Skip to main content

Slice Release Readiness

:::info Source Sourced from docs/roadmap/slice-release-readiness.md in the documentation repo. :::

Execution-layer companion to ROADMAP.md and service-readiness-gates.md.

For each slice, a slice cannot ship until every dimension below is green. These gates are binary — not "mostly done".

Dimensions

  1. F – Functional readiness — scoped user stories delivered with acceptance criteria met.
  2. N – Non-functional readiness — SLOs, load, scale, DR.
  3. A – AI readiness — prompt regression, safety, bias, provenance.
  4. O – Offline readiness — airplane-mode E2E, multi-device sync, conflict tests.
  5. S – Security readiness — tenant isolation, pen-test, threat model, audit events.
  6. T – Multi-tenant readiness — isolation tests per endpoint, RLS, per-tenant budgets/quotas.
  7. V – Observability readiness — SLOs, dashboards, runbooks, alert thresholds.
  8. D – Documentation readiness — API, event, runbook, support, user-facing docs.

Slice 0 — Platform Foundation (M0)

F – Functional

  • Tenant provisioning + invite (US-1) live in staging.
  • Identity flows (register, login, refresh, MFA, device bind, password reset) live.
  • Org units + tenant switch (US-6, US-9).
  • AI gateway: complete + embed + moderate + redact + budgets.
  • Sync protocol: pull/push/resolve + cursors + conflict logging for 2 pilot entity types.
  • Notification core: email + in-app inbox.

N – Non-functional

  • API p95 < 200 ms on core routes.
  • AI gateway overhead p95 < 400 ms on cache hit.
  • NATS JetStream replication across AZ verified.
  • DR drill executed; RPO 5 min / RTO 60 min verified.

A – AI

  • Prompt registry with 10 system prompts + eval suites.
  • Safety pipeline pre/post with refusal UX.
  • Provenance invariant enforced by domain helper.

O – Offline

  • Sync protocol chaos tests (drop, retry, partial push) green.
  • Client LocalStore port implemented on web (IndexedDB via Dexie).
  • Device cert issuance working; rotation working.

S – Security

  • Two-tenant isolation suite green on every endpoint.
  • Pen-test #1 completed; findings closed.
  • OWASP ASVS L2 baseline on auth endpoints.
  • KMS hierarchy + per-tenant keys live.
  • Audit log append-only + daily Merkle anchor.

T – Multi-tenant

  • tenant_id mandatory on every row.
  • RLS policies on every table.
  • JWT tid claim required everywhere tenant-scoped.
  • Cross-tenant test coverage 100 % of endpoints.

V – Observability

  • SLOs per service (availability, latency, error).
  • OTel traces correlate across services via traceparent.
  • Dashboards for every service.
  • Runbooks for every service.

D – Docs

  • OpenAPI + event schemas published.
  • Architecture ADR log populated with M0 decisions.
  • Security runbook.

Slice 1 — Minimal Learner (M1)

F – Functional

  • US-40–44 (resume, quiz, scenario nav placeholder, progress, transcript).
  • US-45 stub + US-46 verify.
  • US-49–51 notification.
  • US-56 mini dashboard.
  • US-69–71 AI tutor + summary + worked example.
  • US-84–91 offline journey + US-100 multi-device resume.
  • US-95–97, US-99 local AI paths.
  • US-109–113 accessibility + RTL on player.

N – Non-functional

  • Player LCP p75 < 1 s online; offline cold open < 600 ms.
  • AI tutor first token < 600 ms p95 cloud / < 1.5 s p95 local.
  • Bundle build < 10 s p95 typical; download resumable.
  • Load: 10 k concurrent online + 1 k concurrent offline-sync pushes.
  • Statement ingestion 10 k/sec sustained.

A – AI

  • Tutor prompt regression green (accept rate ≥ 50 %).
  • Safety eval + red-team corpus run in CI.
  • Local-AI parity sample eval (cloud vs local).
  • Provenance on every AssistantTurn + every statement that references AI context.

O – Offline

  • Airplane-mode E2E (J-12) green.
  • Multi-device resume E2E (J-20) green.
  • Bundle tamper detection E2E (fixture-tampered bundle) green.
  • Revocation propagation within 60 s of device online.
  • Statement outbox + AI telemetry replay green after 7-day offline period.

S – Security

  • Pen-test #1 for M1 scope closed.
  • Device-binding key derivation reviewed by Security.
  • Bundle tamper chaos tests green.
  • Cross-tenant play-session resume rejected.

T – Multi-tenant

  • Bundle keys derived per (tenant, device, bundle) verified.
  • Cross-tenant license assignment blocked.
  • AI budget per tenant observable in settings.

V – Observability

  • Player real-user monitoring live.
  • Sync dashboards (push rate, reject rate, conflict rate).
  • AI metrics (first-token latency, cost per turn, refusal rate) dashboarded.

D – Docs

  • Learner help articles (top 20).
  • Design-partner onboarding playbook.
  • Offline troubleshooting guide.

Slice 2 — Authoring MVP + AI Co-Author MVP (M2 first half)

F – Functional

  • US-12–14 (quiz), US-16–17, US-21.
  • US-22b SCORM import v1.
  • US-23–26.
  • US-60 + US-62 + US-67.
  • US-82 provenance UI visible.

N – Non-functional

  • Publish saga p95 < 60 s typical course.
  • Block preview render < 100 ms.
  • HTML5 export < 3 s.

A – AI

  • Co-Author prompts regression-gated at ≥ 50 % accept.
  • Provenance badge visible + clickable.
  • Safety eval on authoring prompts.

O – Offline

  • Authoring editor read-only offline cache validated.
  • Drafts reachable offline from "Recent" list.
  • Bundles produced in S1 continue to work offline.

S – Security

  • Publish saga compensations tested.
  • Answer keys encrypted at rest.
  • Embed block provider allowlist enforced.

T – Multi-tenant

  • Cross-tenant block references rejected.
  • Media references resolve only within tenant.

V – Observability

  • Publish saga span visible end-to-end.
  • AI accept/reject telemetry.

D – Docs

  • Authoring user guide (top 30 articles).
  • AI Co-Author how-to.

Slice 3 — Marketplace MVP (M2 second half)

F – Functional

  • US-19 SCORM 1.2 pass ADL.
  • US-27–33 commerce flows.
  • US-45 cert + US-46 public verify.
  • US-52 webhooks.

N – Non-functional

  • Purchase saga p95 < 10 s end-to-end.
  • Checkout p75 < 1 s.
  • Webhook delivery p95 < 2 s.

A – AI

  • Listing moderation pipeline online (stub acceptable in S3; full in S4).
  • AI fraud-signal classifier reviewed.

O – Offline

  • Licenses + assigned seats sync to client.
  • Marketplace browse tiles cached.
  • Refund propagation via sync.

S – Security

  • PCI scope review passed.
  • Webhook signature verified against replay corpus.
  • Refund-after-seat-consumption rule auditable.

T – Multi-tenant

  • Cross-tenant license queries blocked.
  • Provider tenant + buyer tenant isolation tested.

V – Observability

  • GMV + conversion + refund dashboards live.
  • Payment failure rate + dunning dashboards.

D – Docs

  • Provider onboarding + pricing doc.
  • Buyer refund policy + support macros.
  • SCORM 1.2 interop doc for customer LMSs.

Slice 4 — Compliance + Enterprise (M3)

F – Functional

  • US-2 SAML, US-5 WebAuthn, US-7 custom roles, US-8 DG, US-10 SSO admin, US-11 CSV.
  • US-20 SCORM 2004 + xAPI + cmi5 (ADL conformance).
  • US-35–39 assignment engine.
  • US-47 templates, US-48 recert.
  • US-42 branching nav, US-14 branching block, US-61 PDF→course, US-63 branching gen, US-65 TTS, US-68 metadata, US-72 adaptive practice, US-73 AI grading.
  • US-74 recommender + US-77 outdated detect + US-78 auto-tag + US-98 pre-warm cache.
  • US-83 AI audit export + US-102 wipe UI + US-104 + US-105 + US-106 verify UI + US-108 provenance review.
  • US-114 high-contrast theme.

N – Non-functional

  • RRULE materialization < 30 s for 10 k targets.
  • SAML callback p95 < 700 ms.
  • Erasure saga completes ≤ 7 days target.

A – AI

  • Bias eval on recommender + AI grading.
  • Full AI Co-Author prompts regression-gated.
  • Provenance on every AI artifact; export audit verified.

O – Offline

  • Branching scenario offline play E2E.
  • Pre-warm AI cache validated on bundle install.
  • ComplianceWindows cached for current user offline.

S – Security

  • SAML tested against 4 IdPs.
  • ABAC predicate evaluator fuzz-tested.
  • GDPR erasure saga covers every S0–S4 service.
  • Pen-test #2 closed.
  • SOC 2 Type I attestation.

T – Multi-tenant

  • ABAC + DG evaluated scalably per tenant.
  • AI budget visible per feature.

V – Observability

  • Compliance dashboards per manager + per tenant.
  • SAML + SCIM provisioning metrics.
  • Erasure saga end-to-end tracing.

D – Docs

  • Enterprise deployment guide.
  • SAML configuration guide per IdP.
  • Compliance + audit workflow doc.
  • EU AI Act capability classification sheet.

Slice 5 — Full Authoring + Offline Authoring (M4)

F – Functional

  • US-13 refinements + US-15 live collab + US-18 manual localization + US-64 translate productionized + US-66 AI image + US-53 hybrid search.
  • US-92 offline edits + US-93 conflict UI + US-94 offline AI.
  • LTI 1.3 launch + deep-link + AGS.

N – Non-functional

  • Collab update propagation < 200 ms p95.
  • Offline authoring conflict rate < 1 % of offline edit sessions.
  • Hybrid search p95 < 300 ms.

A – AI

  • AI image styles + per-tenant brand profile.
  • AI merge suggestion eval.
  • Translation quality per locale ≥ target.

O – Offline

  • Offline authoring E2E (J-25) green.
  • Pre-upload queued assets + metadata sync.
  • Y.Doc offline merge tests.

S – Security

  • Collab WS auth + per-message ACL.
  • Asset safety pipeline extended to AI image + video.
  • Pen-test #3 closed.
  • SOC 2 Type II attestation received.

T – Multi-tenant

  • Tenant-glossary pinning for AI translation.
  • Collab sessions tenant-scoped.

V – Observability

  • Collab session dashboards.
  • Conflict rate dashboards per tenant.
  • Search NDCG@10 dashboards.

D – Docs

  • Full authoring user guide.
  • LTI 1.3 integration guide.
  • Offline authoring conflict troubleshooting.

Slice 6 — Scale + Advanced Insight + Mobile (M5)

F – Functional

  • US-54–US-55 recs + US-57–59 dashboards + US-75–76 admin insight v2 + US-101 + US-103 sync polish + US-107 residency migration.
  • Mobile native: biometric, widget, background sync.
  • HIPAA tier live.
  • White-label + custom domain.
  • Developer marketplace + SDK v1.

N – Non-functional

  • Residency migration saga executed on production-size fixture with 0 data loss.
  • Mobile native performance budgets met.
  • ISO 27001 control readiness.

A – AI

  • AI insight v2 board summaries eval.
  • Recommendations fairness monitoring live.

O – Offline

  • Mobile background sync tested on iOS + Android.
  • Biometric unlock for bundles.
  • Widget displays next-due compliance correctly offline.

S – Security

  • HIPAA provider allowlist enforced + audit export verified.
  • White-label CSP per tenant; XSS scope isolation verified.
  • ISO 27001 attestation readiness review.

T – Multi-tenant

  • Residency-scoped indices for search + vector.
  • HIPAA tenants isolated to BAA-approved AI providers.

V – Observability

  • Region-level SLO dashboards.
  • Mobile app RUM.
  • AI admin insight freshness + accuracy dashboards.

D – Docs

  • Multi-region administration guide.
  • HIPAA BAA customer guide.
  • Developer SDK docs + sample apps.
  • White-label branding guide.

Slice Release Sign-Off Template

DimensionOwnerSign-offDate
FunctionalPM
Non-FunctionalSRE lead
AIAI Services lead
OfflineSync lead
SecurityCISO / Security lead
Multi-tenantPlatform lead
ObservabilitySRE lead
DocumentationDevEx lead
Slice overallCTO

A slice can only ship when every dimension has a dated sign-off from its named owner.