1Executive Summary
Ngắn gọn: 6 nguồn code (5 trong repo, zalo-mini-app đã bị xoá), 36 modules, 120 requirements từ 2 briefs, 3 plan iterations, 13-14 tháng triển khai, ngân sách $442K.
🗂
Module Coverage
36 modules
10 HAVE + 18 PARTIAL + 8 MISSING · 56% coverage
📋
Brief Requirements
120 items
13% DONE · 70% có plan nếu chạy · 30% chưa có plan
⏱
Timeline
13-14 tháng
6 phases (P0-P5) · parallel execution · 4 tháng save nhờ P3+P4 overlap
💰
Budget
$442K USD
Team $236K + AI $82K + Compliance $30K + Buffer $52K + Other $40K
✓ Ready-to-Start indicators: 17 plan files qua 3 iterations · 7 parallel research reports đã hoàn tất · P0 Infrastructure Sprint đã được design chi tiết (5.5 FTE × 2 tuần) · 10 kiến trúc decisions đã validated · 40+ isolation test categories đã scope.
✗ Blockers cần giải quyết trước khi kick-off: (1) 8 BOD Tier 1 decisions đang treo (deadline 2026-04-21) · (2) Strategy CONFLICT giữa Clone+Rewrite PG16 vs Incremental MySQL chưa reconcile · (3) Canary tenant 2-3 khách chưa identify · (4) Compliance Officer + AI/ML engineer chưa recruit (lead time 3-6 tuần VN) · (5) Budget $442K chưa được BOD chính thức phê duyệt · (6) 16 MISSING requirements (AI specialists + VAS monetization + Integration Hub) chưa nằm trong bất kỳ V4 plan nào.
Quick Stats
- Sources: 5 trong repo (backend, backend-admin, frontend, xanhvina-mobile, chat-service). zalo-mini-app DIRECTORY đã bị xoá — cần PO xác nhận status.
- Plan iterations: 260413-2308 (initial gap analysis) → 260414-0010 (schema + keep-drop-rewrite PG16) → 260414-0042 (validated strategy MySQL, 7 research reports, P0 infra sprint).
- Evidence base: 17 plan files + 5 explore reports + 7 research reports + 2 V4 briefs (2106 + 1336 lines) + 1 code validation spot-check 15 items.
- Scale của V3 codebase: backend 18 DDD domains · backend-admin 9 domains · mobile 107 screens · chat-service 3 LLMs · 71 migrations · 161 test files · 229 permissions hardcoded.
2Module Coverage Matrix (36 modules)
Đối chiếu 36 V4 modules với trạng thái V3 hiện tại — group theo 5 nhóm. Coverage gộp = 56% (Shared Business mạnh nhất 75%, Factory yếu nhất 42%).
Coverage theo nhóm module
Platform Core (2.x) — 7 modules43%
Shared Business (3.x) — 10 modules75%
Factory-Specific (4.x) — 6 modules42%
Supplier-Specific (5.x) — 7 modules64%
Worker App 247 (6.x) — 6 modules50%
Chi tiết 36 modules
| ID | Module V4 | Status | Cov% | Phase | Effort |
|---|
| PLATFORM CORE (2.x) — 43% |
| 2.1 | Tenant Management | MISSING | 0% | P0-P2 | L |
| 2.2 | RBAC per-tenant | PARTIAL | 50% | P1 | M |
| 2.3 | Orchestration / Workflow engine | PARTIAL | 25% | P3 | L |
| 2.4 | Integration hub | MISSING | 0% | P3 | L |
| 2.5 | Trust layer & audit | PARTIAL | 30% | P1 | L |
| 2.6 | AI Core central | PARTIAL | 40% | P3 | M-L |
| 2.7 | Analytics & dashboard central | PARTIAL | 60% | P3 | M |
| SHARED BUSINESS (3.x) — 75% |
| 3.1 | Organization & internal users | PARTIAL | 60% | P1-P2 | M |
| 3.2 | Worker master profile | HAVE | 90% | P2 adapt | S-M |
| 3.3 | Recruitment & job | HAVE | 95% | P2 adapt | S |
| 3.4 | Candidate management | HAVE | 85% | P2 adapt | S-M |
| 3.5 | Worker post-hire management | HAVE | 90% | P2 adapt | S |
| 3.6 | Attendance & timesheet | HAVE | 90% | P2 adapt | M |
| 3.7 | Payroll & income | HAVE | 95% | P2 adapt | S-M |
| 3.8 | Leave & internal requests | MISSING | 0% | P4 | M |
| 3.9 | Referral (CTV) | HAVE | 90% | P2 adapt | S |
| 3.10 | Reporting dashboards | PARTIAL | 60% | P3 | M |
| FACTORY-SPECIFIC (4.x) — 42% |
| 4.1 | Manpower planning | MISSING | 0% | P3 | M |
| 4.2 | Worker intake & confirmation | PARTIAL | 50% | P2 | M |
| 4.3 | Source attendance | HAVE | 80% | P2 adapt | S |
| 4.4 | Feedback to supplier | PARTIAL | 30% | P3 | M |
| 4.5 | Supplier coordination | MISSING | 0% | P3 | L |
| 4.6 | AI factory ops | MISSING | 0% | P3 | L |
| SUPPLIER-SPECIFIC (5.x) — 64% |
| 5.1 | Multi-source candidates | PARTIAL | 50% | P2-P3 | M |
| 5.2 | CTV network | HAVE | 95% | P2 adapt | S |
| 5.3 | Vendor / sub-tier | PARTIAL | 50% | P3 | M |
| 5.4 | Candidate distribution multi-factory | PARTIAL | 60% | P2 | M |
| 5.5 | Multi-tier commission | HAVE | 95% | P2 adapt | S |
| 5.6 | Multi-party reconciliation | PARTIAL | 50% | P3 | M |
| 5.7 | AI supplier ops | MISSING | 0% | P3 | L |
| WORKER APP 247 (6.x) — 50% |
| 6.1 | Digital profile | PARTIAL | 40% | P4 | M |
| 6.2 | Personalized job feed | HAVE | 80% | P2 adapt | S |
| 6.3 | Timesheet & income view | HAVE | 80% | P2 adapt | S |
| 6.4 | Leave & requests | MISSING | 0% | P4 | M |
| 6.5 | Financial services (ứng lương, wallet, loan, insurance) | PARTIAL | 20% | P4 | L |
| 6.6 | AI personal advisor | MISSING | 0% | P4 | L |
3Brief Compliance by Category (120 requirements)
Weighted compliance (DONE + 0.5×PARTIAL) của 120 requirements trích từ 2 V4 briefs (Platform 85 + Worker App 35). AI = gap lớn nhất (6%); Module = mạnh nhất (63%).
Compliance radar theo 12 category
Weighted compliance % — ranked
Architecture (12 items)46%
Finance (10 items) — ⚠ VAS monetization20%
SaaS (5 items) — ⚠ self-service missing10%
Integration (5 items) — ⚠ hub missing10%
AI (18 items) — 🚨 BIGGEST GAP6%
🚨 4 CATEGORIES DƯỚI 20% — BIGGEST GAPS: AI (6%), SaaS (10%), Integration (10%), Finance (20%). Những category này hầu hết hoặc chưa nằm trong V4 plan hoặc chỉ có framework sketchy ở Phase 3. Đây là nơi cần BOD quyết định scope-cut HAY tăng team/extend timeline.
16 MISSING items chưa có trong bất kỳ V4 plan nào
| Brief ID | Requirement | Priority | Why Important |
|---|
| BRIEF-P-008 | Data + transactions as productized asset (VAS monetization logic) | P0 | Core của brief strategy — chưa có monetization layer |
| BRIEF-P-010 | SaaS self-service signup + workspace creation + module activation | P0 | Không có = deploy-per-customer (không phải SaaS thật) |
| BRIEF-P-011 | Transaction-based revenue (apply fee, handoff fee, placement) | P1 | Tier-2 revenue model chưa design |
| BRIEF-P-013 | AI-as-service commercial packaging (director-AI, recruiter-AI tiers) | P2 | AI monetization chưa scoped |
| BRIEF-P-036 | Full Integration Hub (webhooks, 2-way sync, field mapping, integration log) | P0 | Chỉ có PublicApiClient 1 chiều |
| BRIEF-P-038 | AI permission boundary (user-scope read-write gate cho AI actions) | P0 | Security gap CRITICAL, chưa trong Phase 3 scope |
| BRIEF-P-061 | Factory → supplier feedback API (hire/work/timesheet/retention return) | P1 | Không có formal supplier-facing return flow |
| BRIEF-P-062 | Factory-supplier coordination workspace | P1 | Multi-party coordination chưa designed |
| BRIEF-P-063 | AI factory ops (shortage alerts, attrition alerts, director Q&A) | P2 | Không có trong Phase 3 AI scope |
| BRIEF-P-070 | AI supplier ops (source effectiveness, recruiter/CTV scoring) | P2 | Không có trong Phase 3 AI scope |
| BRIEF-P-077..082 | 6 AI specialist agents (recruitment / worker-mgmt / attendance / analytics / leader / worker advisor) | P0-P2 | Phase 3 chỉ có 4 generic agents, chưa có 6 specialists |
| BRIEF-W-015 | Certifications upload/display (trade / safety / technical certs) | P1 | Không có trên mobile lẫn backend |
| BRIEF-W-032 | Seasonal job specialized UI (per-shift pay, day/night, Sunday differential) | P1 | Seasonal treated same as formal — sai |
| BRIEF-W-035 | Insurance product integration | P2 | Không có trong plan nào |
| BRIEF-W-038 | VNeID integration (government e-ID) | P2 | Cần MPS partnership — chưa scoped |
| BRIEF-W-057 | Behavior data event log (search, view, compare, AI query, re-open) | P1 | Event sourcing planned nhưng behavior schema chưa defined |
4Code Validation Reality Check
Spot-check 15 claims trong V4 plans vs code thực tế (2026-04-14). Kết quả: 7 CONFIRMED, 5 UPDATED, 3 OUTDATED — net impact -4% đến -6% trên module coverage.
✅Confirmed
7
Claim khớp với code thực tế
🔄Updated
5
Claim đúng hướng nhưng con số mới
❌Outdated
3
Claim sai — cần sửa plan
7 finding CRITICAL cần sửa trong mọi V4 plan
🚨 FINDING #1 — zalo-mini-app DIRECTORY REMOVED:
Root /Users/trungnguyen/Sites/viecxanh/ có 5 sources, KHÔNG có zalo-mini-app/. Root CLAUDE.md vẫn claim "Source 5, 147 files, PRODUCTION" — OUTDATED. Tất cả V4 plan nên update "6 sources" → "5 sources". Cần PO xác nhận: deprecated? moved? deleted post-v3?
🚨 FINDING #2 — Spatie ActivityLog NOT INSTALLED:
composer.json chỉ có spatie/laravel-data, medialibrary, query-builder. KHÔNG có spatie/laravel-activitylog, không có Spatie Permission. V4 audit/compliance story có gap lớn hơn đã báo cáo — Trust Layer phải tự xây hoặc add package mới.
⚠ FINDING #3 — DispatchStatus FSM = 16 states (không phải 10):
backend/app/Domain/Job/Enums/DispatchStatus.php:5-22 có 16 enum cases (ASSIGNED → INTERVIEW_SCHEDULED → INTERVIEWED → PASSED → FAILED → NO_SHOW → ONBOARDING → NO_SHOW_ONBOARDING → HANDED_OVER → HANDOVER_FAILED → JOINED → PAUSED_WORK → LEFT → CANCELLED → CLOSED → CONTRACT_ENDED). V3 granular hơn V4 plan claim. V4 migration PHẢI preserve 16 states, không collapse xuống 10.
⚠ FINDING #4 — Backend = 18 domains (+Factory mới):
backend/app/Domain/* có 18 domains (Factory domain đã add + migration 2026_03_25_100001_create_factories_table.php). Root CLAUDE.md claim 17 — OUTDATED.
⚠ FINDING #5 — Repository coverage = 10/18 domains:
Có interface: Attendance, Community, Dashboard, Finance, Housing, Incentive, Job (2 repos), Worker, WorkerManagement. KHÔNG có: Application, Cluster, Content, Employer, EmployerUser, Factory, Infrastructure, Partner, Shared (9 domains thiếu repo). backend/CLAUDE.md claim "20 interfaces + 100% Eloquent impls" INCONSISTENT — cần reconcile.
⚠ FINDING #6 — Permission matrix = 229 entries (không phải ~358):
backend/config/staff-permissions.php:10-53: 57 modules × avg 4 actions = 229 distinct permission strings. V4 plan claim ~358 overcounted ~56%. Có thể đã count (role × permission) mapping thay vì distinct permissions. Cần align counting method.
⚠ FINDING #7 — Mobile finance stubs partial:
loans = REAL (use-loans.ts → /v1/worker/loans, có screen). wallet + salary-advance + insurance = ABSENT trên mobile (grep không thấy hook/screen). Phase 4 mobile parity scope bigger than planned.
Net Impact
📉Module Coverage Adjusted
~50-52%
Từ 56% → giảm do zalo removal (-3 đến -5%) + ActivityLog gap (-2%)
⚖Mitigation
+1-2%
Factory domain mới + FSM phong phú hơn bù lại một chút
📝Plan Updates Needed
8+ files
Gap analysis, exec summary, schema map, CLAUDE.md all sources
5Phase Timeline (P0-P5) — 13-14 tháng
Gantt view với overlap P3/P4 tail. Critical path sequential = 9 tháng. Wall-clock 13-14 tháng nhờ parallel design. 4 tháng tiết kiệm từ P3 design trong P2 + P4 design trong P3.
Phase
M-2
M-1
M1
M2
M3
M4
M5
M6
M7
M8
M9
M10
M11
M12
M13
M14
P0 Infra
2w · 5.5 FTE
P1 Foundation
3m · 6.5 FTE · READY_TO_START
P2 Schema+MT
4m · 11 FTE peak · NOT_STARTED
P3 V4 Core
4-5m · 12 FTE
P4 247 Full
4-5m · 12 FTE
P5 Stabilize
2-3m · 6 FTE
🚧
P0 Infrastructure
2 tuần
DESIGNED · 3% · 5.5 FTE · TenantRedisStore + HasTenancy + 40+ isolation tests
🏗
P1 Foundation
3 tháng
READY_TO_START · 15% · Trust v1 + permission DB migrate + soft delete + FF UI
🔐
P2 Multi-tenant
4 tháng
NOT_STARTED · 30% · nullable→backfill→NOT NULL + 8 exit gates + canary
🤖
P3 V4 Core
4-5 tháng
NOT_STARTED · 25% · AI Core + LangGraphJS + LiteLLM + pgvector + Workflow engine
📱
P4 247 Full
4-5 tháng
NOT_STARTED · 20% · Ứng lương + Wallet + Insurance + AI Advisor + Mobile catch-up 57 screens
🎯
P5 Stabilize
2-3 tháng
NOT_STARTED · 7% · V3 sunset + SOC 2 Type I + pen-test + chaos test
Parallelization Opportunities
| From phase (design) | During phase (impl) | Starts at | Time saved |
|---|
| P3 design | P2 implementation | M4 | ~1 tháng |
| P4 design | P3 implementation | M7 | ~1 tháng |
| Mobile catch-up (P4) | P3 wrap | M9-13 | ~2 tháng |
Budget Breakdown — $442K (14 tháng, fully loaded)
| Category | Amount | % Total | Notes |
|---|
| Team | $236K | 53% | 7-8 avg FTE × $2.3K/mo × 14m (VN rates) |
| AI infrastructure | $82K | 19% | Ramps $500/mo M1 → $6.8K/mo M13 · $0.068/worker/mo @ 100K workers |
| Compliance | $30K | 7% | DPO + legal + eKYC + licenses Year 1 |
| Buffer (15%) | $52K | 12% | Unforeseen overruns · QA delays · hiring premium |
| Other | $40K | 9% | DevOps tooling + external security firm + SOC 2 assessor + pen-test |
FTE Ramp
| Phase | FTE | Roles added |
|---|
| P0 | 5.5 | 4 devs + 1 QA + 0.5 DevOps |
| P1 M1-3 | 6.5 | +1 PM potential |
| P2 M3-7 | 11 | +AI/ML (M5-6), +Compliance (M5-7), +Mobile sr. |
| P3 M6-10 | 12 | Peak — full team |
| P4 M9-13 | 12 | Mobile catch-up intensive |
| P5 M12-14 | 6 | Scale down — contractors released |
Dependency Blockers
- BOD Tier 1 decisions (Week 1) → blocks P0 kick-off
- Canary tenant SLA (Week 2) → blocks P2 canary rollout (M7)
- Compliance Officer hire (M5-7) → blocks P4a ứng lương launch
- AI/ML engineer hire (M5-6, 3-6w VN lead time, 20-30% premium) → blocks P3 AI accuracy target
- Insurance partner contract (M7) → blocks P4b insurance license
- Insurance license approval (M10-11, 4-6w via sponsor insurer) → blocks P4b launch
- External security firm (M12) → blocks P5 pen-test
6Architectural Decisions (10 validated + 8 pending/conflict)
10 decisions đã được research/validate qua 7 parallel reports. 8 decisions đang pending hoặc CONFLICT giữa 2 plan iterations — BOD phải resolve trước khi P0 khởi động.
✓ 10 Validated Decisions
1. Migration Strategy
Option B + Feature Flags + Event-Driven hybrid
Timeline + team fit + production continuity · -20% risk từ Pennant · +0m cost
2. Multi-tenant DB Pattern
Shared DB + tenant_id column
MySQL native · 1000+ tenant scale · proven (Emmys, Mercadona)
3. Multi-tenant Library
Spatie multitenancy v4
More control vs Tenancy for Laravel · excellent docs
4. Data Migration
Option A in-place: nullable → backfill → NOT NULL + composite indexes
Proven pattern · zero-downtime via gh-ost
5. Authentication
Sanctum unchanged + VerifyStaffToken + VerifyServiceKey + Redis cache 5min
Working in prod · không cần thay
6. Feature Flag Tool
Laravel Pennant (start) → LaunchDarkly (scale)
2-day setup · free · Laravel-native · upgrade path clear
7. Event Bus
Redis Streams (P3 start) → Kafka (scale >1M events/day)
Lower ops burden · upgrade path documented
8. AI Orchestrator
Expand chat-service in-place (KHÔNG rename) + NestJS 11 + LangGraphJS + LiteLLM + pgvector
DNS risk high · strategic value rename thấp · $0 new infra pgvector
9. LLM Gateway
LiteLLM proxy (Python separate)
Cost tracking · model fallback · rate limiting
10. Vector DB
pgvector (Postgres extension)
$0 new infra vs Qdrant ($3K/mo) / Weaviate ($5K/mo) · <20ms latency · HNSW index
⚠ 8 Pending / Conflict Decisions
🚨 CRITICAL CONFLICT — DB Engine V4
Clone+Rewrite PG16 (plan 260414-0010) VS Incremental MySQL (plan 260414-0042)
Hai plan iterations mâu thuẫn. BOD meta-decision required. Ảnh hưởng: folder structure, reuse %, team size, entire migration strategy.
🚨 CRITICAL CONFLICT — Domain Scope
Drop HRM/Content/Community/Housing (plan 260414-0010) VS silent on them (plan 260414-0042)
Schema map khuyên drop 4 domains. Validated plan không address. BOD phải quyết: drop, read-only archive, hay preserve?
Mobile apps count
Split 2 apps (247 worker + Business employer) — CONFIRMED research
Default được xác nhận qua R4 research · no conflict
Frontend structure
Keep 3 separate (Next.js + SPA + mobile) — CONFIRMED research
Default xác nhận · rationale: tách concern + độc lập deploy
Chat-service rename
KHÔNG rename — expand in-place (Tier 3 Q21 VALIDATED)
Supersedes schema-map suggestion rename "ai-service". DNS risk + strategic value rename thấp.
Meilisearch scoping
Per-tenant index vs filtered index — DEFERRED P3
Perf test needed trước khi quyết định
S3 bucket structure
s3://viecxanh/tenants/{slug}/ vs s3://viecxanh-{slug}/ — DEFERRED
DevOps + admin overhead analysis cần trước khi chọn
Code Reuse Target
60-65% reuse (plan 260414-0010) vs preserve most (plan 260414-0042)
"Clone + rewrite" vs "refactor in-place" — tight coupled với DB engine decision
7Risk Heatmap — Top 10 Risks
3 CRITICAL (data leak, cache collision, permission migration) · 6 HIGH (DB locks, jobs, routes, FSM orphans, observers, backfill) · 1 MEDIUM (license delays — đã MITIGATE bằng defer loans Y2). P0 Infrastructure Sprint mitigates 4/10.
Severity × Probability grid
Low Prob.
Medium Prob.
High Prob.
CRITICAL
Severity
—
3 risks#1 Query leak#3 Perm migrate
HIGH
Severity
—
4 risks#6 Route cache#7 FSM orphan#8 Observers#9 Backfill
2 risks#4 DB locks#5 Job context
MEDIUM
Severity
—
—
1 risk#10 License (MITIGATED)
🛡 P0 Infrastructure Sprint mitigates 4 of 10: risks #1 (query leak), #2 (Redis collision), #5 (job context loss), #8 (observer context) — nhờ TenantRedisStore custom driver + HasTenancy trait + TenantAwareJob base + observer integration tests. Remaining 6 spread across P1-P4 với documented mitigation playbooks.
Chi tiết 10 rủi ro
| # | Rủi ro | Severity | Prob. | Mitigation | Phase |
|---|
| 1 | Silent query scoping bypass (cross-tenant data leak) | CRITICAL | MEDIUM | 4-layer defense (middleware/scope/repo/tests) + 40+ isolation tests + monitoring | Before P2 |
| 2 | Redis cache key collision (auth tokens leak across tenants) | CRITICAL | HIGH | TenantRedisStore custom driver + tenant-prefixed keys + parallel cache test | Before P2 |
| 3 | Permission DB migration breaks staff access | CRITICAL | MEDIUM | Dual-read fallback + gradual rollout + FF PERMISSION_DB_ENABLED default OFF | P1 |
| 4 | DB schema migration locks (prod downtime 57M+ rows) | HIGH | HIGH | gh-ost/PlanetScale expand-contract + off-hours + 10K rows/min + pause if latency +5% | P2 |
| 5 | Scheduled jobs lose tenant context | HIGH | HIGH | TenantAwareJob base class + assert tenant_id + static analysis rule | Before P2 |
| 6 | Route caching conflicts with tenant routing | HIGH | MEDIUM | Disable route:cache in prod OR thorough staging test | Before P2 |
| 7 | State machine migration orphans in-flight workflows | HIGH | MEDIUM | Audit in-flight Dispatch records + event sourcing replay | Before P3 |
| 8 | Model observers run outside tenant context | HIGH | MEDIUM | Integration test per observer + manual setContext() | Before P2 |
| 9 | Data backfill 57M+ rows (zero-downtime req) | HIGH | MEDIUM | Dry-run staging + batch tuning + pause if >5% latency degradation | P2 |
| 10 | Financial services license delays (consumer loans SBV 6-12m) | MEDIUM | HIGH | MITIGATED — DEFER consumer loans Y2 · Y1 = 3 license-free products | P4 |
8Câu hỏi cần bổ sung — 63 questions
Tổng 63 câu hỏi chia 5 tier: 8 BOD Tier 1 (blocks Phase 0) · 15 Tier 2 (Month 1) · 7 Tier 3 (Month 2-3) · 13 Technical Unresolved · 5 Operational · 15 NEW từ briefs + code validation.
🚨 TIER 1 — BOD Decisions (8 câu, blocks Phase 0 kick-off, deadline 2026-04-21)
CRITICAL
- Q1 Tenant Unit Definition default A: billing entity + roles as sub-units (ảnh hưởng: schema grain, permission DB)
- Q2 Pricing Tier Structure default A+C: feature tier + add-ons + txn % (billing platform, revenue forecast)
- Q3 Transaction Revenue % default A: 12% placement fee, 40% platform / 60% partners (GTM, partner contracts)
- Q8 MVP Feature Set default B: Core + Priority-2, 10m, 3-5 canary (team size, P1 scope)
- Q13 Canary Tenants default B+C: 2-3 existing + 2-3 new SMBs, mixed factory/supplier
- Q23 Financial Licensing default C: phased + immediate compliance hire M7 (P4 scope, defer loans Y2)
- Q27 Launch Sequence default A: B2B-first Q1-2 2027, 247 app Q2 2027 (revenue timing, sales hire)
- Q28 Team Hiring default C: phased 5→12 FTE, $442K budget
⚠ TIER 2 — BOD Questions (15 câu, Month 1, deadline 2026-05-05)
HIGH
- Q4 AI Pricing (baked-in)
- Q5 Financial Revenue Share (phased)
- Q6 247 Free vs Paid (free forever)
- Q7 Data Licensing (worker opt-in)
- Q9 Formal vs Seasonal (single codebase + flags)
- Q10 Integration Hub scope (A→B phased)
- Q11 247 App Independence (Phase 2 launch)
- Q12 AI Advisor Accuracy (phased 85%→98%)
- Q14 V3→V4 Migration path (phased w/ rollback)
- Q15 Pilot Compensation (free 6m + 50% off + 2h SLA)
- Q19 Permission Matrix (RBAC + delegation + audit)
- Q20 Trust Layer Depth (full 7-year immutable)
- Q22 Data Retention (3/7y platform default)
- Q24 GDPR/VN Law (VN + future-ready)
- Q29 Success Metrics (technical+customer+financial)
ℹ TIER 3 — BOD Fine-tuning (7 câu, Month 2-3, deadline 2026-06-05)
MEDIUM
- Q16 Employer Data Ownership (tenant owns)
- Q17 Worker Data Portability (30-day recovery)
- Q18 Multi-Tenant Isolation (app-layer + audit)
- Q21 Chat-Service Rename (KHÔNG rename — expand in-place)
- Q25 Dispute Resolution (guided resolution)
- Q26 Worker Classification (agnostic + tools P2)
- Q30 Competitive Positioning (category "nền tảng dữ liệu lao động")
🔧 TECHNICAL UNRESOLVED (13 câu — deferred to Phase 2-3)
INFO
- T1 Meilisearch per-tenant (separate vs filtered)
- T2 S3 bucket structure (shared vs per-tenant)
- T3 Lookup table mutations (skill_weight per-tenant vs global)
- T4 Chat-service multi-tenancy (bridge supplier↔factory?)
- T5 Backward compat window V3 API (default 6m — CONFIRMED)
- T6-T9 🚨 Domain fates CONFLICT: Housing, Community, Content→CMS, HRM (schema map DROP vs validated keeps silent)
- T10 V3 data migration: full migrate vs canary pilot first?
- T11 Chat messages: MongoDB (current) vs PG 100%?
- T12 Admin-spa hosting (CDN vs VPS nginx)
- T13 API versioning (/v4/ prefix vs hard break)
👥 OPERATIONAL / HIRING (5 câu)
INFO
- O1 Canary tenant identity (2-3 existing + 2-3 new SMBs, who?)
- O2 Feature flag tool: Laravel Pennant vs LaunchDarkly (default: start Pennant, scale LD)
- O3 Compliance officer hiring timeline (start recruiting M5, onboard M7)
- O4 AI/ML engineer hiring delay (3-6w VN, 20-30% premium) — start NOW
- O5 BOD risk tolerance on financial services (sandbox Decree 94/2025 Y1?)
🆕 NEW QUESTIONS FROM BRIEFS (10 câu — chưa address trong bất kỳ plan nào)
NEW
- NB1 AI specialists missing — Phase 3 chỉ có 4 generic agents, brief yêu cầu 6 specialists (recruitment/worker-mgmt/payroll/analytics/leader/worker advisor). Scope-up Phase 3 hay defer?
- NB2 AI permission boundary (BRIEF-P-038) — enforced at LiteLLM gateway hay application layer? Security gap CRITICAL.
- NB3 SaaS self-service (BRIEF-P-010) — signup flow + workspace creation + module activation. Chưa có plan nào; không có = deploy-per-customer.
- NB4 Integration hub full (BRIEF-P-036) — webhooks + 2-way sync + field mapping + integration log. Chỉ có PublicApiClient 1 chiều.
- NB5 Factory-supplier coordination workspace (BRIEF-P-062) — scoped access, scoped candidates, exchange log. Multi-party coord chưa design.
- NB6 Seasonal job UI (BRIEF-W-032) — per-shift pay, day/night differential, Sunday rate. Hiện treated same as formal.
- NB7 VNeID partnership (BRIEF-W-038) — cần MPS partnership hay third-party verification provider?
- NB8 AI monetization (BRIEF-P-013) — director-AI, recruiter-AI premium tiers vs base SaaS?
- NB9 Certifications system (BRIEF-W-015) — platform verify (OCR + manual review) hay trust worker uploads?
- NB10 Behavior data event log (BRIEF-W-057) — schema cho search/view/compare/AI-query/re-open? Event sourcing có chứa không?
🔍 NEW FROM CODE VALIDATION (5 câu)
NEW
- CV1 zalo-mini-app status — directory đã removed nhưng root CLAUDE.md vẫn claim PRODUCTION. Deprecated? Moved? Deleted?
- CV2 Repository discrepancy — backend/CLAUDE.md claim 20 interfaces, thực tế 10. Check app/Infrastructure/Repositories/?
- CV3 Audit log strategy for V4 — Spatie ActivityLog NOT installed. Add package hay tự xây? Ảnh hưởng Trust Layer scope.
- CV4 Permission counting method — V4 plan dùng distinct permissions (229) hay role×permission mapping (~358)? Align method.
- CV5 Factory domain scope — mới add từ snapshot cũ hơn, có in-scope cho V4 multi-tenancy design?
9Recommendations + Next 90 Days
6 priorities cần team-lead/BOD action trong 90 ngày tới. Pattern: decisions → recruiting → canary identify → budget approval → P0 kick-off.
Top 6 Priorities
| # | Priority | Why / Evidence | Deadline |
|---|
| 1 | Reconcile strategy CONFLICT — Clone+Rewrite PG16 (260414-0010) vs Incremental MySQL (260414-0042). Pick ONE approach; ảnh hưởng mọi downstream decision. | Hai plan iterations mâu thuẫn. Tight coupled với DB engine + folder structure + reuse % + team size decisions. | 2026-04-21 |
| 2 | Schedule BOD Tier 1 meeting — 60 phút answer 8 câu hỏi Tier 1 trước 2026-04-21. Các câu này BLOCK P0 kick-off. | Q1 Tenant Unit · Q2 Pricing · Q3 Txn % · Q8 MVP · Q13 Canary · Q23 Financial · Q27 Launch · Q28 Team. | 2026-04-21 |
| 3 | Start recruiting Compliance Officer + AI/ML NGAY BÂY GIỜ — lead time 3-6 tuần VN + 20-30% premium. | Compliance Officer blocks P4a ứng lương (M7). AI/ML blocks P3 AI accuracy target (M6). | Week 1 |
| 4 | Identify 2-3 canary tenants trong BD pipeline — engage trước P2 start (M3). | Mixed factory + supplier. SLA signed = P2 exit gate. BD team phải shortlist 5-8 candidates. | Week 2-4 |
| 5 | Approve $442K budget envelope — fund P0+P1 immediately, stage P2-P5 (tranched approval). | Team $236K + AI $82K + Compliance $30K + Buffer $52K + Other $40K. Fully loaded 14 tháng. | Week 2 |
| 6 | Run Phase 0 Infrastructure Sprint regardless — 2 tuần, 5.5 FTE, chặn 3 CRITICAL + 7 HIGH risks. | TenantRedisStore + HasTenancy + TenantAwareJob + 40+ isolation tests. Mitigates risks #1/#2/#5/#8. | Week 3-4 |
Next 90 Days Breakdown
🔴
Days 1-7 — URGENT
Decisions
BOD Tier 1 prep · strategy reconcile document · recruiting job posts · budget memo
🟡
Days 8-14 — SCHEDULING
Meetings
BOD Tier 1 meeting · canary shortlist review · recruiter engagement · P0 kickoff prep
🔵
Days 15-30 — EXECUTION
P0 Infra
P0 Sprint start · interview candidates · canary tenant SLA negotiate · insurance partner outreach
🟢
Days 31-90 — BUILD
P1 Foundation
P1 kick-off · Trust v1 + permission DB migrate · AI/ML + Compliance onboard M5-7 · BOD Tier 2 decisions
Final Scorecard
| Dimension | Score | Weight | Weighted | Note |
|---|
| Plans Maturity | 8/10 | 20% | 1.6 | 17 plans + 7 research reports · strategy conflict unresolved |
| V3 Readiness | 6/10 | 30% | 1.8 | 56% module coverage · 0 tenant_id columns · Spatie ActivityLog NOT installed |
| Decision Readiness | 5/10 | 25% | 1.25 | 30 BOD Qs documented · 0 Tier 1 answered · budget not approved |
| Implementation Readiness | 4/10 | 25% | 1.0 | P0 scope specified · team not hired · canary not signed · insurance partner not identified |
| OVERALL | | 5.65/10 | WELL-PLANNED nhưng NOT-YET-EXECUTABLE |
✓ Verdict: V4 migration là WELL-PLANNED (maturity 8) nhưng NOT-YET-EXECUTABLE (impl readiness 4). Unblocking requires: BOD Tier 1 decisions + team hiring kickoff + canary SLA. Timeline 13-14 tháng REALISTIC NẾU Phase 0 start trong 2-3 tuần sau BOD approval. Confidence: 50% cho 12-13m · 25% cho 14-15m · 25% risk cho 16m+.