# OTB Cloud

## v0.1.2 - 2026-04-12
- Cleaned up unauthenticated OTB Cloud pages
- Hid Dashboard/Logout navigation when not authenticated
- Updated portal-required messaging for production-style flow
- Updated handoff error page wording
- Updated test handoff helper to load `.env` automatically

## v0.1.1 - 2026-04-12
- Added app config module and MariaDB connection helper
- Added signed portal handoff placeholder routes
- Added authenticated dashboard route
- Added default tenant bootstrap logic
- Added local temporary `portal_base.html` so app renders now
- Added MariaDB bootstrap script
- Updated project docs for next implementation stage

## v0.1.0 - 2026-04-12
- Initial scaffold created on vault3 at /opt/otb_cloud
- MariaDB-backed architecture selected
- Modular Flask app structure created
- Device-based tenant storage model defined
- Shared OTB portal template architecture planned
- Core project documentation files added

---

## Summary
OTB Cloud is a private portal-authenticated backup and storage platform for Outsidethebox.top.

Primary goals:
- Secure backup and storage for documents, images, videos, and uploaded files
- Per-customer tenant isolation
- Device-based organization (laptop, phone, tablet, workpc, homepc, etc.)
- Immutable original uploads
- Derived file workflow for processing and edits
- Searchable file library
- Bulk upload and bulk export support
- Audit logging
- Owner-approved admin support access using one-time token workflow

## Planned host and path
- Host: vault3
- App path: `/opt/otb_cloud`
- Domain: `otb-cloud.outsidethebox.top`
- Storage root: `/tank/backups/otb-cloud`

## Planned backend stack
- Flask
- MariaDB
- Jinja templates with shared portal base
- Background job processing for media conversions
- FFmpeg for video/audio processing
- Nginx reverse proxy

## Security goals
- Portal-authenticated access only
- No unauthenticated file access
- Tenant-isolated storage and database access
- Audit logging for login attempts and file actions
- Encrypted storage at rest
- HTTPS/TLS in transit
- Immutable originals by default

## Device model
Each tenant may define logical upload devices such as:
- laptop
- phone
- tablet
- workpc
- homepc

Uploads are organized by source device to preserve context.

## Documentation policy
This repository uses:
- `README.md` for version/change log summary
- `PROJECT_STATE.md` for current status and working notes
- `VERSION` for current version