project-pal-e-app updated 2026-05-03Vision
The SvelteKit frontend for the pal-e-docs project. The / route is the public landing page (sign-in CTA, public notes, marketing surface); all other routes are gated by Keycloak. Once authenticated, users see role-scoped projects, kanban boards, and notes. The permission model is project-scoped: users are assigned to projects with read or write access, and see all child notes of those projects. Per definition-app, the landing page is a route inside the app, not a separate service — one repo, one hostname, one auth funnel.
User Stories
| Key | Role | Story | Status |
|---|---|---|---|
PA-S1 |
Stakeholder | Register via pal-e-landing form so Lucas can onboard me | Not started |
PA-S2 |
Stakeholder | Log in and reset password via Keycloak so I can access my scoped content | Not started |
PA-S3 |
Stakeholder | See only the projects and boards assigned to me so I'm not overwhelmed | Not started |
PA-S4 |
Admin (Lucas) | Assign users to projects with read/write permissions so I control what each person sees | Not started |
PA-S5 |
Admin (Lucas) | Configure a user's landing page so they see what matters most on login | Not started |
Architecture
Three architecture notes (pending creation):
- Domain Model — user, project, permission, note hierarchy
- Data Flow — landing → Keycloak → pal-e-app → pal-e-docs API (filtered by permissions)
- Deployment — pal-e-landing (static) + pal-e-app (SvelteKit, adapter-node) + Keycloak + pal-e-docs API
Key Decisions
- Permission scope = project. User gets access to a project → sees all child notes of that project note.
- Permission levels: read or write per user per project.
- Keycloak handles authentication (who are you). pal-e-docs API handles authorization (what can you see).
- pal-e-landing is a separate static site (adapter-static, new repo). Links to pal-e-app for login.
- pal-e-docs-app (old deployment name) is retired. pal-e-app is the canonical frontend.
- Existing SvelteKit codebase is the foundation — block renderer, board views, project nav, Keycloak integration all stay.
Board
Status
Project created 2026-03-30. Existing pal-e-app repo has 11 routes, Keycloak OIDC, block renderer, board kanban views, project navigation. Missing: project-scoped permissions, registration flow, configurable user landing pages.
Milestones
None yet.
Repos
| Repo | Platform | Role | Status |
|---|---|---|---|
| pal-e-app | Forgejo | SvelteKit authenticated frontend (adapter-node) | Active — needs permissions layer |
| pal-e-landing | Forgejo | Static landing page (adapter-static) | Not yet created |
Key People
| Role | Person | Access |
|---|---|---|
| Superadmin | Lucas | Everything — all projects, full read/write |
| Admin | Marcus | westside-basketball — read/write on boards, stories, docs |
| Stakeholder | Mom | westside-basketball — read-only on project kanban, timeline/dependency visibility |
First Users & AC
Phase 1 AC: Marcus and Mom can register via pal-e-landing, log in via Keycloak, reset password, and see scoped project boards. Lucas can see them in Postgres and assign permissions.
Phase 2 AC: Authenticated views (projects, kanban, tickets) look good and are useful for stakeholders. Mom can see dependencies and timelines.