# PROJECT_STATE.md

## Project
OTB Cloud

## Current version
v0.1.0

## Build date
2026-04-12

## Host
vault3

## App path
/opt/otb_cloud

## Purpose
Portal-authenticated secure backup and storage platform for customer files, including images, videos, documents, and other uploaded data.

## Core requirements locked in
- Shared OTB branding, nav, footer, favicon
- Portal login / auth handoff through OTB Billing
- No unauthenticated file/account access
- MariaDB backend
- Vault3 storage root at `/tank/backups/otb-cloud`
- Tenant-isolated storage
- Device-defined source directories
- Immutable originals
- Derived-file processing workflow
- Search by filename and date
- Bulk zip export
- Audit logging
- Owner-approved admin support access using one-time token

## Device organization model
Per-tenant storage will be organized by named devices, for example:
- laptop
- phone
- tablet
- workpc
- homepc

Each device should have:
- originals/
- derived/
- exports/
- deleted/
- tmp/

## Initial app modules planned
- auth
- main
- files
- jobs
- admin
- audit
- services
- models

## Immediate next tasks
1. Add Flask app factory and blueprint registration
2. Add MariaDB config and SQL bootstrap schema
3. Add shared portal template integration
4. Add storage bootstrap script for vault3
5. Add service card integration plan for OTB Billing portal

## Notes
Original uploaded files should remain preserved and effectively read-only.
Any user-facing edits or processing outputs should create derivative files.
Admin access should require owner-issued one-time support authorization.