# PROJECT_STATE.md

## Project
OTB Cloud

## Current version
v0.1.1

## Build date
2026-04-12

## Host
vault3

## App path
/opt/otb_cloud

## Purpose
Portal-authenticated secure backup and storage platform for customer files, including images, videos, documents, and other uploaded data.

## Core requirements locked in
- Shared OTB branding, nav, footer, favicon
- Portal login / auth handoff through OTB Billing
- No unauthenticated file/account access
- MariaDB backend
- Vault3 storage root at `/tank/backups/otb-cloud`
- Tenant-isolated storage
- Device-defined source directories
- Immutable originals
- Derived-file processing workflow
- Search by filename and date
- Bulk zip export
- Audit logging
- Owner-approved admin support access using one-time token

## Device organization model
Per-tenant storage will be organized by named devices, for example:
- laptop
- phone
- tablet
- workpc
- homepc

Each device should have:
- originals/
- derived/
- exports/
- deleted/
- tmp/

## Current implemented scaffold
- Flask app factory
- Main blueprint
- Auth blueprint
- MariaDB connection helper
- Signed handoff placeholder route
- Auth-protected dashboard
- Local temporary portal base template
- SQL schema file
- DB bootstrap script
- Storage bootstrap scripts

## Immediate next tasks
1. Create MariaDB database and otb_cloud DB user
2. Run schema bootstrap script
3. Install Python requirements into venv
4. Start local Flask test run on 127.0.0.1:5090
5. Add real shared `portal_base.html` integration from OTB portal
6. Build file library and upload endpoints
7. Add OTB Billing service-card integration

## Notes
Original uploaded files should remain preserved and effectively read-only.
Any user-facing edits or processing outputs should create derivative files.
Admin access should require owner-issued one-time support authorization.
The current auth handoff is a placeholder scaffold using a shared secret and HMAC signature.