Readiness
:::info Source
Sourced from services/assignment-service/SERVICE_READINESS.md in the documentation repo.
:::
Companion: 01 Enterprise Architecture · SERVICE_OVERVIEW §6
1. Readiness Level Definitions
Ghasi-edTech uses a six-level readiness scale:
| Level | Meaning |
|---|---|
| L0 | Stubbed — folder exists, OpenAPI stub |
| L1 | Skeleton compiles — domain types, empty handlers, migrations draft |
| L2 | Internal alpha — core write paths work, no sagas |
| L3 | Slice complete — full saga + events + tests; usable by adjacent services in staging |
| L4 | GA-ready — SLOs met, runbooks complete, DR drill passed, security review signed off |
| L5 | Scale-proven — verified at target tenant volumes (100 tenants, 10M windows) |
2. Target Timeline
| Milestone | Target | Notes |
|---|---|---|
| M1 (Foundations) | — | Service not in scope |
| M2 (Identity + Auth) | L1 | Skeleton + domain types pinned |
| M3 (Assignment MVP = S4) | L3 | Full CRUD + windows + escalation + report |
| M4 (AI Suggested = S5) | L4 | AI + offline admin + DR signoff |
| M5 (Scale) | L5 | 100-tenant soak |
Freeze points F25 (RRULE), F26 (ComplianceWindow state machine) lock at start of M3 and are not editable without RFC.
3. L-Level Exit Criteria
3.1 L1 — Skeleton (end of M2)
- Repo scaffolded:
services/assignment-service/with standard 17 blueprint files - Domain types compile (
packages/domain/assignment/) - Drizzle migrations for
assignment,compliance_window,outbox,idempotency - HTTP handlers return 501 Not Implemented for all routes
- OpenAPI spec committed; drift check passes
- Event schemas registered (empty handlers)
- Healthz/readyz present
- CI green
3.2 L3 — Slice complete (end of M3)
Write path:
- Create / activate / pause / resume / archive
- Add/remove targets
- RRULE engine passes 200+ property tests
- Materializer runs on activation + hourly cron
- Overdue sweeper + closed-missed sweeper
- Escalation runner + reminder dispatcher
Read path:
-
GET /assignments,/{id},/{id}/windows,/users/{uid}/windows -
GET /compliance-reportJSON + CSV - Learner-scoped window view
Events:
- All 10 published events emit with full schema
- 5 consumed events handled idempotently
- Pact provider verification passes with enrollment-service, notification-service, analytics-service
Quality:
- Line coverage ≥ 80%, branch ≥ 75%
- E2E: create → activate → materialize → in_progress → completed
- E2E: create → activate → overdue → escalate → closed_missed
- Integration RLS test passes
- k6 smoke meets p95 targets
- Observability: dashboards populated, alerts wired
- Security: semgrep + dep scan clean; tenant-leak red-team passes
Ops:
- Runbooks:
dlq,outbox,materializer,sweeper,escalation-storm - Staging soak 48 h green
3.3 L4 — GA-ready (end of M4)
Adds to L3:
- AI
/suggestendpoint live; golden eval passes; cost cap enforced - Admin offline authoring via sync-service
- Dynamic-group rebind verified at 100k-member group delta
- GDPR erasure + export tested end-to-end
- DR drill: restore from backup in alternate region within RTO/RPO
- Security review signoff (checklist in §6)
- Performance report: all SLOs achieved with 20% headroom
- Multi-region active/passive failover verified
- Chaos tests (kill pod mid-materialize, NATS partition) pass
3.4 L5 — Scale-proven (M5+)
- 100-tenant soak: no SLO breach for 7 consecutive days
- 10M-window compliance report p95 ≤ 1.5 s
- Zero DLQ messages for 30 consecutive days in prod
4. Current Status
As of 2026-04-15: L1 (M2 exit prep).
| Area | Status |
|---|---|
| Scaffolding | in progress |
| Domain model | pending |
| Event schemas | pending |
| Migrations | pending |
| OpenAPI | pending |
5. Exit-Criteria Owner Matrix
| Area | Owner |
|---|---|
| Domain & handlers | Assignment team lead |
| Events & sagas | Platform events guild |
| Data model & RLS | Data platform |
| Observability | SRE |
| Security | Security guild |
| AI integration | AI platform team |
| Docs & runbooks | Tech writer + on-call lead |
6. Security Signoff Checklist (required for L4)
- OWASP Top 10 review
- Threat model (STRIDE) updated and signed
- RLS test coverage 100% of tenant-scoped tables
- JWT claim audit
- Secrets audit (no plaintext, rotation verified)
- Rate limiting verified (both legitimate and abuse cases)
- PII redaction verified in logs and traces
- GDPR subject request flows tested
- SBOM generated and archived
- Pen test against staging (external vendor)
7. GA Gate
GA (production launch) requires:
- All L4 exit criteria met.
- Product signoff (compliance-admin of product org).
- SRE signoff (on-call ready, runbooks reviewed, monitoring verified).
- Legal signoff (data residency, terms).
- Rollback tested and documented.
8. Post-GA Ongoing Readiness
- Weekly chaos drill rotation.
- Monthly DR partial test.
- Quarterly full DR.
- Semi-annual security re-review.
- Prompt-registry regression eval on every AI model change.
9. Deprecation Path (future-proof)
Any event schema v2 coexists with v1 for 12 months per platform policy. Any breaking API change: /api/v2 with 12-month overlap.
10. Readiness Reporting
A /readiness internal endpoint (tenant-admin only) returns the current L-level JSON and gap list:
{
"service": "assignment-service",
"currentLevel": "L3",
"targetLevel": "L4",
"gaps": [
"ai.suggest.endpoint: pending",
"offline.admin.authoring: pending",
"dr.drill.passed: pending",
"security.review.signed: pending"
]
}