable settings, task numbering prefixes, and automatic progress calculation
- Multiple project views — Kanban board (drag-and-drop), Gantt timeline chart, and sortable list view with inline editing
- Stage-gate engine — Sequential manufacturing stages with quality gates that must be satisfied before work progresses. Supports manual gates (human review required) and automatic gates (pass when all criteria are met). Four criterion types: manual check, task completion, deliverable, and customer approval. Full audit trail of every gate decision.
Task Management
- Full task lifecycle — Create, assign, prioritise, schedule, and track tasks with progress (0-100%)
- Subtasks & dependencies — One level of parent-child nesting with automatic parent progress. Directed task dependencies with cycle detection and warnings.
- Custom fields — Per-project custom fields (text, number, dropdown, date, checkbox) displayed as columns in the list view with inline editing
- Custom statuses — Replace default workflow columns with project-specific statuses, colours, and ordering
- Filtering & search — Filter by status, assignee, date range, and custom fields. Full-text search across tasks.
- Customer approval workflow — Manufacturers request approval; customers approve or reject with comments. Email notifications and visual status badges.
- Time tracking — Log work hours against tasks with calendar view, per-task aggregation, and reporting
Collaboration & Communication
- Task comments — Threaded comments on tasks. Email notifications to task watchers and assignees. (Note: edit/delete not yet implemented — create and read only.)
- Email notifications — Automatic notifications for task assignment, comments, approval requests, gate reviews, and invitations. Per-user notification preferences.
- File attachments — Upload, download, and manage files on tasks and projects via Supabase storage
- Feedback system — User feedback with status tracking (New / Reviewed / Implemented / Declined) and GitHub issue sync
Organisation & Access Control
- Multi-tenancy — Each organisation's data is fully isolated. Users can belong to multiple organisations.
- Role-based permissions — Granular, feature-based access control via platform PermissionResolver. Custom roles per organisation. Every API endpoint enforces permissions.
- Project collaborators — Invite external users (customers, partners) with scoped project-level access
- Invitation system — Email-based invitations with secure tokens for organisation and project onboarding
Compliance & Audit
- Entity audit trail — Prisma extension intercepts all write operations (currently logging to console; platform integration pending)
- Authentication audit — Stub in place (platform audit service integration pending)
- MFA support — UI and enrolment flow for two-factor authentication via authenticator app (TOTP). (Note: login-time MFA challenge works via Supabase; profile page enrolment verification is incomplete.)
Reporting & Integration
- Reports dashboard — Programme metrics, project progress, bottleneck analysis, and task completion rates
- Data export — Export project data to JSON. (Note: CSV export available only in reports UI, not via project export API.)
- Data import — Import project data from JSON backup files with full validation and dependency re-linking. (Note: CSV import not implemented.)
- API documentation — Interactive API explorer with auto-generated documentation (65+ endpoints)
- Global search — Cross-entity search across tasks, projects, and people
UI & UX
- Loading states — Skeleton screens and loading indicators across all views
- Error boundaries — Graceful error handling with recovery options
- Responsive layout — Mobile-friendly design across all views
- Dark mode — Full dark mode support with system preference detection
- Settings pages — Project settings (stages, gates, fields, statuses, danger zone) and user preferences
3. Platform Integration Status
The Project Tracker was migrated into the Constellation monorepo and partially integrated with platform shared packages. This section tracks the status of each integration point.
Integration Scorecard
| Platform Package | Status | Notes |
|---|---|---|
@constellation-platform/ui | Done | 382 imports across 118 files. All UI primitives from shared library. |
@constellation-platform/errors | Done | Platform AppError hierarchy used throughout all route handlers. |
@constellation-platform/events | Done | 7 domain event schemas. Outbox publish() in all tool transactions. |
@constellation-platform/auth-core | Partial | Platform JWT validation and PermissionResolver wired up. |
@constellation-platform/auth-next | Partial | JWT header encoding/decoding in middleware. Dual-mode fallback remains. |
@constellation-platform/db | Architectural split | Type imports only. Local Prisma extensions for queries; platform for events/outbox. Valid design. |
@constellation-platform/audit | Not started | Package is a dependency but zero imports. 3 TODO stubs in code. |
@constellation-platform/jobs | Not started | Not in package.json. Local NotificationQueue model still active. |
@constellation-platform/testing | Not started | Zero imports. Tests use local Vitest + RTL fixtures only. |
@constellation-platform/storage | Done | Supabase storage abstraction in use for file attachments. |
Auth Migration Progress (Step 2 of 3)
The auth system is in a dual-mode hybrid state:
- What works: Middleware synthesises platform JWT from Supabase session and encodes
x-constellation-auth-*headers.getCurrentUser()reads platform headers first. - What remains: Legacy
x-supabase-*headers still emitted. Supabase and Mock auth providers still present as fallbacks.auth-bridge.tsmaps PlatformJWT to localAuthenticatedUsertype. Identity repository uses raw SQL. - Blocker: Must verify all users resolve from identity schema without fallback before removing legacy paths.
Identity Delegation Progress
- Reads work:
IdentityRoleRepo.findByTenant()andIdentityMembershipRepo.findByOrg()integrated - Writes stubbed: Role POST/PATCH/DELETE and Member POST/DELETE return 501 ("must be done through the identity service")
- Invitations: Mostly complete but missing identity enrichment (name/email lookups) — 3 TODOs
- Blocked on: Directory module exposing stable write APIs or event contracts
4. Implementation Roadmap
Phases are sequenced by priority, dependency, and value. Each phase has concrete milestones and acceptance criteria.
Phase 1: Platform Integration Completion
Priority: Immediate Why: Eliminates technical debt from the monorepo migration. Unblocks reliable audit trails, background processing, and test infrastructure. Prerequisite for defence-grade compliance.
1A. Audit Service Integration
Replace console stubs with platform audit persistence. The Directory app serves as the reference implementation.
| Task | Files Affected | Risk |
|---|---|---|
Create src/server/tools/audit.tools.ts with queryAuditTrail() wrapper | 1 new | Low |
Integrate auditCritical() into security-sensitive tools (task assignment, permission changes, gate reviews) | ~6 | Low |
Update /api/audit route to delegate to audit tool instead of returning empty array | 1 | Low |
Replace entity-audit console logging with buildAuditDiff() + platform audit writes | 2 | Low |
Remove 3 TODO: migrate to platform audit service markers | 3 | Low |
Milestone: /api/audit returns real audit entries; all mutations create persistent audit trail records.
1B. Jobs Integration (Notification Reliability)
Replace the local NotificationQueue Prisma model with the platform job queue for durable, retryable background processing.
| Task | Files Affected | Risk |
|---|---|---|
Add @constellation-platform/jobs to package.json | 1 | Low |
Replace enqueueNotification() with PostgresJobQueue.enqueue() | 2 | Medium |
Create notification job handler (replaces /api/notifications/process) | 1 new + 1 remove | Medium |
Deprecate NotificationQueue Prisma model (migration to drop table) | 2 | Medium |
| Keep email templates and preference logic as-is | 0 | — |
Milestone: Notifications processed via platform job queue with automatic retry/backoff. Manual cron endpoint removed.
1C. Auth Step 3 — Remove Legacy Paths
Complete the auth migration by removing dual-mode fallbacks.
| Task | Files Affected | Risk |
|---|---|---|
| Verify all users resolve from identity schema (data audit) | 0 (investigation) | — |
Remove Supabase/Mock auth provider fallback from getCurrentUser() | 3 | High |
Remove auth-bridge.ts — use platform types directly | 1 + ~10 consumers | High |
Remove legacy x-supabase-* header emission from middleware | 1 | High |
Remove src/lib/supabase/ server/middleware/client files | 3 | High |
Replace IdentityUserRepo raw SQL with platform tenant client | 2 | Medium |
Update route handlers to use platform getCurrentUser() directly | ~30 | High |
Milestone: Single auth path. No Supabase/Mock provider code. All auth flows through platform JWT.
1D. Testing Infrastructure
Adopt platform test utilities for shared fixtures and contract testing.
| Task | Files Affected | Risk |
|---|---|---|
Replace local mock factories with createTestTenant() / createTestUser() | ~20 test files | Low |
Replace local JWT builders with buildAuthToken() | ~10 test files | Low |
Add contract tests for event schemas using defineContract() | 1-2 new | Low |
Use mockPublish() / mockAuditAction() in integration tests | ~15 test files | Low |
Milestone: All test files use platform fixtures. Event contract tests in CI.
1E. Identity Write Delegation
Unblock the 501-stubbed endpoints once Directory module APIs are stable.
| Task | Files Affected | Risk |
|---|---|---|
| Route role CRUD through Directory event contracts | 3 | Medium |
| Route member CRUD through Directory membership service | 2 | Medium |
| Add identity enrichment to invitation list responses | 3 | Low |
Define missing contracts in packages/contracts/ | 1-2 | Low |
Milestone: All organisation management endpoints return real data. No 501 responses.
Dependency map:
1A (Audit) ─────────────┐
1B (Jobs) ──────────────┤── Can run in parallel
1D (Testing) ───────────┘
│
1C (Auth Step 3) ───────── Benefits from testing infra
│
1E (Identity Writes) ──── Requires Directory module stability
Phase 2: Issue & Risk Management
Priority: High Why: Manufacturing programmes require formal tracking of risks and issues with severity assessment and mitigation planning. The existing Feedback module provides a natural bridge — user-reported feedback can be escalated into tracked issues. Issue management shares task-like patterns (CRUD, assignment, status lifecycle, comments) making it efficient to build on existing infrastructure.
2A. Issue Management
Issues represent problems that have occurred and need resolution. Architecturally similar to tasks — same patterns for CRUD, assignment, status lifecycle, and comments.
| Feature | Description |
|---|---|
| Issue model | New Prisma model: id, organisationId, title, description, severity (CRITICAL / HIGH / MEDIUM / LOW), status (OPEN / INVESTIGATING / RESOLVED / CLOSED), reportedById, assigneeId, projectId, programmeId, taskId (optional link), resolution, resolvedAt |
| Issue CRUD | Full create/read/update/delete with tenant scoping and permission enforcement |
| Issue lifecycle | Status transitions: Open -> Investigating -> Resolved -> Closed (with reopen) |
| Severity classification | 4-level severity with visual indicators and sorting |
| Entity linkage | Associate issues with programmes, projects, or specific tasks |
| Issue comments | Reuse existing Comment model with polymorphic issueId field |
| Issue assignment | Assign owner + investigator with notification |
| Escalation workflow | Escalate to designated recipients with automatic notifications and audit trail |
| Gate integration | Gate criterion type: "no critical/high issues open" blocks stage progression |
| Feedback bridge | One-click escalation from Feedback item to tracked Issue (carries over title, description, reporter) |
| Issue events | projects.issue.created, projects.issue.resolved, projects.issue.escalated |
| Issue dashboard | List view with severity/status filtering, assignment view, and trend charts |
Milestone: Users can create, assign, and resolve issues. Feedback items can be escalated to issues. Gate criteria can block on open issues.
2B. Risk Register
Risks represent potential future problems that need monitoring and mitigation.
| Feature | Description |
|---|---|
| Risk model | New Prisma model: id, organisationId, title, description, likelihood (1-5), impact (1-5), riskScore (computed), status (OPEN / MITIGATING / CLOSED / ACCEPTED), ownerId, mitigationPlan, projectId, programmeId |
| Risk CRUD | Full lifecycle management with tenant scoping |
| Risk matrix | Visual 5x5 heatmap showing risk distribution by likelihood x impact |
| Mitigation tracking | Document mitigation strategies with assigned owners and due dates |
| Entity linkage | Associate risks with programmes, projects, or tasks |
| Gate integration | Gate criterion type: "specific risks closed/accepted" before stage progression |
| Risk events | projects.risk.created, projects.risk.mitigated, projects.risk.escalated |
Milestone: Risks tracked with visual heatmap. Gate criteria can require risk closure.
2C. Support Tickets & Quality Management
Priority: High Why: Absorbs the Helpdesk & Quality Management module (Constellation Spec Section 4.6) into the project-tracker. The Issue model already handles project-scoped defects — extending it to support standalone customer tickets, SLA tracking, and quality workflows avoids building a separate module with duplicate infrastructure.
| Feature | Description |
|---|---|
| Type discriminator | Add type field (PROJECT_ISSUE / SUPPORT_TICKET / BUG_REPORT) to Issue model with default PROJECT_ISSUE for backward compatibility |
| Optional project link | Make projectId nullable — standalone support tickets and bug reports don't require a parent project |
| Ticket categories | Configurable categories per tenant: QUALITY_ISSUE, TECHNICAL_SUPPORT, COMPLAINT, CHANGE_REQUEST, NON_CONFORMANCE, DOCUMENTATION_REQUEST |
| SLA tracking | sla_response_due_at, sla_resolution_due_at, sla_responded_at, sla_response_breached, sla_resolution_breached fields. Per-tenant SLA definitions (response/resolution targets per severity) |
| Contact info | contact_name, contact_email, contact_organisation_id for customer-submitted tickets |
| Source tracking | source field (INTERNAL, CUSTOMER_PORTAL, EMAIL, API, FEEDBACK_PROMOTION) to track ticket origin |
| Routing rules | Auto-assignment engine based on category, priority, and organisation. Configurable per tenant |
| Root cause analysis | root_cause and corrective_action fields populated during resolution for quality tracking |
| Ticket events | New event types: projects.ticket.created, projects.ticket.sla_breached, projects.ticket.categorised, projects.ticket.routed (append-only, alongside existing projects.issue.* events) |
| SLA definitions model | New SlaDefinition Prisma model: per-tenant configuration of response/resolution targets per severity level |
| Ticket dashboard | Standalone view for support tickets with SLA status indicators, breach warnings, category distribution, and resolution metrics |
| Customer intake API | Public-facing endpoint for customer-submitted tickets (validates contact info, auto-categorises, applies SLA) |
| Supplier quality scoring | Aggregate quality metrics per supplier organisation: average resolution time, resolution rate by severity, open issue count, SLA compliance percentage. Computed from issue/ticket resolution data |
| Quality dashboard | Per-supplier quality scorecard visible in Directory organisation detail. Trend charts for resolution metrics over time |
Milestone: Standalone support tickets can be created without a parent project. SLA tracking with breach detection operational. Routing rules auto-assign tickets. Quality fields captured on resolution.
Dependency: Phase 2A (Issue Management backend) must be complete — Phase 2C extends the existing Issue model.
Phase 2D: UI Gap Remediation
Priority: High Why: Several features have complete backend implementations (API routes, services, tools, events) but no corresponding UI pages. Users cannot access these features without UI. This phase closes those gaps before building new features on top.
Backend-Only Features (No UI)
| Feature | Backend Status | UI Gap | Priority |
|---|---|---|---|
| Issues | Full CRUD API + lifecycle + events + assignment + escalation | No list page, no detail page | High |
| Deliverables | Full API + submission/review workflow | No pages, no components | High |
| Risks | Prisma model only — no service, no API routes | No UI at all (blocked on backend completion) | Medium |
Partial UI Gaps
| Feature | Backend Status | UI Gap |
|---|---|---|
| CSV Export | Streaming API endpoint | No download button in project list/detail views |
| Audit Log | API + AuditTrail.tsx component | Component exists but no standalone /audit page |
Implementation Tasks
| Task | Description | Est |
|---|---|---|
| Issue list page | Sortable table with severity/status filtering, bulk actions, project/standalone grouping | M |
| Issue detail page | Full issue view with comments, assignment, escalation, resolution workflow, linked project | L |
| Deliverable list + detail pages | Submission form, review workflow UI (accept/reject with notes), file attachments, gate integration display | L |
| Risk backend completion | Create risk.service.ts, risk.tools.ts, /api/risks routes (Prisma model exists) | M |
| Risk list page + risk matrix | 5×5 heatmap by likelihood × impact, risk detail page with mitigation tracking | L |
| CSV export download button | Add download trigger in project list and detail views (API already exists) | S |
| Standalone audit page | /audit route with date range filtering, actor/resource filters, export capability | S |
Milestone: All backend features have corresponding UI. No invisible functionality remains.
Note: This phase was added after an audit revealed that AI agents consistently built backend layers but stopped short of UI implementation when tasks were specified as combined backend+frontend work. Future phases explicitly separate backend and UI tasks to prevent recurrence.
Phase 2E: Project Templates
Priority: High Why: The project-tracker needs to support multiple industry verticals (manufacturing, service delivery, software development, procurement) through configurable project templates. Currently every project starts with 4 fixed statuses and no pre-configured stages — everything is manual. Templates enable rapid project setup with industry-appropriate stage pipelines, gate criteria, custom fields, and status workflows.
Spec: .ai/specs/SPEC-project-templates.md
| Feature | Description |
|---|---|
| ProjectTemplate model | New Prisma model with name, description, category (MANUFACTURING / SERVICE / SOFTWARE / PROCUREMENT / GENERAL), tenant scoping (null = platform-wide), versioning |
| Template statuses | ProjectTemplateStatus model defining default task statuses per template (name, label, color, sort order, isDefault, isCompleted) |
| Template fields | ProjectTemplateField model defining default custom fields per template (name, label, type, options, isRequired) |
| Template stages | ProjectTemplateStage model defining default stage pipeline with optional gate definitions (gate type, gate name, criteria JSON) |
| Template application | When creating a project with templateId, automatically generate statuses, fields, stages, and gates from the template |
| Platform defaults | Seed 5 built-in templates: Manufacturing, Service Delivery, Software Development, Procurement, General |
| Template CRUD API | GET/POST/PATCH/DELETE /api/project-templates + POST /api/project-templates/:id/clone |
| Template UI | Template selector in project creation dialog, template preview, template management in Settings |
| Project category | Add category field to Project model (denormalized from template for filtering/reporting) |
| Backward compatibility | Existing projects unaffected (templateId = null, category = GENERAL) |
Milestone: Projects can be created from templates. Platform ships with 5 built-in templates. Tenants can create custom templates.
Dependency: None — can be built in parallel with other Phase 2 work.
Phase 2F: Workflow Rules Engine
Priority: High Why: The System Overview promises configurable workflow automation as a non-AI alternative. Currently no mechanism exists for triggering actions based on status changes, SLA thresholds, gate criteria completion, or scheduled events. This is the foundation for enterprise workflow automation that doesn't require AI adoption.
| Feature | Description |
|---|---|
| WorkflowRule model | New Prisma model: tenant-scoped rules with trigger type, conditions, and action definitions. Stored as structured JSON for flexibility |
| Trigger types | STATUS_CHANGED (task/issue status transitions), SLA_THRESHOLD (response/resolution deadline approaching or breached), GATE_COMPLETED (all criteria met), SCHEDULE (recurring time-based), FIELD_CHANGED (custom field value update) |
| Action types | NOTIFY (email/in-app notification to specified users/roles), TRANSITION (auto-change status of task/issue), CREATE_TASK (generate follow-up task from template), ASSIGN (auto-assign to user/role based on rules), ESCALATE (bump severity/priority), WEBHOOK (HTTP callback to external system) |
| Rule builder API | CRUD endpoints for workflow rules: GET/POST/PATCH/DELETE /api/workflow-rules |
| Rule evaluation engine | Background service that evaluates rules on domain events (leverages existing @constellation-platform/events outbox). Rules are evaluated per-tenant with RLS isolation |
| Rule execution audit | All rule-triggered actions logged to audit trail with rule ID as the actor (distinguishes automated vs human actions) |
| Rule builder UI | Visual rule configuration: "When [trigger] and [conditions] then [action]" interface in project Settings |
Milestone: Tenants can create rules that auto-notify on SLA breach, auto-transition issues on gate completion, and trigger webhooks on status changes. No AI required.
Dependency: Phase 2C (SLA tracking) should be complete for SLA-based triggers. Phase 2E (Templates) is independent.
Phase 3: Milestones & Deliverables
Priority: High Why: Formal milestone tracking with payment gate triggers and structured deliverable review workflows are essential for contract management in manufacturing programmes.
3A. Milestones
| Feature | Description |
|---|---|
| Milestone model | id, organisationId, name, dueDate, status (PENDING / COMPLETED / OVERDUE / WAIVED), isPaymentGate, paymentAmount, paymentCurrency, projectId, stageId |
| Milestone tracking | Create milestones with due dates, link to project stages |
| Automatic status | PENDING -> COMPLETED (when conditions met) or OVERDUE (past due) |
| Payment gates | Mark milestones as payment triggers with amount and currency |
| Payment notifications | Automatic notification when a payment-gate milestone is completed |
| Milestone timeline | Visual timeline showing milestones with payment gates highlighted |
| Overdue detection | Automatic alerts when milestones pass their due date |
3B. Deliverables
| Feature | Description |
|---|---|
| Deliverable model | id, organisationId, name, type (DOCUMENT / ARTEFACT / REPORT / CERTIFICATE), status (DRAFT / SUBMITTED / UNDER_REVIEW / ACCEPTED / REJECTED), taskId, milestoneId, projectId |
| Submission workflow | Manufacturer submits deliverable with attached files |
| Review workflow | Customer reviews and accepts or rejects deliverables with notes |
| Review audit trail | Full record of reviewer, decision, timestamp, and notes |
| Gate integration | Gate criterion: "specific deliverables accepted" before stage progression |
Milestone: Milestones with payment gates visible on timeline. Deliverable submission and review workflow operational.
Phase 4: Customer & Subcontractor Portals
Priority: Medium Why: Customers and subcontractors currently see the same interface as internal manufacturers. Tailored views improve security and usability for external users. Customer collaboration infrastructure is already built (Phase 4 Access Control spec completed).
4A. Customer Portal
A streamlined view for contracting agencies focused on oversight, approvals, and gate reviews.
| Feature | Description |
|---|---|
| Dashboard — My Projects | Overview showing only projects where the customer is a participant, with progress |
| Pending approvals | Dedicated widget showing all tasks awaiting the customer's approval |
| Gate review participation | Customers can review and decide on quality gates (pass, fail, waive, hold) |
| Read-only project view | Full visibility into tasks, stages, progress — without create/edit/delete controls |
| Comment access | Post and read comments on tasks for communication with manufacturing team |
| File downloads | View and download all attached files and deliverables |
| Issue visibility | View issues linked to their projects (read-only) |
| Service request intake | Customer-facing forms for submitting service requests with category selection, priority, description, and file attachments. Auto-creates issue/ticket with SLA binding based on category |
| Intake routing rules | Configurable routing: submitted requests auto-assigned to teams/users based on category, organisation, and priority. Integrates with Phase 2F workflow rules |
4B. Subcontractor Portal
A task-focused view for external manufacturing partners assigned specific work items.
| Feature | Description |
|---|---|
| Dashboard — My Tasks | Task-centric view showing only tasks assigned to the subcontractor |
| Progress reporting | Update task status and progress on assigned tasks |
| File uploads | Upload deliverable files to assigned tasks |
| Comment access | Post and read comments on assigned tasks |
| Time logging | Log work hours against assigned tasks |
Milestone: Customer users see a tailored read-mostly portal. Subcontractors see only their assigned work.
Phase 5: PT Coordinator Agent + Knowledge Layer
Priority: Medium-High Why: PT becomes the shared brain — a Coordinator agent (planner, triage, Q&A), a per-project knowledge + memory store, a pgvector-backed semantic index, a relationship graph, and bidirectional MCP context flow so implementation agents running in Claude Code / Codex push context back. PMs interact through a chat-first Coordinator Console.
Full spec: .ai/specs/SPEC-pt-coordinator-agent.md (revised 2026-04-23, supersedes the original 5A/5B/5C below).
Scope change vs. original Phase 5. The original plan assumed PT would host implementation agents that produce code. That has been deferred to Phase 6 because running implementation loops at Anthropic API rates costs ~5–10× the per-token price a developer pays via a Claude Code / Max subscription, and because developers already have local Claude Code / Codex with files, shell, and git context. Phase 5 now scopes PT to the coordination and knowledge role; implementation execution stays in the IDE.
The rest of this section describes the original 5A/5B/5C decomposition. It is preserved for history and partial reuse (the
@constellation-platform/ai-embeddingspackage and the AI audit trail are still in scope — just smaller and PT-first rather than platform-wide on day one). Authoritative scope is the spec file above.
5A. AI Shared Infrastructure (Platform Package Level)
These capabilities are built as shared platform packages, usable by both Constellation and Astro products.
| Package / Capability | Description |
|---|---|
@constellation-platform/ai-core | Provider abstraction for LLM access (Claude API, OpenAI, local models). Shared prompt templates, token budget management, response parsing. |
@constellation-platform/ai-embeddings | Vector embedding generation and similarity search using pgvector. Shared chunking strategies and embedding model abstraction. |
@constellation-platform/ai-rag | Retrieval-augmented generation pipeline. Document ingestion, chunk storage, context assembly, citation tracking. |
| Tenant-scoped AI context | All AI operations respect tenant isolation. Embeddings stored per-tenant with RLS enforcement. |
| AI audit trail | All AI interactions logged via platform audit (prompt, response, model, tokens, latency). |
| Cost controls | Per-tenant token budgets, rate limiting, model tier selection based on subscription level. |
5B. Project Tracker AI Features
AI capabilities specific to the project management domain.
| Feature | Description |
|---|---|
| Smart task generation | Given a project description or stage requirements, AI suggests task breakdown with estimates, dependencies, and assignments based on team capabilities. |
| Risk prediction | Analyse project history, task velocity, and dependency chains to predict schedule risks and suggest mitigations. |
| Issue triage | Auto-classify issue severity based on description, affected components, and historical patterns. Suggest assignment based on expertise. |
| Gate readiness assessment | AI reviews all gate criteria, linked risks/issues, and deliverable status to recommend whether a gate review should proceed. |
| Progress summarisation | Generate natural-language programme/project status reports from structured data (tasks, gates, milestones, risks). |
| Smart search | Semantic search across tasks, comments, issues, and deliverables using embeddings. Find related items even with different terminology. |
| Deliverable review assistance | AI pre-reviews submitted deliverables against acceptance criteria and flags potential gaps before human review. |
| Meeting preparation | Generate agenda and briefing notes for gate reviews, programme status meetings, and risk review sessions. |
Milestone: At least 3 AI features operational (task generation, risk prediction, progress summarisation). AI audit trail active.
5C. AI-Assisted Development Workflows
Use the Project Tracker itself as the planning and coordination tool for AI-agent-driven development of the Constellation platform.
| Capability | Description |
|---|---|
| Spec-to-task decomposition | AI reads .ai/specs/ documents and generates task hierarchies in the Project Tracker with acceptance criteria, dependencies, and effort estimates. |
| Agent task assignment | Tasks tagged with agent:platform, agent:directory, agent:project-tracker etc. AI agents pick up tasks scoped to their module. |
| Implementation tracking | Agent progress tracked as task status updates. PR links attached to tasks. Automated status transitions on PR merge. |
| Cross-module dependency mapping | AI identifies cross-module dependencies from spec analysis and creates blocking relationships between tasks in different projects. |
| Quality gate automation | Gate criteria auto-evaluated: CI passes, test coverage threshold, no high SonarCloud findings, Copilot review clean. |
| Sprint planning assistance | AI suggests task grouping into sprints based on dependencies, effort estimates, and agent availability. |
| Retrospective generation | Auto-generate sprint retrospective from completed tasks, velocity data, and issue resolution patterns. |
Milestone: Development specs automatically decomposed into tracked tasks. At least one module developed with full AI-agent task tracking through the Project Tracker.
Phase 6: Resource Management
Priority: Medium Why: Visibility into team workload across projects prevents overcommitment and enables better planning. Builds on the existing time tracking foundation.
| Feature | Description |
|---|---|
| Resource assignment | Assign users to tasks with specific roles (assignee, reviewer, support) |
| Hours tracking | Extend existing time entries with allocated vs actual hours per assignment |
| Utilisation view | Dedicated view showing workload across projects per team member per week |
| Overallocation alerts | Visual warnings when team members are committed beyond capacity |
| Capacity planning | Set weekly capacity per user; compare against assigned task load |
Milestone: Utilisation dashboard shows team workload across all projects. Overallocation warnings active.
Phase 7: Configurable Dashboards
Priority: Low Why: Different roles need different information at a glance. Configurable dashboards let each user build their ideal overview.
| Feature | Description |
|---|---|
| Customisable layouts | Drag-and-drop widget arrangement per user |
| Pre-configured dashboards | Default layouts for common roles (manufacturer, customer, programme manager) |
| Widget library | Programme overview, milestone tracker, risk heatmap, open issues, task load, gate status, progress trends, deliverable status |
| AI insight widgets | AI-generated trend analysis, risk predictions, and action recommendations |
Milestone: Users can customise their dashboard. At least 8 widgets available.
Phase 8: Cross-Module Integration
Priority: Low (depends on other Constellation modules reaching maturity) Why: Enables the Project Tracker to communicate with other Constellation modules for end-to-end workflow automation.
| Event | What Happens |
|---|---|
| Gate passed | Stakeholders notified via Communication module |
| Issue escalated | Alert sent to escalation targets across modules |
| Milestone completed | Payment notification sent to finance/ERP via Procurement module |
| Deliverable submitted | Document registered in Documentation module |
| Task ready for QA | Customer notified for approval |
| Critical risk raised | Programme office alerted |
| Quality issue detected | Internal issue/ticket created within Project Coordination |
| External webhooks | Webhook subscription system: tenants register HTTP endpoints for specific event types. Includes signed payloads (HMAC), exponential retry/backoff, delivery status tracking, and subscription management UI |
Milestone: At least 3 cross-module event flows operational end-to-end.
Phase 9: Production Hardening (Ongoing)
Priority: Continuous, alongside feature development Why: Ensures the platform meets enterprise security and reliability standards required for defence sector operations.
| Feature | Description |
|---|---|
| Security audit | OWASP Top 10 review, input sanitisation verification, dependency vulnerability scanning |
| End-to-end testing | Automated Playwright tests for critical workflows (login through gate completion) |
| Monitoring & alerting | Sentry error tracking, uptime monitoring, and performance dashboards |
| Rate limiting | API protection against abuse |
| Real-time collaboration | Live updates when multiple users work on the same project simultaneously (WebSocket/SSE) |
| Database optimisation | Query performance analysis, index tuning, connection pooling review |
5. Summary — Delivered vs Planned
| Area | Delivered | Planned |
|---|---|---|
| Programme management | Full hierarchy, progress tracking, delegation | - |
| Project management | CRUD, settings, task numbering, collaborators, 3 views | - |
| Stage-gate engine | Stages, manual + automatic gates, 4 criterion types, audit trail | Risk/issue gate criteria, deliverable/milestone gate criteria |
| Task management | CRUD, assignment, subtasks, dependencies, inline editing, filtering | - |
| Custom fields & statuses | 5 field types, per-project statuses with colours | - |
| Approval workflow | Request, approve/reject, notifications, status badges | - |
| Collaboration | Comments (create/read), email notifications, notification preferences | Comment edit/delete, real-time live updates |
| File management | Upload, download, list, delete | - |
| Multi-tenancy | Organisation isolation, member management, invitations | Full database-level RLS enforcement (in progress) |
| Access control | Feature-based RBAC, custom roles, permission enforcement | Customer portal, subcontractor portal |
| Time tracking | Time entries, calendar view, per-task aggregation | Utilisation view, capacity planning |
| Feedback | Feedback CRUD, GitHub sync, status tracking | Feedback-to-Issue escalation bridge |
| Audit trail | Platform audit integration (API + component) | Standalone audit page (component exists, needs route) |
| Reporting | Reports dashboard, bottleneck analysis, progress visualisation | Configurable dashboards, AI insight widgets |
| Data import/export | JSON import/export, CSV export API | CSV download button in project views, CSV import API |
| API | 65+ endpoints, OpenAPI docs, interactive explorer | Cross-module event integration |
| Platform integration | UI, errors, events, permissions, auth, storage, audit, jobs, testing | Identity writes (done via Directory APIs) |
| Risk management | Prisma model only | Service layer, API routes, risk list page, risk matrix UI |
| Issue management | Full CRUD API + lifecycle + events | Issue list/detail UI, support ticket management, SLA tracking, quality workflows |
| Workflow automation | - | Rule triggers, actions, evaluation engine, builder UI |
| Milestones & deliverables | Deliverable API + submission/review workflow | Deliverable UI pages, milestone tracking, payment gates |
| Project templates | - | Template model, platform defaults, template UI, multi-vertical support |
| Resource management | - | Assignment tracking, utilisation, overallocation alerts |
| AI capabilities | - | Task generation, risk prediction, smart search, agent workflows |
6. Phase Status Overview
| Phase | Scope | Status |
|---|---|---|
| Foundation | Authentication, custom fields/statuses, task management, testing | Delivered |
| Programme & Stage-Gate | Programme hierarchy, stage-gate engine, progress chain | Delivered |
| Collaboration & UX | Email notifications, inline editing, filtering, search, comments | Delivered |
| Multi-Tenancy & Access Control | Organisations, RBAC, invitations, file attachments | Delivered |
| Polish & UX | Loading states, error boundaries, skeleton loaders, settings | Delivered |
| Customer Collaboration | Collaborator model, invitation flow, scoped access | Delivered |
| 1 — Platform Integration Completion | Audit, jobs, auth step 3, testing, identity writes | In Progress |
| 2 — Issue & Risk Management | Issue tracking, risk register, feedback bridge, gate integration | Next |
| 2C — Support Tickets & Quality | Standalone tickets, SLA tracking, routing, quality fields | Planned |
| 2D — UI Gap Remediation | Issue UI, deliverable UI, risk UI, audit page, CSV download | Planned |
| 2E — Project Templates | Template model, platform defaults, template UI, multi-vertical support | Planned |
| 2F — Workflow Rules Engine | Rule triggers, actions, evaluation engine, builder UI | Planned |
| 3 — Milestones & Deliverables | Milestone tracking, payment gates, deliverable review | Planned |
| 4 — Customer & Subcontractor Portals | Read-only customer view, task-scoped subcontractor view | Planned |
| 5 — AI-First Capabilities | AI infrastructure, domain AI features, agent dev workflows | Planned |
| 6 — Resource Management | Assignment tracking, hours, utilisation view | Planned |
| 7 — Configurable Dashboards | Widget library, customisable layouts, AI widgets | Planned |
| 8 — Cross-Module Integration | Event-driven communication with other Constellation modules | Planned |
| 9 — Production Hardening | Security audit, E2E tests, monitoring, real-time updates | Ongoing |
7. Prisma Schema — Current Models (20)
| Model | Schema | Purpose |
|---|---|---|
| Programme | projects | Hierarchy container for related projects |
| ProgrammeDelegate | projects | User membership in a programme (VIEWER/EDITOR/MANAGER) |
| Project | projects | Manufacturing project with tasks, stages, gates |
| ProjectCollaborator | projects | User membership in a project with role |
| ProjectStatus | projects | Custom task status column (replaces enum) |
| ProjectField | projects | Custom field definition (TEXT, NUMBER, SELECT, etc.) |
| Stage | projects | Phase within project sequence |
| Gate | projects | Progression control (MANUAL or AUTOMATIC) |
| GateCriterion | projects | Requirement for gate progression |
| GateReview | projects | Gate decision record (PASS/FAIL/WAIVE/HOLD) |
| Task | projects | Work item with progress, dependencies, approvals |
| TaskDependency | projects | Prerequisite relationship between tasks |
| TaskFieldValue | projects | Custom field value on a task |
| TaskApproval | projects | Customer approval workflow record |
| Comment | projects | Discussion on task or project |
| FileAttachment | projects | Document/artifact upload record |
| Invitation | projects | User access grant token |
| NotificationQueue | projects | Email notification delivery pipeline |
| Feedback | projects | User feedback / feature requests |
| TimeEntry | projects | Work hours logging per task |
8. API Inventory (65+ endpoints)
By Domain
| Domain | Endpoints | Key Operations |
|---|---|---|
| Auth | 6 | Login, logout, me, register, permissions, audit |
| Programmes | 4 | CRUD + delegates |
| Projects | 18 | CRUD, export, import, collaborators, fields, files, statuses |
| Stages & Gates | 15 | CRUD stages, gate config, gate review, criteria management |
| Tasks | 10 | CRUD, approval, dependencies, comments, reorder, task numbers |
| Time Tracking | 5 | CRUD, by-task, calendar, task list |
| Feedback | 6 | CRUD, list, GitHub sync |
| Notifications | 2 | Preferences, process queue |
| Users & Orgs | 8 | User list, user tasks, people, org CRUD, members, roles, invites |
| Invitations | 3 | List, view/cancel, accept |
| Reports & Search | 4 | Global search, project/programme reports, bottlenecks |
| System | 4 | Cron dispatcher, API docs, OpenAPI schema, GitHub webhook |
This document reflects the implementation plan as of 30 March 2026. Feature scope and sequencing are subject to adjustment during phase planning sessions.