# PROJECT_STATE.md

## Project
OTB Cloud

## Current version
v0.1.4

## Build date
2026-04-12

## Host
vault3

## App path
/opt/otb_cloud

## Purpose
Portal-authenticated secure backup and storage platform for customer files, including images, videos, documents, and other uploaded data.

## Core requirements locked in
- Shared OTB branding, nav, footer, favicon
- Portal login / auth handoff through OTB Billing
- No unauthenticated file/account access
- MariaDB backend
- Vault3 storage root at `/tank/backups/otb-cloud`
- Tenant-isolated storage
- User-created devices
- Immutable originals
- Derived-file processing workflow
- Search by filename and date
- Bulk zip export
- Audit logging
- Owner-approved admin support access using one-time token

## Current implemented scaffold
- Flask app factory
- Main blueprint
- Auth blueprint
- MariaDB connection helper
- Signed handoff endpoint
- Auth-protected dashboard
- Branded OTB portal shell styling
- SQL schema file
- DB bootstrap script
- Storage bootstrap scripts
- Gunicorn systemd service on vault3
- Mintme reverse proxy in place
- OTB Billing signed handoff working
- Add Device flow
- Remove Device flow for empty devices

## Immediate next tasks
1. Build first file library page
2. Add upload endpoint and upload form
3. Add upload audit logging
4. Add zip export flow
5. Add searchable file listing
6. Add media processing jobs

## Notes
Original uploaded files should remain preserved and effectively read-only.
Any user-facing edits or processing outputs should create derivative files.
Admin access should require owner-issued one-time support authorization.
New tenants no longer receive default devices automatically; devices are now user-created.
Devices can only be removed when no files are associated with them.