Slice Epic Story Mapping
:::info Source
Sourced from docs/roadmap/slice-epic-story-mapping.md in the documentation repo.
:::
Execution-layer artifact. Companion to ROADMAP.md and 07 Epics & Stories.
This document maps every user story (US-1 … US-118) to the slice and milestone that delivers it. Each mapping includes cross-service dependencies, AI-first requirements, offline-first requirements, security + multi-tenant requirements, and testing + observability gates. Sprint-ready backlog tables follow each slice section.
0. Conventions
- Slice IDs map to milestones: S0→M0, S1→M1, S2+S3→M2, S4→M3, S5→M4, S6→M5.
- Story status per slice is one of:
impl(full implementation),stub(minimal, will mature later),back-compat(maintain unchanged),deferred(not in this slice). - Every story already has its full AC + DoD in doc 07; this doc adds slice-scoped scope and dependency detail.
1. Story-to-Slice Map (authoritative)
| Story | Title | Slice | Status in slice | Later matures in |
|---|---|---|---|---|
| US-1 | Provision org + invite users | S0 | impl | — |
| US-2 | Sign in via SAML/OIDC SSO | S4 | impl | — (enhancements in S6) |
| US-3 | Bind device for offline | S0 | impl | — |
| US-4 | Reset my password | S0 | impl | — |
| US-5 | Enroll WebAuthn | S4 | impl | — |
| US-6 | Define org units | S0 | impl | — |
| US-7 | Define custom role | S4 | impl | — |
| US-8 | Dynamic Group | S4 | impl | — |
| US-9 | Switch active tenant | S0 | impl | — |
| US-10 | SSO admin configuration | S4 | impl | — |
| US-11 | Bulk-import users via CSV | S4 | impl | — |
| US-12 | Create draft with modules/lessons | S2 | impl | — |
| US-13 | Add text/image/video/audio blocks | S2 | impl | S5 (offline edits) |
| US-14 | Add quiz + branching block | S2 (quiz) / S4 (branching) | impl/impl | — |
| US-15 | Live multi-author collaboration | S5 | impl | — |
| US-16 | Submit for review + approve | S2 | impl | — |
| US-17 | Publish a course | S2 | impl | — |
| US-18 | Localize a course manually | S5 | impl | — |
| US-19 | Export to SCORM 1.2 | S3 | impl | — |
| US-20 | Export to SCORM 2004 + xAPI | S4 | impl | — |
| US-21 | Export to HTML5 standalone | S2 | impl | — |
| US-22 | Build offline bundle + license envelope | S1 | impl | — |
| US-22a | Tamper detection on bundle mount | S1 | impl | — |
| US-22b | Import 3rd-party SCORM 1.2 | S2 (v1) / S4 (full) | stub/impl | — |
| US-23 | Browse + filter catalog | S2 | impl | S6 (semantic re-rank) |
| US-24 | Hide unpublished from non-authors | S0 (tests) / S2 (UI) | impl | — |
| US-25 | Switch locale | S1 | impl | — |
| US-26 | Course detail page with instructor + reviews | S2 | impl | — |
| US-27 | Submit listing for approval | S3 | impl | — |
| US-28 | Define pricing plans | S3 | impl | S6 (multi-currency depth) |
| US-29 | Buy course as individual | S3 | impl | — |
| US-30 | Buy seat pack + assign | S3 | impl | — |
| US-31 | Refund within policy | S3 | impl | — |
| US-32 | Provider sees payouts | S3 | impl | S6 (multi-currency) |
| US-33 | Coupon redemption | S3 | impl | — |
| US-34 | Listing moderation AI + human | S4 | impl | S6 (pattern v2) |
| US-35 | One-shot assignment | S4 | impl | — |
| US-36 | Recurring assignment via RRULE | S4 | impl | — |
| US-37 | Team compliance dashboard | S4 | impl | S6 (AI insight v2) |
| US-38 | Overdue reminders + escalation | S4 | impl | — |
| US-39 | Reassign on failure | S4 | impl | — |
| US-40 | Resume from last position | S1 | impl | — |
| US-41 | Quiz with immediate feedback | S1 | impl | — |
| US-42 | Navigate branching scenario | S4 | impl | — |
| US-43 | Track progress in real time | S1 | impl | — |
| US-44 | View transcript | S1 | impl | — |
| US-45 | Earn certificate on completion | S1 | stub | S3 templates |
| US-46 | Verify certificate via public link | S1 | impl | — |
| US-47 | Define certificate template | S4 | impl | — |
| US-48 | Recertification reminders | S4 | impl | — |
| US-49 | Configure notification preferences | S1 | impl | — |
| US-50 | Multi-channel notifications | S1 | impl | — |
| US-51 | Manage suppression after bounce | S1 | impl | — |
| US-52 | Tenant-configurable webhooks | S3 | impl | — |
| US-53 | Lexical + semantic search | S5 | impl | — |
| US-54 | Personalized recommendations | S6 | impl | — |
| US-55 | Next-step recommendation | S6 | impl | — |
| US-56 | Org admin completion dashboard | S1 (mini) / S4 (full) | stub/impl | — |
| US-57 | Provider sales dashboard | S3 (v1) / S6 (full) | stub/impl | — |
| US-58 | Scheduled email report | S6 | impl | — |
| US-59 | Export raw events | S6 | impl | — |
| US-60 | AI generate lesson from prompt | S2 | impl | — |
| US-61 | Convert PDF/policy to draft course | S4 | impl | — |
| US-62 | AI quiz from lesson | S2 | impl | — |
| US-63 | AI branching scenario | S4 | impl | — |
| US-64 | Auto-translate course | S4 (pilot) / S5 (production) | stub/impl | — |
| US-65 | AI TTS narration | S4 | impl | — |
| US-66 | AI image/diagram generation | S5 | impl | — |
| US-67 | AI rewrite/simplify | S2 | impl | — |
| US-68 | AI SCORM metadata + objectives | S4 | impl | — |
| US-69 | In-course AI tutor | S1 | impl | — |
| US-70 | AI lesson summary | S1 | impl | — |
| US-71 | AI worked example | S1 | impl | — |
| US-72 | AI adaptive practice | S4 | impl | — |
| US-73 | AI feedback on open-ended | S4 | impl | — |
| US-74 | AI recommends trainings for role | S4 | impl | S6 depth |
| US-75 | Predict at-risk non-completion | S6 | impl | — |
| US-76 | Auto-generate board compliance summary | S6 | impl | — |
| US-77 | Detect outdated content + suggest updates | S4 | impl | — |
| US-78 | Auto-tag + classify uploads | S4 | impl | — |
| US-79 | Block unsafe input/output | S0 | impl | — |
| US-80 | Redact PII before cloud calls | S0 | impl | — |
| US-81 | Per-tenant AI budget + degradation | S0 | impl | — |
| US-82 | AI provenance visible to author + admin | S0 (invariant) / S2 (UI) | impl | — |
| US-83 | Export AI audit log | S4 | impl | — |
| US-84 | Browse downloadable courses | S1 | impl | — |
| US-85 | Download course bundle | S1 | impl | — |
| US-86 | Take course offline | S1 | impl | — |
| US-87 | AI tutor offline | S1 | impl | — |
| US-88 | Offline provisional certificate | S1 | impl | — |
| US-89 | Sync queued progress + certificate | S1 | impl | — |
| US-90 | Bundle revoked while offline | S1 | impl | — |
| US-91 | Manage offline storage + pinning | S1 | impl | — |
| US-92 | Edit draft offline | S5 | impl | — |
| US-93 | Resolve offline conflict (LWW + diff) | S5 | impl | — |
| US-94 | Offline AI in authoring | S5 | impl | — |
| US-95 | Local model for tutor | S1 | impl | — |
| US-96 | Local model for summary | S1 | impl | — |
| US-97 | Cloud refresh on demand | S1 | impl | — |
| US-98 | Pre-warm local cache per course | S4 | impl | — |
| US-99 | Local AI telemetry replay | S1 | impl | — |
| US-100 | Resume on another device | S1 | impl | — |
| US-101 | See conflicts across devices | S5 | impl | — |
| US-102 | Wipe device remotely | S0 (primitive) / S4 (full UI) | impl/impl | — |
| US-103 | Bundle license revocation propagates | S1 | impl | — |
| US-104 | GDPR data export | S0 (primitive) / S4 (full) | stub/impl | — |
| US-105 | GDPR erasure request | S4 | impl | — |
| US-106 | Daily Merkle anchoring | S0 (primitive) / S4 (verify UI) | impl/impl | — |
| US-107 | Data residency change | S6 | impl | — |
| US-108 | Compliance officer reviews AI provenance | S4 | impl | — |
| US-109 | Keyboard navigation across player | S1 | impl | — |
| US-110 | Screen-reader compatibility | S1 | impl | — |
| US-111 | RTL parity | S1 | impl | — |
| US-112 | Captions + transcripts | S1 | impl | — |
| US-113 | Reduced-motion preference | S1 | impl | — |
| US-114 | High-contrast theme | S4 | impl | — |
| US-115 | In-house identity provider (extract native implementation) | S0 | impl | — |
| US-116 | Keycloak identity provider adapter | S4 | impl | — |
| US-117 | OIDC placeholders (Firebase, Okta, Cognito) | S4 | stub | harden post-M3 |
| US-118 | Enterprise external IdP & directory federation | S4 | impl | — |
2. Slice 0 — Platform Foundation (M0)
2.1 Epics in scope
EP-1 (partial: US-1, US-3, US-4, US-115), EP-2 (partial: US-6, US-9), EP-16 (core), EP-20 (primitive: US-102), EP-21 (primitive: US-104, US-106), EP-22 (baseline across all UIs).
Repo implementation note (2026-04-18): Branch
features/ep-2-org-managementin Ghasi-EdTech implements EP-2 backend slices: US-6 org units, US-7 custom roles + DSL subset, US-8 dynamic groups + evaluate/snapshot, US-9GET /me/tenants,POST /me/active-tenant+POST /auth/me/active-tenant, refresh rotation id + audit payload, US-10 SSO attribute maps validated against tenant roles wheretenant.rolesexists, US-11 CSV import jobs + result CSV. Client/UI (TanStack Query, IndexedDB, treegrid, axe, E2E) and full platform DoD (Pact broker, mutation gates, etc.) still belong to CI and frontend repos.
2.2 Cross-service dependencies
- Kong Gateway fronts all north-south HTTP to microservices (JWT/rate limits at edge); see ADR 0001.
- tenant-service depends on identity-service for user lookup on invite.
- ai-gateway-service depends on tenant-service for budget records.
- sync-service registers with every service that later adds replicable aggregates (registration is data-only at M0).
- notification-service used by invite emails and password reset.
2.3 AI-first requirements (slice-scoped)
- Gateway live with
complete,embeddings,moderate,redact-pii. - Prompt registry with 10 system prompts (bot-detection, slug suggestion, tenant description, invite copy, reset abuse check, safety classifier harness, PII redactor test harness).
- Provenance invariant enforceable by domain helper.
- Budget math per tenant functional.
- Local-inference SDK stub (returns "not-ready" to validate port).
2.4 Offline-first requirements (slice-scoped)
- Sync pull/push/resolve endpoints live.
- Client
LocalStoreport defined for web + mobile. - Device-binding (identity-service) producing device cert.
- No bundles yet; sync only carries per-user preferences + tenant membership cache + conflict samples (for test).
2.5 Security + multi-tenant requirements
- RLS on every table of every schema.
- Two-tenant isolation test suite passing for every endpoint.
- KMS-per-tenant envelope encryption keys.
- JWT signing + JWKS.
- Audit log append-only + daily Merkle anchor.
2.6 Testing + observability
- Unit + integration + Pact + E2E harness per service.
- OTel end-to-end with
traceparent. - Default SLOs per service (availability, latency, error budget).
- Runbook skeleton per service.
2.7 Sprint-ready backlog for Slice 0 (priority order)
| # | Story | Owner team | Dep | Est | Sprint |
|---|---|---|---|---|---|
| 1 | US-79 Block unsafe in/out | AI | — | 3 | 1 |
| 2 | US-80 Redact PII | AI | — | 3 | 1 |
| 3 | US-81 AI budget | AI | — | 3 | 2 |
| 4 | US-82 AI provenance invariant | AI + Platform | — | 2 | 2 |
| 5 | US-1 Provision org + invite | Platform | — | 5 | 2 |
| 6 | US-3 Device binding | Platform | US-1 | 3 | 3 |
| 7 | US-4 Password reset | Platform | US-1 | 2 | 3 |
| 8 | US-6 Org units | Platform | US-1 | 3 | 4 |
| 9 | US-9 Tenant switcher | Platform | US-1 | 2 | 4 |
| 10 | US-102 Wipe device (primitive) | Platform | US-3 | 3 | 4 |
| 11 | US-104 GDPR export primitive | Platform | — | 5 | 5 |
| 12 | US-106 Merkle anchoring | Platform | Audit log | 3 | 5 |
| 13 | US-109–US-114 (a11y baseline across all M0 UIs) | Design + FE | — | rolling | 1–6 |
3. Slice 1 — Minimal Learner (M1)
3.1 Epics in scope
EP-8 (US-40–44), EP-9 (US-45 stub, US-46), EP-10 (US-49–51), EP-12 (US-56 mini), EP-14 (US-69–71), EP-16 (full: US-79–82), EP-17 (US-84–91), EP-19 (US-95–97, US-99), EP-20 (US-100), EP-22 (US-109–113 on player).
3.2 Cross-service dependencies
delivery-service → content-service (PlayPackage manifest read)
delivery-service → progress-service (statements via events)
delivery-service → ai-gateway-service (tutor calls)
delivery-service → sync-service (offline mount + statement queue)
content-service → identity-service (device pubkey)
content-service → media-service (asset retrieval)
enrollment-service → catalog-service (validate version)
notification-service consumes events from all above
3.3 AI-first requirements (slice-scoped)
- All tutor flows through ai-gateway with pinned prompt
delivery/tutor@1.0.0. - Local-inference SDK produces real outputs (small model) for tutor + summary + worked example.
- SSE streaming from gateway.
- Local AI telemetry replay on sync.
- Provenance attached to every
AssistantTurn. - Budget visible in learner settings; soft-degrade functional.
3.4 Offline-first requirements (slice-scoped)
- PlayPackage Bundles signed + encrypted + device-bound.
- License envelope enforced (expiry, features).
- Player runs fully offline: navigation, quiz scoring (bundled rules), branching (deferred to S4), provisional certificate issuance.
- Statement outbox + AI telemetry outbox flushed on sync.
- Tamper detection on mount + report-tamper on reconnect.
- Revocation propagation on sync.
- Multi-device resume via max(cursor).
3.5 Security + multi-tenant
- Device cert renewal daily.
- Cross-tenant play-session resume blocked.
- Bundle encryption keys derived per (tenant, device, bundle).
- Tamper events audited.
- Chaos tests: corrupted bundle, expired license, revoked license, interrupted sync.
3.6 Testing + observability
- Airplane-mode E2E (J-12).
- Multi-device E2E (J-20).
- Player a11y axe-clean + NVDA + VoiceOver pass.
- Visual regression LTR + RTL + dark.
- Prompt regression on tutor/summary/worked-example.
- Safety eval + red-team corpus run weekly.
- Load: 10 k concurrent online sessions; 1 k concurrent offline-sync pushes.
3.7 Sprint-ready backlog for Slice 1 (selection)
| # | Story | Owner | Dep | Est | Sprint |
|---|---|---|---|---|---|
| 1 | PlayPackage schema freeze | Content | M0 | 8 | 1 |
| 2 | US-22 Bundle with license envelope | Content + Security | #1 | 8 | 1–2 |
| 3 | US-22a Tamper detection | Content | #2 | 3 | 2 |
| 4 | US-40 Resume from last position | Learner | — | 3 | 2 |
| 5 | US-41 Quiz immediate feedback | Learner + Assessment | — | 5 | 2–3 |
| 6 | US-43 Progress real-time | Learner | Events | 3 | 3 |
| 7 | US-44 Transcript | Learner | — | 2 | 3 |
| 8 | US-69 AI tutor in-course | Learner + AI | Gateway + prompts | 5 | 3–4 |
| 9 | US-70 AI summary | Learner + AI | US-69 | 3 | 4 |
| 10 | US-71 AI worked example | Learner + AI | US-69 | 3 | 4 |
| 11 | US-84–US-91 Offline journey | Learner + Content + Sync | Bundle | 34 | 4–6 |
| 12 | US-95–US-97, US-99 Local AI | AI + Mobile | Local SDK | 16 | 4–6 |
| 13 | US-100 Resume on another device | Learner + Sync | Sync | 3 | 5 |
| 14 | US-49–US-51 Notification prefs + channels + suppression | Platform + Comms | — | 7 | 2–3 |
| 15 | US-45 stub + US-46 Cert verify | Certification | — | 5 | 5 |
| 16 | US-56 mini dashboard | Data | — | 3 | 5 |
| 17 | US-109–US-113 A11y on player + RTL parity | Design + FE | — | 13 | 1–6 |
4. Slice 2 — Authoring MVP + AI Co-Author MVP (M2, first half)
4.1 Epics in scope
EP-3 (US-12–14 quiz, US-16–17, US-21), EP-4 (US-21, US-22b stub), EP-5 (US-23–26, US-24), EP-13 (US-60, US-62, US-67, US-82 UI).
4.2 Cross-service dependencies
authoring-service → media-service (asset upload)
authoring-service → ai-gateway-service (AI Co-Author flows)
authoring-service → assessment-service (quiz bank ops)
Publish saga: authoring → content → catalog → search
4.3 AI-first requirements
- Prompts:
authoring/block_from_intent@1.0.0,assessment/quiz_from_lesson@1.0.0,authoring/simplify@1.0.0. - AI block generation SSE with accept/reject flow.
- Provenance badge visible in editor + learner view.
4.4 Offline-first requirements
- Authoring editor cached for read-only view offline (full offline edit comes in S5).
- Previously-published bundles continue to work offline.
4.5 Security + multi-tenant
- Block content encrypted in transit; answer keys encrypted at rest.
- Publish saga rolls back cleanly on partial failure.
- Tenant-scoped prompts.
4.6 Testing + observability
- Publish saga chaos tests (mid-saga failure at each step).
- Prompt regression gate on accept rate (≥ 50 %).
- End-to-end E2E: author creates course with AI → publishes → learner sees in catalog.
- Block registry Pact for editor + runtime.
4.7 Sprint-ready backlog for Slice 2
| # | Story | Owner | Dep | Est | Sprint |
|---|---|---|---|---|---|
| 1 | Block schema freeze | Authoring | — | 5 | 1 |
| 2 | US-12 Draft w/ modules + lessons | Authoring | #1 | 3 | 1 |
| 3 | US-13 Core blocks (text/img/video/audio) | Authoring + Media | #1 | 5 | 1–2 |
| 4 | US-14 Quiz block (branching deferred) | Authoring + Assessment | #3 | 5 | 2 |
| 5 | US-16 Submit for review | Authoring | #1 | 3 | 2 |
| 6 | US-17 Publish saga | Authoring + Content + Catalog + Search | Saga infra | 8 | 3 |
| 7 | US-21 Export HTML5 | Content | #6 | 3 | 3 |
| 8 | US-22b SCORM import v1 | Content | — | 5 | 4 |
| 9 | US-23 Browse + filter | Catalog + FE | #6 | 3 | 3 |
| 10 | US-24 Hide unpublished | Catalog | #6 | 1 | 3 |
| 11 | US-25 Locale switch | FE | — | 2 | 2 |
| 12 | US-26 Course detail | Catalog + FE | #6 | 3 | 4 |
| 13 | US-60 AI generate block | Authoring + AI | Prompts | 5 | 3 |
| 14 | US-62 AI quiz from lesson | Authoring + AI + Assessment | Prompts | 5 | 4 |
| 15 | US-67 AI rewrite | Authoring + AI | Prompts | 3 | 4 |
| 16 | US-82 Provenance badges in editor | Authoring + FE | — | 2 | 3 |
5. Slice 3 — Marketplace MVP (M2, second half)
5.1 Epics
EP-6 (US-27–33), EP-9 (US-45 issue + US-46 verify), EP-10 (US-52 webhooks), EP-4 (US-19 SCORM 1.2).
Engineering note (2026-04-23): EP-6 M2 slice is in place (listings approve/publish/suspend/appeal, coupons redeem, refund window, payout list + statement PDF placeholder, OpenAPI green). M3+ gaps (PSP/3DS, J-8 bulk, J-17 full, workers, partial refunds) are deferred — see 07 — EP-6 status and the Ghasi-EdTech monorepo ADR
planning/adr/ADR-EP6-MKT-001-m3-deferrals.md.
5.2 Cross-service dependencies
Purchase saga: marketplace → billing → marketplace.license.granted → enrollment → notification
Refund flow: marketplace → billing → marketplace.license.revoked → enrollment.revoked → notification
5.3 AI-first
- AI moderation pipeline on listing marketing copy.
- AI fraud-signal classifier on payment intents.
5.4 Offline-first
- Licenses sync to client (read-only) so offline users see assigned courses.
- Refunds propagate to client via sync.
- Marketplace browse cache for offline tiles.
5.5 Security + multi-tenant
- PCI scope minimized via processor-tokenized cards.
- Webhook signatures HMAC-SHA256 + nonce + 5-min window.
- Refund policy per tenant; audit per transition.
5.6 Testing + observability
- SCORM Cloud conformance gate.
- Saga integration tests with mid-payment failure + compensations.
- Processor sandbox tests.
- Public verify page rate-limited; bot mitigation tested.
5.7 Sprint-ready backlog for Slice 3
| # | Story | Owner | Dep | Est | Sprint |
|---|---|---|---|---|---|
| 1 | US-19 SCORM 1.2 export | Content | PlayPackage | 5 | 4 |
| 2 | US-27 Submit listing | Commerce | Catalog | 3 | 5 |
| 3 | US-28 Pricing plans | Commerce + Billing | — | 5 | 5 |
| 4 | US-29 Buy as individual (saga) | Commerce + Billing + Enrollment | — | 5 | 5–6 |
| 5 | US-30 Buy seat pack + assign | Commerce + Enrollment | #4 | 8 | 6 |
| 6 | US-31 Refund within policy | Commerce + Billing | #4 | 5 | 6 |
| 7 | US-32 Provider payouts | Commerce + Billing | #5 | 3 | 6 |
| 8 | US-33 Coupon redemption | Commerce | — | 3 | 6 |
| 9 | US-45 Certificate issue | Certification | #4 | 3 | 6 |
| 10 | US-46 Public verify link | Certification | #9 | 3 | 6 |
| 11 | US-52 Webhooks (tenant-configurable) | Comms + Platform | — | 5 | 5 |
6. Slice 4 — Compliance + Enterprise (M3)
6.1 Epics
EP-1 (US-2 SAML, US-5 WebAuthn, US-116 Keycloak, US-117 vendor OIDC stubs, US-118 enterprise IdP federation), EP-2 (US-7, US-8, US-10, US-11), EP-4 (US-20 SCORM 2004/xAPI, US-22b full), EP-7 (US-35–US-39), EP-9 (US-47, US-48), EP-13 (US-61, US-63–US-66 stub, US-68, US-77, US-78), EP-14 (US-72–US-73), EP-15 (US-74, US-76 stub), EP-16 (US-83), EP-20 (US-102 full), EP-21 (US-104 full, US-105, US-108, US-106 UI).
6.2 Cross-service dependencies
assignment-service → tenant-service (DynamicGroup eval) → enrollment-service → notification-service
identity-service SAML + SCIM → tenant-service (membership sync)
Branching block S2 → assessment-service scenario graph
Content 2004/xAPI export → progress-service LRS endpoints
6.3 AI-first
- Full AI Co-Author flows including PDF → course, branching gen, TTS (stub), images (stub).
- AI admin insight v1: assignment recommender.
- AI grading for short-answer with confidence threshold → human review.
- AI audit export from analytics-service.
6.4 Offline-first
- Branching scenario rules bundled for offline play.
- Compliance windows cached for current user offline.
- Pre-warm AI cache per bundle (US-98) enabled.
6.5 Security + multi-tenant
- SAML/OIDC configured per tenant; secrets rotation.
- RBAC + ABAC + DynamicGroup evaluated; two-tenant tests extended to ABAC predicates.
- GDPR erasure saga operational across all services built so far.
- Merkle verify UI operational for compliance officer.
6.6 Testing + observability
- ADL conformance on SCORM 2004 + xAPI + cmi5.
- RRULE fixture suite (≥ 1 000 cases incl. DST + leap).
- SAML tested against Okta, Azure AD, Google, custom ADFS.
- AI bias eval for recommender + short-answer grading.
- Erasure saga E2E covering all in-scope services.
6.7 Sprint-ready backlog for Slice 4 (selection)
| # | Story | Owner | Dep | Est | Sprint |
|---|---|---|---|---|---|
| 1 | RRULE engine freeze | Enterprise | — | 5 | 1 |
| 2 | US-35 One-shot assignment | Enterprise + Enrollment | #1 | 3 | 1 |
| 3 | US-36 Recurring assignment | Enterprise | #2 | 5 | 2 |
| 4 | US-37 Team compliance dashboard | Enterprise + Data | #3 | 5 | 2–3 |
| 5 | US-38 Reminders + escalation | Enterprise + Comms | #3 | 3 | 3 |
| 6 | US-39 Reassign on failure | Enterprise | #3 | 3 | 3 |
| 7 | US-7 Custom role | Platform | — | 5 | 2 |
| 8 | US-8 Dynamic Group | Platform | #7 | 5 | 3 |
| 9 | US-10 SSO admin config | Platform | — | 5 | 3 |
| 10 | US-2 SAML SSO | Platform | #9 | 5 | 4 |
| 11 | US-5 WebAuthn | Platform | — | 5 | 4 |
| 12 | US-11 Bulk CSV import | Platform | — | 3 | 5 |
| 13 | US-20 SCORM 2004 + xAPI | Content + Progress | — | 5 | 4 |
| 14 | US-22b SCORM import full | Content | — | 5 | 5 |
| 15 | US-14 branching (finish) | Authoring + Assessment | — | 5 | 4 |
| 16 | US-42 Play branching | Learner + Assessment | #15 | 5 | 5 |
| 17 | US-61 PDF → course | Authoring + AI | Prompts | 8 | 5–6 |
| 18 | US-63 AI branching gen | Authoring + AI | Prompts | 5 | 5 |
| 19 | US-65 TTS narration | Media + AI | — | 3 | 5 |
| 20 | US-68 AI SCORM metadata | Content + AI | — | 3 | 6 |
| 21 | US-72 AI adaptive practice | Learner + AI | — | 5 | 6 |
| 22 | US-73 AI feedback on open-ended | Assessment + AI | — | 5 | 6 |
| 23 | US-74 AI assignment recommender | Enterprise + AI | — | 5 | 6 |
| 24 | US-77 Outdated content detect | Authoring + AI | — | 5 | 6 |
| 25 | US-78 Auto-tag classify | Authoring + AI | — | 3 | 6 |
| 26 | US-47 Cert templates | Certification | — | 5 | 5 |
| 27 | US-48 Recert reminders | Certification + Comms | — | 3 | 6 |
| 28 | US-83 AI audit export | Data + Security | — | 3 | 6 |
| 29 | US-102 Full wipe UX | Platform | — | 3 | 4 |
| 30 | US-104 GDPR export full | Platform + all services | Erasure saga | 5 | 5 |
| 31 | US-105 GDPR erasure | Platform + all services | — | 8 | 5–6 |
| 32 | US-106 Merkle verify UI | Security | — | 3 | 6 |
| 33 | US-108 Compliance AI provenance review | Data + Security | — | 3 | 6 |
| 34 | US-98 Pre-warm local cache | AI + Content | — | 5 | 6 |
| 35 | US-114 High-contrast theme | Design + FE | — | 3 | 6 |
7. Slice 5 — Full Authoring + Offline Authoring (M4)
7.1 Epics
EP-3 full (US-13 refine, US-15, US-18), EP-13 (US-64 production, US-66), EP-18 (US-92–US-94), EP-4 (imports mature), EP-11 (US-53), EP-22 (final depth).
7.2 Cross-service dependencies
authoring-service + sync-service (Yjs + offline mutations)
media-service: AI image, TTS voices, video transcoding matrix
search-service: hybrid search with pgvector index
7.3 AI-first
- Image generation with style profiles per tenant.
- AI merge suggestions in conflict UI.
- AI translation productionized with per-tenant glossaries.
7.4 Offline-first
- Full offline authoring: block edit, reorder, AI assist (local), conflict resolve.
- Offline asset pre-uploads queued; metadata syncs after upload.
- Y.Doc offline merges; non-CRDT fields → LWW with diff UI.
7.5 Security + multi-tenant
- Collab session authenticated + per-message ACL.
- Offline conflict backups retained 30 days per audit policy.
- Tenant-glossary pinning for AI translation.
7.6 Testing + observability
- Yjs + offline merge chaos (two devices, partition, merge).
- Multi-author collab E2E.
- Offline authoring conflict E2E (J-25).
- Hybrid search ranker eval.
7.7 Sprint-ready backlog for Slice 5 (selection)
| # | Story | Owner | Dep | Est | Sprint |
|---|---|---|---|---|---|
| 1 | US-15 Live collab (Yjs) | Authoring | — | 8 | 1–2 |
| 2 | US-92 Offline draft edits | Authoring + Sync | #1 | 5 | 2–3 |
| 3 | US-93 Resolve offline conflict | Authoring + Sync | #2 | 5 | 3 |
| 4 | US-94 Offline AI in authoring | Authoring + AI | #2 | 5 | 3 |
| 5 | US-18 Manual localization | Authoring + FE | — | 5 | 4 |
| 6 | US-64 AI translate productionized | Authoring + AI | — | 5 | 4 |
| 7 | US-66 AI image | Media + AI | — | 5 | 4 |
| 8 | US-53 Hybrid search | Search + AI | — | 5 | 4 |
8. Slice 6 — Scale + Advanced Insight + Mobile (M5)
8.1 Epics
EP-11 (US-54, US-55), EP-12 full (US-57, US-58, US-59), EP-15 depth (US-75, US-76), EP-20 (US-101, US-103), EP-21 (US-107), EP-6 expansion, mobile native, HIPAA.
8.2 Cross-service dependencies
analytics-service + ai-gateway → insights
search-service hybrid + ranker training
Residency saga: every service + KMS + storage + vector index
Mobile native features: biometrics + background sync + widgets
8.3 AI-first
- AI admin insight v2: board summaries, outdated detection v2, at-risk learner prediction with explainability.
- Personalized recommendations with fairness monitoring.
- Cloud refresh per feature available everywhere local AI runs.
8.4 Offline-first
- Background sync on mobile with OS schedulers.
- Biometric-gated bundle unlock.
- Widget shows next-due compliance.
- Cross-device conflict UX on mobile.
8.5 Security + multi-tenant
- Multi-region data residency saga covering every service.
- HIPAA tier restricts AI providers (explicit no-training configs) and adds BAA-only providers.
- White-label branding per provider with CSP scoping.
8.6 Testing + observability
- Residency saga rehearsal against production-size fixture.
- Mobile app store rating KPI ≥ 4.5.
- ISO 27001 attestation readiness.
8.7 Sprint-ready backlog for Slice 6 (selection)
| # | Story | Owner | Dep | Est | Sprint |
|---|---|---|---|---|---|
| 1 | US-54 Personalized recs | Data + AI | — | 5 | 1 |
| 2 | US-55 Next-step recs | Data + AI | — | 3 | 1 |
| 3 | US-57 Provider sales dashboard full | Data + Commerce | — | 5 | 2 |
| 4 | US-58 Scheduled email report | Data + Comms | — | 5 | 2 |
| 5 | US-59 Raw event export | Data + Security | — | 3 | 2 |
| 6 | US-75 At-risk prediction | Data + AI | — | 5 | 3 |
| 7 | US-76 Board compliance narrative | Data + AI | — | 5 | 3 |
| 8 | US-101 Cross-device conflicts | Sync | — | 3 | 3 |
| 9 | US-103 Revocation propagation | Sync + Content | — | 3 | 3 |
| 10 | US-107 Residency change | Platform + SRE + all services | — | 13 | 4–6 |
| 11 | Mobile native biometric + widget + background sync | Mobile + Platform | — | 8 | 3–5 |
| 12 | HIPAA tier + BAA providers | Security + AI | — | 8 | 3–5 |
| 13 | White-label + custom domain | Platform + Design | — | 5 | 4 |
| 14 | Developer marketplace + SDK v1 | Platform + DevEx | — | 8 | 5–6 |
9. Inter-Slice Dependency Graph
S0 ──► S1 ──► S2 ─┬─► S3
│
▼
S4 ──► S5 ──► S6
- S2 and S3 overlap within M2 (S2 delivers authoring + HTML + SCORM import stub; S3 delivers marketplace + SCORM 1.2 + billing + certs).
- S4 depends on S2 publish saga + S3 payment rails.
- S5 depends on S2 block registry + S1 sync protocol.
- S6 depends on everything before.
10. Slice Exit Criteria (concise)
| Slice | Exit when… |
|---|---|
| S0 | Two-tenant isolation, AI gateway, sync protocol, event envelope, schema registry, observability all green ≥ 2 weeks |
| S1 | 3+ design partners completing offline courses; AI tutor accept-rate > 50 %; airplane-mode E2E green |
| S2 | First tenant publishes a course end-to-end via UI; HTML export verified; AI co-author accept-rate > 50 % |
| S3 | First paid purchase → fulfilled enrollment → certificate; SCORM Cloud pass; payout to provider |
| S4 | First enterprise customer using SAML + recurring assignments in production; SOC 2 Type I; ADL conformance |
| S5 | Offline authoring conflict rate < 1 %; live collab stable; LTI 1.3 ready for embedding partners |
| S6 | Multi-region residency migration on live tenant; HIPAA tier offered; mobile native rating ≥ 4.5 |