VIỆC XANH — Báo cáo HĐQT Di trú V4 (Tổng hợp 1-sitting)

Tab 1 · Context Setting

ViệcXanh đang chạy trên 5 sources (không phải 6) — single-tenant hoàn toàn

Hệ thống V3 đang vận hành PRODUCTION với 5 sources code (zalo-mini-app đã bị xoá khỏi repo). Chỉ ~56% số module đạt yêu cầu V4, 0 tenant_id columns trên 71 migrations, và 7 finding code-validation làm giảm điểm thực tế về 50-52%.

Tab này trả lờiChúng ta đang ở đâu? Hệ thống hiện tại có gì?

Tại sao BOD cần biếtKhoảng cách V3 → V4 quyết định effort / risk / budget.

Cần quyết định gìChưa — đây là baseline. Decisions ở Tab 7.

Key Numbers — Hiện trạng V3

🗂

Sources trong repo

backend · backend-admin · frontend · mobile · chat-service

🗄

Tenant coverage

0 / 71

Zero tenant_id trên toàn bộ migrations

📁

PHP files

~1,880

backend 1,262 + backend-admin 618

🧪

Test files

195

backend 161 + backend-admin 34

5 Sources — Chi tiết

🔵 backend/ PROD

Laravel 12 · Public API · api.xanhvina.com.vn

18 domains: Application · Attendance · Cluster · Community · Content · Dashboard · Employer · EmployerUser · Factory · Finance · Housing · Incentive · Infrastructure · Job · Partner · Shared · Worker · WorkerManagement
Scale: 1,262 PHP files · 24 route files · 161 tests · 43 migrations
Auth: Sanctum (worker/employer) + VerifyStaffToken + VerifyServiceKey
V4 relevance: KEEP 70-80% reuse — Worker/Job/Application/Attendance/Finance

🟦 backend-admin/ PROD

Laravel 12 + React SPA · admin.xanhvina.com.vn

9 domains: Attendance · Campaign · Crm · Finance · Hrm · Infrastructure · RecruitmentSupport · Shared · Trust
Scale: 618 PHP + 648 TSX/TS files · 34 tests · 25 migrations · DB viecxanh_admin
SPA: Vite 8 · React 19 · React Router v7 · TS 5.9 · Tailwind 4
V4 relevance: Laravel DROP (merge to unified) · SPA PROMOTE to admin-spa/ standalone

🟢 frontend/ PROD

Next.js 16 · xanhvina.com.vn

Purpose: Public website (SEO) · worker/employer/staff portals
Scale: 591 TS/TSX files · 89 routes
Auth: BFF pattern (HttpOnly cookies via /api/auth routes) · 3 login flows
V4 relevance: Keep as viecxanh.vn + tenant switcher + worker cross-tenant identity

🟡 xanhvina-mobile/ DEV

Expo 55 + RN 0.83 · Phase 1

Stack: NativeWind 4.2.3 · SWR 2.4 · Zustand 5 · Biome
Scale: 107 screens (49 worker + 1 employer built · 47/49 API connected)
V4 relevance: Financial services (ứng lương / wallet / insurance) + AI Advisor — 57 screens catch-up tại P4

🟣 chat-service/ PARTIAL

NestJS + MongoDB · AI foundation

LLMs: Claude · OpenAI · DeepSeek (3 providers)
Purpose: AI + Moderation + Admin SPA bridge
V4 relevance: EXPAND in-place (KHÔNG rename) → LangGraphJS + LiteLLM + pgvector — trở thành AI Core Central

⚫ zalo-mini-app/ REMOVED

❌ DIRECTORY NOT FOUND trong repo

Status: Directory đã bị xoá (root CLAUDE.md vẫn claim PRODUCTION)
BOD cần confirm: deprecated? moved? deleted post-v3?
Impact: Cần update "6 sources" → "5 sources" trên toàn bộ plan / docs

🚨 Code Validation Reality Check — 7 finding CRITICAL

Spot-check 15 claims trong V4 plans vs code thực tế (2026-04-14). Kết quả: 7 CONFIRMED findings dưới đây làm giảm module coverage adjusted ~4-6%.

FINDING #1 — zalo-mini-app DIRECTORY REMOVED: Root /Users/trungnguyen/Sites/viecxanh/ có 5 sources, KHÔNG có zalo-mini-app/. Root CLAUDE.md vẫn claim "Source 5 · 147 files · PRODUCTION". Tất cả V4 plan phải update: "6 sources" → "5 sources".

FINDING #2 — Spatie ActivityLog NOT INSTALLED: composer.json chỉ có spatie/laravel-data, medialibrary, query-builder. KHÔNG có spatie/laravel-activitylog, không có Spatie Permission. Trust Layer gap lớn hơn báo cáo — phải tự xây hoặc add package mới.

FINDING #3 — DispatchStatus FSM = 16 states (không phải 10): backend/app/Domain/Job/Enums/DispatchStatus.php:5-22 có 16 enum cases (ASSIGNED → INTERVIEW_SCHEDULED → INTERVIEWED → PASSED → FAILED → NO_SHOW → ONBOARDING → NO_SHOW_ONBOARDING → HANDED_OVER → HANDOVER_FAILED → JOINED → PAUSED_WORK → LEFT → CANCELLED → CLOSED → CONTRACT_ENDED). V3 granular hơn — V4 migration PHẢI preserve 16 states.

FINDING #4 — Backend = 18 domains (+Factory mới): Có 18 domains trong backend/app/Domain/* với migration 2026_03_25_100001_create_factories_table.php. Root CLAUDE.md claim 17 — OUTDATED.

FINDING #5 — Repository coverage = 10/18 domains (không phải 20): Có interface: Attendance · Community · Dashboard · Finance · Housing · Incentive · Job (2 repos) · Worker · WorkerManagement. KHÔNG có repo: Application · Cluster · Content · Employer · EmployerUser · Factory · Infrastructure · Partner · Shared. backend/CLAUDE.md claim "20 interfaces" INCONSISTENT.

FINDING #6 — Permission matrix = 229 entries (không phải ~358): backend/config/staff-permissions.php:10-53: 57 modules × avg 4 actions = 229 distinct permissions. V4 plan claim ~358 overcounted ~56% (có thể đã count (role × permission) mapping).

FINDING #7 — Mobile finance stubs partial: loans = REAL (use-loans.ts → /v1/worker/loans). wallet + salary-advance + insurance = ABSENT trên mobile (grep không thấy hook/screen). Phase 4 mobile parity scope bigger than planned.

Net Impact trên Module Coverage

📉

Coverage Adjusted

~50-52%

Giảm từ 56% do zalo removal + ActivityLog gap

⚖

Mitigation

+1-2%

Factory domain mới + FSM 16 states bù lại

📝

Plan Updates Needed

8+ files

Gap analysis · exec summary · schema map · CLAUDE.md all sources

Kết luận Tab 1: V3 là foundation solid (70-80% reuse của Worker/Job/Application là khả thi) nhưng single-tenant 100% — không có concept multi-tenancy trong DB hay code. Khoảng cách V3 → V4 không phải "add features" mà là "refactor kiến trúc sâu". Đó là lý do lộ trình 13-14 tháng + $442K budget.

Tab 2 · Requirements Inventory

120 requirements từ 2 V4 briefs — 13% DONE, 38% weighted compliance

Brief Platform (85 items) + Brief Worker App 247 (35 items) = 120 requirements. Chỉ 13% DONE hôm nay, weighted compliance 38%. Nếu V4 plans execute đúng thì đạt 70%, 30% (16 items) CHƯA có trong bất kỳ plan nào — biggest gaps: AI 6% · SaaS 10% · Integration 10% · Finance monetization 20%.

Tab này trả lờiBrief nói ViệcXanh cần làm gì? V3 còn thiếu bao nhiêu?

Tại sao BOD cần biết30% requirements không có plan = scope gap hoặc phải mở rộng team.

Cần quyết định gìScope-cut 16 items hay tăng team/extend timeline? (Tab 7 Q8).

Key Numbers — Brief Compliance

📋

Total Requirements

120

Platform 85 + Worker App 35

✅

DONE Hôm nay

13% · chủ yếu Module + Mobile core

❌

MISSING no-plan

30% không address trong bất kỳ V4 plan

📈

Potential nếu P0-P5 chạy

70%

Vẫn gap 30% do 16 MISSING items

Compliance theo 12 Category

Radar compliance (weighted %)

Ranked by compliance %

Module (19 items)63%

UX (6 items)58%

Strategy (14 items)57%

Mobile (19 items)50%

Architecture (12 items)46%

Trust (4 items)38%

Data (6 items)33%

Security (2 items)25%

Finance (10) — ⚠ VAS monetization20%

SaaS (5) — ⚠ self-service missing10%

Integration (5) — ⚠ hub missing10%

AI (18) — 🚨 BIGGEST GAP6%

🚨 4 CATEGORIES DƯỚI 20% — BIGGEST GAPS: AI (6%) · SaaS (10%) · Integration (10%) · Finance monetization (20%). Những category này hầu hết CHƯA nằm trong V4 plan hoặc chỉ có framework sketchy Phase 3. Đây là nơi BOD cần quyết định scope-cut HAY tăng team/extend timeline.

16 MISSING Items — Không có trong bất kỳ V4 plan nào

Click mở: Top 16 MISSING requirements (chi tiết Brief ID + priority) ▸

Brief ID	Requirement	Priority	Why Important
BRIEF-P-008	Data + transactions as productized asset (VAS monetization logic)	P0	Core của brief strategy — chưa có monetization layer
BRIEF-P-010	SaaS self-service signup + workspace creation + module activation	P0	Không có = deploy-per-customer (không phải SaaS thật)
BRIEF-P-011	Transaction-based revenue (apply fee, handoff fee, placement fee)	P1	Tier-2 revenue model chưa design
BRIEF-P-013	AI-as-service commercial packaging (director-AI, recruiter-AI tiers)	P2	AI monetization chưa scoped
BRIEF-P-036	Full Integration Hub (webhooks, 2-way sync, field mapping, integration log)	P0	Chỉ có PublicApiClient 1 chiều
BRIEF-P-038	AI permission boundary (user-scope read-write gate cho AI actions)	P0	Security gap CRITICAL, chưa trong Phase 3 scope
BRIEF-P-061	Factory → supplier feedback API (hire/work/timesheet/retention return)	P1	Không có formal supplier-facing return flow
BRIEF-P-062	Factory-supplier coordination workspace	P1	Multi-party coordination chưa designed
BRIEF-P-063	AI factory ops (shortage alerts, attrition alerts, director Q&A)	P2	Không có trong Phase 3 AI scope
BRIEF-P-070	AI supplier ops (source effectiveness, recruiter/CTV scoring)	P2	Không có trong Phase 3 AI scope
BRIEF-P-077..082	6 AI specialist agents (recruitment / worker-mgmt / attendance / analytics / leader / worker advisor)	P0-P2	Phase 3 chỉ có 4 generic agents, chưa có 6 specialists
BRIEF-W-015	Certifications upload/display (trade / safety / technical certs)	P1	Không có trên mobile lẫn backend
BRIEF-W-032	Seasonal job specialized UI (per-shift pay, day/night, Sunday differential)	P1	Seasonal treated same as formal — sai
BRIEF-W-035	Insurance product integration	P2	Không có trong plan nào
BRIEF-W-038	VNeID integration (government e-ID)	P2	Cần MPS partnership — chưa scoped
BRIEF-W-057	Behavior data event log (search, view, compare, AI query, re-open)	P1	Event sourcing planned nhưng behavior schema chưa defined

Ý nghĩa chiến lược của 16 MISSING items: (1) VAS monetization = strategic core của V4 brief — không có = không khác biệt vs V3. (2) SaaS self-service = điều kiện cần để gọi là SaaS thật — không có = model "deploy-per-customer" không scale. (3) 6 AI specialists = USP của V4 — Phase 3 chỉ có 4 generic agents là KHÔNG đủ. HĐQT cần quyết định: thêm budget để cover 16 items, hoặc accept V4 launch với gaps này và phase-2 bolt-on sau Y1.

Tab 3 · Database Transformation

V3 có ~71 tables / 0 tenant_id → V4 target 92 tables / 40+ tenant_id

V3 chia 4 DBs (viecxanh + viecxanh_admin + chat MongoDB + Redis), hoàn toàn single-tenant. V4 target unified DB với 92 tables, TẤT CẢ có tenant_id (trừ worker_accounts cross-tenant). Có 2 PATH engine ĐANG CONFLICT: plan 260414-0010 khuyên PostgreSQL 16 (pgvector); plan 260414-0042 khuyên Incremental MySQL (giữ nguyên). Migration 57M+ rows cần zero-downtime.

Tab này trả lờiCấu trúc dữ liệu V4 khác V3 bao nhiêu? Cần migrate gì?

Tại sao BOD cần biếtSchema breaking changes = downtime risk, backfill cost, engine choice.

Cần quyết định gìDB Engine: PG16 vs MySQL (Meta-decision M1 ở Tab 7).

Key Numbers — Schema Diff

🗂

Tables V3 → V4

71 → 92

+21 tables mới (Gap A-H + specialist modules)

🔑

tenant_id coverage

0 → ~91

Chỉ worker_accounts NOT tenant-scoped (cross-tenant identity)

📦

Data volume migrate

57M+

attendance_records + work_records — zero-downtime required

💾

DBs Unified

4 → 1

Bỏ cross-DB queries, PublicApiClient proxy complexity

Infrastructure Comparison

V3 MySQL Single-Tenant

Engine: MySQL 8.x / MariaDB
Tenancy: Single-tenant (0 tenant_id)
DBs: 4 (viecxanh + viecxanh_admin + chat MongoDB + Redis)
Migrations: ~71 split across 2 DBs
FK: Deferred (migration 999999 skip SQLite)
Extensions: MySQL built-in only
RLS: ❌ Không có (app-layer only)
Partitioning: ❌ Không có
Soft Deletes: ❌ Hard delete
Money: decimal(15,2)
Cross-DB queries: ⚠ Admin reads work_records từ public DB

→

V4 target Multi-Tenant Unified

Engine: PostgreSQL 16 (plan 260414-0010) · hoặc MySQL kept (plan 260414-0042)
Tenancy: Multi-tenant row-level (tenant_id trên ~91 tables)
DBs: 2 (unified + Redis; chat optional MongoDB)
Migrations: ~92 unified, clean build order
FK: Natural dependency order (tests in-memory OK)
Extensions: pgvector · pg_trgm · unaccent · pgcrypto · uuid-ossp (PG path only)
RLS: ✅ Policies bật theo tenant_id (PG) / app-layer + audit (MySQL)
Partitioning: ✅ Range partition work_date / created_at (attendance 30M/tháng)
Soft Deletes: ✅ deleted_at + SoftDeletingScope
Money: NUMERIC(19,4) — financial-grade invariants
Cross-DB queries: ✅ Không còn (unified)

Domain Mapping — V3 (17-18) → V4 (15 module groups)

V3 Domain	V4 Destination	Action	Ghi chú
Shared	Shared kernel	KEEP	Framework utilities
Worker	M4 Worker Lifecycle	KEEP 70%	21 models · 23 services reuse
WorkerManagement	M4 Worker Lifecycle (extend)	MERGE	Groups/tags gộp M4
Employer	M1 Tenant + Gap A Workflow	SPLIT	Employer → tenant entity
EmployerUser	M2 IAM users	MERGE	Unified user model
Cluster	M1 work_locations	RENAME	Geographic unit, not tenant
Factory (V3 legacy)	—	DROP	Legacy alias, redundant với Employer
Job	M3 Recruitment	KEEP 80%	Dispatch FSM 16 states preserve
Application	M3 Recruitment (applications)	KEEP	Direct reuse
Attendance	M5 Attendance & Timesheet	KEEP	Partition by work_date
Finance	M6 Payroll + Gap E Financial	SPLIT	Payroll (M6) vs Financial Services (Gap E)
Incentive	M8 Supplier Network (commissions)	KEEP 95%	Multi-tier commission preserved
Partner	M1 tenant_partnerships	RENAME	N:N tenant relationship
Dashboard	M11 AI Analytics	MERGE	Per-tenant rewrite
Infrastructure	M2 IAM + M7 Platform	SPLIT	User mgmt → M2, utilities → M7
HRM (backend-admin)	—	DROP?	30 tables · Not in V4 brief · CONFLICT Tab 7 M2
Housing	—	DROP?	9 tables · Not in V4 brief · CONFLICT Tab 7 M2
Community	—	DROP?	16 tables · Not in V4 brief · CONFLICT Tab 7 M2
Content	Move to headless CMS	DROP?	6 tables · CMS split · CONFLICT Tab 7 M2

Breaking Changes — Tables / Columns cần data backfill

Entity	V3 Columns thay đổi	Strategy
workers	+ tenant_id (nullable→backfill→NOT NULL) + deleted_at + preferences JSONB	Option A in-place
employers	→ migrate thành `tenants` + `organizations` (split) + tenant_id self-ref	Shadow write + cut-over
jobs	+ tenant_id + workflow_instance_id + `distribution_rules JSONB`	Option A in-place + FSM preserve
applications	+ tenant_id + stage_snapshot (policy versioning) + interview_rounds link	Option A in-place
attendance_records	+ tenant_id + partition key work_date + raw_source_ref (factory ingest)	gh-ost/PlanetScale expand-contract · off-hours · 10K rows/min
finance (payroll + commission)	decimal(15,2) → NUMERIC(19,4) · split loan_applications / salary_advances / wallet_balances	Dual-write + reconcile · financial-grade invariants
users / permissions	229 perms từ config → DB · +role_permissions N:N · +login_logs	Dual-read fallback + FF `PERMISSION_DB_ENABLED` default OFF
NEW — 20+ tables chưa có trong V3
Tenant layer	tenants · tenant_modules · tenant_partnerships · tenant_subscriptions · tenant_configs	ALL NEW · M1 Phase 1
Workflow Engine (Gap A)	workflow_definitions · workflow_instances · workflow_transitions	NEW · M2 Phase 2
Trust Layer (Gap G)	entity_versions (full snapshot JSONB) · audit_logs · domain_events · policy_snapshots	NEW · Phase 1-2
Integration Hub (Gap B)	integration_sync_rules · integration_sync_logs · webhook_subscriptions (HMAC + retry)	NEW · Phase 3
AI Stack (Gap C/D + M11)	ai_sessions · ai_messages · ai_recommendations · knowledge_documents · knowledge_embeddings (pgvector) · ai_tools	NEW · Phase 3
Worker App 247 (Gap F)	worker_accounts (cross-tenant) · worker_skills · worker_experiences · worker_certificates · worker_preferences · worker_timeline_events	NEW · Phase 4
Financial Products (Gap E)	loan_products · loan_applications · insurance_policies · wallet_balances	NEW · Phase 4 · financial-grade

Migration Strategy — Option A in-place (validated plan 260414-0042): Thêm column tenant_id NULL → backfill batch 10K rows/min (pause if >5% latency) → alter NOT NULL + composite indexes → shadow-write verify → cut-over. Tools: gh-ost (MySQL) hoặc pgBouncer + logical replication (PG). Zero-downtime target: dưới 5s connection pause tại cut-over.

🚨 CONFLICT CẦN HĐQT RESOLVE (Meta-decision M1 tại Tab 7): Option 1 (plan 260414-0010) — Clone + Rewrite PG16: folder mới backend-v4/, 60-65% reuse, leverage pgvector native. Option 2 (plan 260414-0042) — Incremental Refactor MySQL: giữ nguyên folder, refactor in-place, preserve production continuity. Chọn sai = mất 3-4 tháng làm lại. BOD phải quyết vào tuần 1.

Tab 4 · Multi-Tenant Design

Shared DB + tenant_id pattern · 6-layer architecture · 3 tenant types

V4 dùng Spatie multitenancy v4 pattern: shared DB với tenant_id column + IdentifyTenant middleware + TenantRedisStore custom driver. Tenant type configurable: factory (nhà máy), supplier (NCC), hybrid (holding vừa factory vừa supplier). 6-layer architecture từ Platform Core xuống Integration. 5 domain zones (viecxanh.vn public + factory-abc.viecxanh.vn tenant + api.viecxanh.vn + ai.viecxanh.vn + system.viecxanh.vn).

Tab này trả lờiV4 structure code + DB sẽ ra sao? Tenant isolation bảo đảm thế nào?

Tại sao BOD cần biếtMulti-tenant pattern = foundation của SaaS business model.

Cần quyết định gìQ1 Tenant Unit + Q2 Pricing Tier (Tab 7).

Key Numbers — Tenant Architecture

🏢

Tenant Types

factory · supplier · hybrid (configurable)

🗂

Architecture Layers

Platform Core → Enterprise → Worker → Data → AI → Integration

🌐

Domain Zones

Public · Tenant · API · AI · System

⚡

Tenant Onboarding

5 phút

Subdomain auto + wildcard SSL + module activation

6-Layer Architecture

1Platform Core (2.x) — 7 modulesInfrastructure + cross-cutting concerns. Tenant Management, RBAC per-tenant, Orchestration/Workflow engine, Integration hub, Trust layer & audit, AI Core central, Analytics & dashboard central.

          2.1 Tenants
          2.2 RBAC
          2.3 Workflow
          2.4 Integration
          2.5 Trust
          2.6 AI Core
          2.7 Analytics
        
2Enterprise Apps — Shared Business (3.x) — 10 modulesFunctional modules dùng chung cho tất cả tenant types: Organization & internal users, Worker master profile, Recruitment & job, Candidate management, Worker post-hire, Attendance & timesheet, Payroll & income, Leave & internal requests, Referral (CTV), Reporting dashboards.

          3.1 Org
          3.2 Worker
          3.3 Recruit
          3.4 Candidate
          3.5 Post-hire
          3.6 Attendance
          3.7 Payroll
          3.8 Leave
          3.9 CTV
          3.10 Reports
        
3Tenant-Specific — Factory (4.x) 6 + Supplier (5.x) 7 modulesBật theo tenant type qua tenant_modules table. Factory: Manpower planning, Worker intake, Source attendance, Feedback to supplier, Supplier coordination, AI factory ops. Supplier: Multi-source candidates, CTV network, Vendor/sub-tier, Candidate distribution, Multi-tier commission, Multi-party reconciliation, AI supplier ops.

          Factory 4.1-4.6
          Supplier 5.1-5.7
        
4Worker App 247 (6.x) — 6 modulesMobile-first workspace cho worker (mọi tenant). Digital profile 9 parts, Personalized job feed (cross-tenant), Timesheet & income view, Leave & requests, Financial services (ứng lương / wallet / loan / insurance), AI personal advisor.

          6.1 Profile
          6.2 Job feed
          6.3 Income
          6.4 Requests
          6.5 Financial
          6.6 AI advisor
        
5Data + Transaction Layer — Event Sourcing + VASEvent-sourced domain_events table capture mọi state change. entity_versions full snapshot JSONB (dispute replay). VAS monetization: data + transaction as productized asset (BRIEF-P-008, currently MISSING).

          domain_events
          entity_versions
          policy_snapshots
          ⚠ VAS layer (gap)
        
6AI + Analytics + IntegrationAI Core (chat-service expanded) + LangGraphJS + LiteLLM gateway + pgvector embeddings. Integration Hub (Gap B): webhooks, 2-way sync, field mapping, HMAC signed, retry queue. Cross-cuts tất cả layers 1-5.

          chat-service
          LangGraphJS
          LiteLLM
          pgvector
          webhooks
          sync_rules
        

Tenant Model — Core Tables

Table	Purpose	Key Columns
`tenants`	Master tenant record	id · slug · type (factory/supplier/hybrid) · subdomain · custom_domain · tier (basic/premium) · status
`tenant_users`	User membership per tenant	tenant_id · user_id · role_id · is_primary · joined_at
`tenant_configs`	Per-tenant settings	tenant_id · key · value JSONB (branding · notification channels · workflow rules)
`tenant_modules`	Module activation toggle	tenant_id · module_code (4.1-5.7) · enabled · enabled_at · config JSONB
`tenant_partnerships`	N:N tenant relationship	tenant_a_id · tenant_b_id · type (factory-supplier) · contract_ref · status
`tenant_subscriptions`	Billing plans	tenant_id · plan_code · billing_cycle · mrr · active_from/to · trial_ends_at

Module Activation Matrix — Factory vs Supplier vs Hybrid

Module Group	Factory	Supplier	Hybrid	Ghi chú
Platform Core (2.x)	✅	✅	✅	Luôn bật — foundation
Shared Business (3.x)	✅	✅	✅	Luôn bật — 10 modules
Factory-Specific (4.x)	✅	❌	✅	Bật qua tenant_modules row
Supplier-Specific (5.x)	❌	✅	✅	Bật qua tenant_modules row
Worker App 247 (6.x)	✅ (read-only)	✅ (read-only)	✅	Worker xem profile cross-tenant

Cross-Service Tenant Awareness

Mọi service phải tenant-aware qua IdentifyTenant middleware:
1. backend (Laravel) — IdentifyTenant middleware resolve từ host header / X-Tenant-Slug / JWT claim · HasTenancy trait tự thêm WHERE tenant_id=? vào mọi query · TenantAwareJob base class cho scheduled jobs.
2. backend-admin SPA → admin-spa standalone · send X-Tenant-Slug header.
3. chat-service (NestJS) — tenant_id trong ai_sessions + messages · LiteLLM gateway ENFORCE AI permission boundary (BRIEF-P-038).
4. mobile (Expo) — tenant switcher nếu worker làm nhiều tenant · TokenRefresh include tenant context.
5. frontend (Next.js) — public viecxanh.vn cross-tenant SEO · worker login cross-tenant identity · employer portal tenant switcher.

Domain Zones — 5 Zones

Zone	URL Pattern	Purpose
🟢 Zone 1 — Public Marketplace	`viecxanh.vn`	SEO job feed cross-tenant · worker portal cross-tenant identity · employer portal với tenant switcher
🔵 Zone 2A — Tenant Subdomain Basic	`factory-abc.viecxanh.vn/admin`	Auto-provision per-tenant · wildcard SSL · TẤT CẢ tenants có
🟡 Zone 2B — Custom Domain Premium	`abc.com.vn/admin`	Opt-in premium · Let's Encrypt ACME · DNS verify qua TXT record
🟣 Zone 3 — API	`api.viecxanh.vn`	Unified backend Laravel · identify tenant qua Host/X-Tenant-Slug/JWT claim
🔵 Zone 4 — AI / Chat	`ai.viecxanh.vn`	NestJS + Socket.io + LLMs (expand chat-service in-place)
🔴 Zone 5 — System Admin	`system.viecxanh.vn`	ViệcXanh ops team only · super admin cross-tenant · 2FA required

Key insight: Mỗi tenant có 2 access modes song song: (1) subdomain factory-abc.viecxanh.vn auto-provision cho all tenants (5 phút onboarding, wildcard SSL luôn hoạt động) + (2) custom domain abc.com.vn opt-in gói premium (~1 ngày DNS verify + SSL provision). Cùng tenant context, cùng API, chỉ khác entry URL. Subdomain LUÔN là fallback nếu custom domain chưa provision.

Tab 5 · Execution Roadmap

6 phases P0-P5 · 13-14 tháng · $442K · team 5.5 → 12 peak FTE

P0 (2 tuần, 5.5 FTE) Infrastructure Sprint mitigate 3 CRITICAL risks trước khi P1 khởi động. P3 design trong P2 + P4 design trong P3 tiết kiệm 4 tháng wall-clock. Ngân sách fully loaded: $236K team + $82K AI + $30K compliance + $52K buffer 15% + $40K other. backend-admin Laravel sẽ DROP, SPA promote thành admin-spa/ standalone.

Tab này trả lờiLàm thế nào trong 14 tháng? Ai làm? Tốn bao nhiêu?

Tại sao BOD cần biếtTimeline + budget + team = commitment BOD duyệt.

Cần quyết định gìQ8 MVP scope + Q28 Hiring + Q23 Financial licensing (Tab 7).

Key Numbers — Roadmap

📅

Timeline

13-14m

Wall-clock · critical path 9m · -4m nhờ parallel design

💰

Budget

$442K

VND ~10.6 tỷ · fully loaded 14 tháng

👥

Peak FTE

Ramp 5.5 → 12 → 6 · month M6-9

🎚

Feature Flags

Laravel Pennant → LaunchDarkly scale

Gantt Timeline M-2 → M14

Phase

M-2

M-1

M10

M11

M12

M13

M14

P0 Infra

2w · 5.5 FTE

P1 Foundation

3m · 6.5 FTE · READY

P2 Schema+MT

4m · 11 FTE peak

P3 V4 Core

4-5m · 12 FTE

P4 247 Full

4-5m · 12 FTE

P5 Stabilize

2-3m · 6 FTE

6 Phases — Chi tiết Goals / Exits

🚧

P0 Infrastructure

2 tuần

DESIGNED · 5.5 FTE · TenantRedisStore + HasTenancy + TenantAwareJob + 40+ isolation tests · Exit: mitigate 3 CRITICAL risks

🏗

P1 Foundation

3 tháng

READY_TO_START · 6.5 FTE · Trust Layer v1 + permission DB migrate + soft delete + FF UI · Exit: admin can toggle FFs, permission DB live

🔐

P2 Multi-Tenant

4 tháng

NOT_STARTED · 11 FTE · nullable → backfill → NOT NULL + 8 exit gates + canary onboard · Exit: canary tenant live in prod

🤖

P3 V4 Core

4-5 tháng

NOT_STARTED · 12 FTE · AI Core + LangGraphJS + LiteLLM + pgvector + Workflow engine · Exit: 4 agents 80% accuracy

📱

P4 247 Full

4-5 tháng

NOT_STARTED · 12 FTE · Ứng lương + Wallet + Insurance + AI Advisor + Mobile catch-up 57 screens · Exit: 3 financial products launched

🎯

P5 Stabilize

2-3 tháng

NOT_STARTED · 6 FTE · V3 sunset + SOC 2 Type I + pen-test + chaos test · Exit: SOC 2 audit passed

Parallelization — Tiết kiệm 4 tháng wall-clock

Design phase	Implementation phase	Starts at	Time saved
P3 design	P2 implementation	M4	~1 tháng
P4 design	P3 implementation	M7	~1 tháng
Mobile catch-up (P4)	P3 wrap	M9-13	~2 tháng

Budget Breakdown — $442K

Category	Amount	% Total	Notes
Team	$236K	53%	7-8 avg FTE × $2.3K/mo × 14m (VN rates)
AI Infrastructure	$82K	19%	Ramps $500/mo M1 → $6.8K/mo M13 · $0.068/worker/mo @ 100K workers
Compliance	$30K	7%	DPO + legal + eKYC + licenses Year 1
Buffer (15%)	$52K	12%	Unforeseen overruns · QA delays · hiring premium
Other	$40K	9%	DevOps tooling + external security firm + SOC 2 assessor + pen-test
TOTAL	$442K	100%	Fully loaded 14 tháng · VND ~10.6 tỷ @ 24,000 VND/USD

Team Ramp — Month × Role

Phase	FTE	Roles added / Composition
P0 (M-2 → M-1)	5.5	4 devs + 1 QA + 0.5 DevOps
P1 (M1-3)	6.5	+1 PM potential · same core devs
P2 (M3-7)	11	+AI/ML engineer (M5-6) · +Compliance officer (M5-7) · +Mobile senior
P3 (M6-10)	12	Peak full team · all roles active
P4 (M9-13)	12	Mobile catch-up intensive · insurance/financial specialists
P5 (M12-14)	6	Scale down · contractors released · core team only

Feature Flag Rollout Schedule

#	Flag	Introduced	Default	Purpose
1	`TENANT_MIDDLEWARE`	P0	OFF	IdentifyTenant middleware routing
2	`TENANT_REDIS_STORE`	P0	OFF	TenantRedisStore custom driver
3	`PERMISSION_DB_ENABLED`	P1	OFF	229 perms config → DB dual-read fallback
4	`TRUST_LAYER_V1`	P1	ON per-tenant	Activity log + entity versions
5	`SOFT_DELETE_*`	P1	ON per-table	deleted_at rollout per model
6	`MULTI_TENANT_*`	P2	Canary first	Per-module tenant isolation enforce
7	`WORKFLOW_ENGINE`	P3	OFF	Gap A workflow state machine
8	`AI_AGENT_*`	P3	Tenant opt-in	Per-agent rollout (4 initial, 6 specialist)
9	`INTEGRATION_HUB`	P3	Tenant opt-in	Gap B webhooks + 2-way sync
10	`SALARY_ADVANCE`	P4	Canary 5%	Ứng lương launch
11	`WALLET_BALANCE`	P4	Canary 5%	Wallet launch
12	`INSURANCE_POLICY`	P4	Tenant opt-in	Insurance launch (Bảo Việt / VBI partner)

Financial Services Launch — Year 1 (3 products · defer consumer loans Y2)

💵

Product 1 — Ứng lương

M10-11

Salary advance vs timesheet earned · license-free · MITIGATES risk #10

💳

Product 2 — Wallet Balance

M11-12

Aggregate salary + advance + points · license-free · no credit lending

🛡

Product 3 — Insurance

M12-13

Via Bảo Việt / VBI partner (sponsor license) · 4-6w approval lead time

⚠ Consumer Loans DEFERRED to Y2: License process SBV 6-12 tháng lead time (risk #10 MITIGATED). Y1 chỉ launch 3 license-free products. Khi BOD approve Y2 scope, start license application từ M9-10 để live giữa Y2.

Dependency Blockers — Phải resolve trước Phase kickoff

BOD Tier 1 decisions (Week 1) → blocks P0 kick-off
Canary tenant SLA (Week 2) → blocks P2 canary rollout (M7)
Compliance Officer hire (M5-7, 3-6w VN lead) → blocks P4a ứng lương launch
AI/ML engineer hire (M5-6, 3-6w VN, 20-30% premium) → blocks P3 AI accuracy target
Insurance partner contract (M7) → blocks P4b insurance license
Insurance license approval (M10-11, 4-6w via sponsor insurer) → blocks P4b launch
External security firm (M12) → blocks P5 pen-test + SOC 2

backend-admin V4 Refactor — Keep SPA, Drop Laravel

Quyết định architecture backend-admin (validated):
V3 backend-admin/ có 2 phần: Laravel API + React SPA embedded. V4 tách 2 hành động:
• Laravel part → DROP (9 domains merge vào unified backend/: HRM pending M2, Attendance → M5, Campaign → M3, Crm → M3, Finance → M6+M10, Trust → Platform, RecruitmentSupport → M3, Shared → Shared kernel).
• React SPA part → PROMOTE standalone admin-spa/ (648 TSX files giữ nguyên, build separately, deploy independent).

V3 backend-admin Domain	% total	Action	V4 Destination
Hrm	30%	DROP?	⚠ Not in V4 brief · CONFLICT Tab 7 M2
Attendance	15%	MERGE	M5 unified backend
Campaign	8%	MERGE	M3 Recruitment (recruitment_campaigns)
Crm	10%	MERGE	M3 Recruitment (candidate_contact_logs)
Finance	12%	SPLIT	M6 Payroll + M10 Reconciliation
Hrm (Trust parts)	5%	MERGE	Platform Core 2.5 Trust
RecruitmentSupport	7%	MERGE	M3 Recruitment
Shared + Infrastructure	8%	KEEP	Shared kernel M7
SPA (React)	5%	PROMOTE	`admin-spa/` standalone · keep all 648 TSX files

Benefit sau merge: Laravel apps 2 → 1 (-50%) · Auth systems 2 → 1 (unified JWT scoped roles) · Frontend codebases backend-admin SPA embedded → admin-spa standalone (decoupled deploy). Conflict là với plan 260414-0010 giả định Clone+Rewrite PG16 (atomic refactor cross-app); plan 260414-0042 giả định Incremental MySQL (giữ nguyên folder).

Tab 6 · Overall Compliance

36 modules · 10 risks · scorecard 5.65/10 (WELL-PLANNED, NOT-YET-EXECUTABLE)

Summary synthesis của toàn bộ phân tích: 36 modules coverage 56% (10 HAVE + 18 PARTIAL + 8 MISSING), 10 top risks (3 CRITICAL + 6 HIGH + 1 MEDIUM), 10 architectural decisions đã validated qua research, 8 decisions PENDING (với 2 CRITICAL CONFLICTS cần BOD meta-decision). Plans Maturity 8/10 (excellent) nhưng Implementation Readiness chỉ 4/10 (team chưa hire, canary chưa sign).

Tab này trả lờiTổng thể V4 migration sẵn sàng tới đâu? Rủi ro nào CRITICAL?

Tại sao BOD cần biếtScorecard 5.65/10 + 2 CONFLICT = cần BOD meta-decision.

Cần quyết định gìMeta-decisions M1 (DB engine) + M2 (domain scope) tại Tab 7.

Key Numbers — Compliance

🗂

Module Coverage

56%

10 HAVE · 18 PARTIAL · 8 MISSING (36 total)

🚨

CRITICAL Risks

Query leak · Redis collision · Permission migrate

✓

Validated Decisions

Strategy · MT library · FF · AI orchestrator · vector DB

⚠

Pending / CONFLICT

2 CRITICAL CONFLICTS cần BOD meta-decision

Module Group Progress — 5 Groups · Coverage 56% Total

Coverage theo nhóm module

Platform Core (2.x) — 7 modules43%

Shared Business (3.x) — 10 modules75%

Factory-Specific (4.x) — 6 modules42%

Supplier-Specific (5.x) — 7 modules64%

Worker App 247 (6.x) — 6 modules50%

TOTAL — 36 modules56%

Module status breakdown (HAVE / PARTIAL / MISSING)

36 Modules — Full Condensed Table

Click mở: 36 modules chi tiết (status · coverage · phase · effort) ▸

ID	Module V4	Status	Cov%	Phase	Effort
PLATFORM CORE (2.x) — 43%
2.1	Tenant Management	MISSING	0%	P0-P2	L
2.2	RBAC per-tenant	PARTIAL	50%	P1	M
2.3	Orchestration / Workflow engine	PARTIAL	25%	P3	L
2.4	Integration hub	MISSING	0%	P3	L
2.5	Trust layer & audit	PARTIAL	30%	P1	L
2.6	AI Core central	PARTIAL	40%	P3	M-L
2.7	Analytics & dashboard central	PARTIAL	60%	P3	M
SHARED BUSINESS (3.x) — 75%
3.1	Organization & internal users	PARTIAL	60%	P1-P2	M
3.2	Worker master profile	HAVE	90%	P2 adapt	S-M
3.3	Recruitment & job	HAVE	95%	P2 adapt	S
3.4	Candidate management	HAVE	85%	P2 adapt	S-M
3.5	Worker post-hire management	HAVE	90%	P2 adapt	S
3.6	Attendance & timesheet	HAVE	90%	P2 adapt	M
3.7	Payroll & income	HAVE	95%	P2 adapt	S-M
3.8	Leave & internal requests	MISSING	0%	P4	M
3.9	Referral (CTV)	HAVE	90%	P2 adapt	S
3.10	Reporting dashboards	PARTIAL	60%	P3	M
FACTORY-SPECIFIC (4.x) — 42%
4.1	Manpower planning	MISSING	0%	P3	M
4.2	Worker intake & confirmation	PARTIAL	50%	P2	M
4.3	Source attendance	HAVE	80%	P2 adapt	S
4.4	Feedback to supplier	PARTIAL	30%	P3	M
4.5	Supplier coordination	MISSING	0%	P3	L
4.6	AI factory ops	MISSING	0%	P3	L
SUPPLIER-SPECIFIC (5.x) — 64%
5.1	Multi-source candidates	PARTIAL	50%	P2-P3	M
5.2	CTV network	HAVE	95%	P2 adapt	S
5.3	Vendor / sub-tier	PARTIAL	50%	P3	M
5.4	Candidate distribution multi-factory	PARTIAL	60%	P2	M
5.5	Multi-tier commission	HAVE	95%	P2 adapt	S
5.6	Multi-party reconciliation	PARTIAL	50%	P3	M
5.7	AI supplier ops	MISSING	0%	P3	L
WORKER APP 247 (6.x) — 50%
6.1	Digital profile	PARTIAL	40%	P4	M
6.2	Personalized job feed	HAVE	80%	P2 adapt	S
6.3	Timesheet & income view	HAVE	80%	P2 adapt	S
6.4	Leave & requests	MISSING	0%	P4	M
6.5	Financial services (ứng lương / wallet / loan / insurance)	PARTIAL	20%	P4	L
6.6	AI personal advisor	MISSING	0%	P4	L

Risk Heatmap — Top 10 Risks

3 CRITICAL · 6 HIGH · 1 MEDIUM (MITIGATED). P0 Infrastructure Sprint mitigates 4 of 10.

Low Prob.

Medium Prob.

High Prob.

CRITICAL
Severity

—

2 risks

#1 Query leak#3 Perm migrate

1 risk

#2 Redis collision

HIGH
Severity

—

4 risks

#6 Route cache#7 FSM orphan#8 Observers#9 Backfill

2 risks

#4 DB locks#5 Job context

MEDIUM
Severity

—

1 risk

#10 License (MITIGATED)

🛡 P0 Infrastructure Sprint mitigates 4 of 10: risks #1 (query leak), #2 (Redis collision), #5 (job context loss), #8 (observer context) — nhờ TenantRedisStore custom driver + HasTenancy trait + TenantAwareJob base + observer integration tests. Remaining 6 spread across P1-P4 với documented mitigation playbooks.

Chi tiết 10 Rủi ro

#	Rủi ro	Severity	Prob.	Mitigation	Phase
1	Silent query scoping bypass (cross-tenant data leak)	CRITICAL	MED	4-layer defense (middleware/scope/repo/tests) + 40+ isolation tests	Before P2
2	Redis cache key collision (auth tokens leak across tenants)	CRITICAL	HIGH	TenantRedisStore custom driver + tenant-prefixed keys	Before P2
3	Permission DB migration breaks staff access	CRITICAL	MED	Dual-read fallback + gradual rollout + FF default OFF	P1
4	DB schema migration locks (prod downtime 57M+ rows)	HIGH	HIGH	gh-ost expand-contract + off-hours + 10K rows/min	P2
5	Scheduled jobs lose tenant context	HIGH	HIGH	TenantAwareJob base class + static analysis rule	Before P2
6	Route caching conflicts with tenant routing	HIGH	MED	Disable route:cache prod OR staging test	Before P2
7	State machine migration orphans in-flight workflows	HIGH	MED	Audit in-flight Dispatch + event sourcing replay	Before P3
8	Model observers run outside tenant context	HIGH	MED	Integration test per observer + manual setContext()	Before P2
9	Data backfill 57M+ rows zero-downtime	HIGH	MED	Dry-run staging + batch tuning + pause if >5% latency	P2
10	Financial services license delays (consumer loans SBV 6-12m)	MEDIUM	HIGH	MITIGATED — DEFER consumer loans Y2 · Y1 = 3 license-free products	P4

Architectural Decisions — 10 Validated + 8 Pending / CONFLICT

Research qua 7 parallel reports đã validate 10 decisions. 8 decisions đang pending hoặc CONFLICT giữa 2 plan iterations — BOD phải resolve trước khi P0 khởi động.

✓ 10 Validated Decisions

1. Migration Strategy

Option B + Feature Flags + Event-Driven hybrid · Timeline + team fit

Rationale: Production continuity · -20% risk từ Pennant · +0m cost

2. Multi-tenant DB Pattern

Shared DB + tenant_id column

Rationale: MySQL/PG native · 1000+ tenant scale · proven (Emmys, Mercadona)

3. Multi-tenant Library

Spatie multitenancy v4

Rationale: More control vs Tenancy for Laravel · excellent docs

4. Data Migration Pattern

Option A in-place: nullable → backfill → NOT NULL + composite indexes

Rationale: Proven · zero-downtime qua gh-ost

5. Authentication

Sanctum unchanged + VerifyStaffToken + VerifyServiceKey + Redis 5min

Rationale: Working in prod · không cần thay

6. Feature Flag Tool

Laravel Pennant (start) → LaunchDarkly (scale)

Rationale: 2-day setup · free · Laravel-native · upgrade path clear

7. Event Bus

Redis Streams (P3 start) → Kafka (>1M events/day)

Rationale: Lower ops burden · upgrade path documented

8. AI Orchestrator

Expand chat-service in-place (KHÔNG rename) + NestJS 11 + LangGraphJS + LiteLLM + pgvector

Rationale: DNS risk high · strategic value rename thấp · $0 new infra pgvector

9. LLM Gateway

LiteLLM proxy (Python separate)

Rationale: Cost tracking · model fallback · rate limiting

10. Vector DB

pgvector (Postgres extension)

Rationale: $0 new infra vs Qdrant ($3K/mo) / Weaviate ($5K/mo) · <20ms latency · HNSW index

⚠ 8 Pending / CONFLICT Decisions

🚨 CRITICAL CONFLICT — DB Engine V4 META

Clone+Rewrite PG16 (plan 260414-0010) VS Incremental MySQL (plan 260414-0042)

BOD meta-decision: Ảnh hưởng folder structure · reuse % · team size · entire migration strategy

🚨 CRITICAL CONFLICT — Domain Scope META

Drop HRM/Content/Community/Housing (plan 260414-0010) VS silent on them (plan 260414-0042)

BOD meta-decision: drop · read-only archive · hay preserve với feature flag?

Mobile apps count

Split 2 apps (247 worker + Business employer) — CONFIRMED research R4

Default xác nhận · no conflict

Frontend structure

Keep 3 separate (Next.js + SPA + mobile) — CONFIRMED research

Default xác nhận · rationale: tách concern + độc lập deploy

Chat-service rename

KHÔNG rename — expand in-place (Tier 3 Q21 VALIDATED)

Supersedes schema-map suggestion rename "ai-service". DNS risk + strategic value thấp.

Meilisearch scoping

Per-tenant index vs filtered index — DEFERRED P3

Perf test needed trước khi quyết định

S3 bucket structure

s3://viecxanh/tenants/{slug}/ vs s3://viecxanh-{slug}/ — DEFERRED

DevOps + admin overhead analysis cần trước khi chọn

Code Reuse Target

60-65% reuse (plan 260414-0010) vs preserve most (plan 260414-0042)

Tight coupled với DB engine decision

Final Scorecard — 5.65/10

Dimension	Score	Weight	Weighted	Note
Plans Maturity	8/10	20%	1.6	17 plans + 7 research reports · strategy conflict unresolved
V3 Readiness	6/10	30%	1.8	56% module coverage · 0 tenant_id columns · Spatie ActivityLog NOT installed
Decision Readiness	5/10	25%	1.25	30 BOD Qs documented · 0 Tier 1 answered · budget not approved
Implementation Readiness	4/10	25%	1.0	P0 scope specified · team not hired · canary not signed · insurance partner not identified
OVERALL			5.65/10	WELL-PLANNED nhưng NOT-YET-EXECUTABLE

Tab 7 · BOD Action Items

8 Tier 1 decisions + 2 meta-decisions cần HĐQT duyệt trước 2026-04-21

HĐQT cần trả lời 8 câu Tier 1 và 2 meta-decisions (M1 DB engine + M2 domain scope) trong 7 ngày tới để unblock Phase 0. Thêm 55 câu khác có default answers nhưng BOD nên review. 6 top priorities phải khởi động tuần này. 90-day breakdown: Days 1-7 decisions · 8-14 kickoff · 15-30 P0 execute · 31-90 P1 build.

Tab này trả lờiHĐQT cần quyết định gì và khi nào? 90 ngày tới làm gì?

Tại sao BOD cần biếtĐây là trang action — 10 câu HỎI THẲNG + 90-day timeline commit.

Deadline2026-04-21 (7 days from today 2026-04-14) for Tier 1 decisions.

🎯 2 META-DECISIONS (quan trọng nhất — ảnh hưởng tất cả downstream)

M1. Migration Strategy — Clone+Rewrite PG16 vs Incremental Refactor MySQL META

2 plan iterations mâu thuẫn. Phải pick ONE trước khi khởi động.

Option A — Clone+Rewrite PG16 (plan 260414-0010): folder mới backend-v4/ · 60-65% reuse · pgvector native · RLS policies · cleaner architecture · RISK: team rewrite overhead + prod sync
Option B — Incremental Refactor MySQL (plan 260414-0042): giữ folder · refactor in-place · preserve continuity · app-layer isolation · RISK: MySQL not ideal cho AI vector workload

Recommendation: Option B (Incremental MySQL) — production continuity + faster revenue + lower risk. PG16 defer Y2 khi AI workload mature.

Impact: Folder structure · Reuse % · Team size · Timeline · Infrastructure cost · Backfill complexity

M2. Domain Scope — Drop HRM/Content/Community/Housing? META

Schema map khuyên DROP 4 domains (61 tables). Validated plan silent. Preserve với flag?

Option A — DROP hoàn toàn: xoá 61 tables + code · cleaner V4 · save ~1 tháng migration work · RISK: mất data khách hàng hiện dùng
Option B — Read-only archive: migrate DATA sang read-only archive DB · DROP code · user chỉ view không edit · lower risk
Option C — Preserve with feature flag: giữ nguyên + DOMAIN_HRM_ENABLED per tenant · ship khi tenant yêu cầu · highest flex + cost

Recommendation: Option B (Read-only archive) — preserve customer data + don't bloat V4 codebase. Active maintenance chỉ khi có paying customer yêu cầu.

Impact: Code scope · Migration effort · Customer retention · Storage cost · Sales positioning

⚖ 8 Tier 1 BOD Decisions (deadline 2026-04-21)

Q1. Tenant Unit Definition

Đơn vị tenant là gì?

A: Billing entity + roles as sub-units (recommended default)
B: Role-based (mỗi role = tenant)
C: Geographic (mỗi cluster = tenant)

Recommendation A: Billing entity — ảnh hưởng schema grain, permission DB, pricing model

Impact: Schema · RBAC · Billing

Q2. Pricing Tier Structure

Cách tính phí SaaS?

A: Feature tier (basic/pro/enterprise)
B: Size-based (worker count × rate)
C: Hybrid (feature tier + add-ons + txn %)

Recommendation A+C: Feature tier + add-ons + transaction cut — flexible + predictable MRR

Impact: Billing platform · Revenue forecast · Sales script

Q3. Transaction Revenue %

ViệcXanh lấy bao nhiêu % từ mỗi placement / handoff / apply?

A: 12% placement fee, 40% platform / 60% partners (recommended)
B: Flat fee / placement
C: % giảm dần theo volume

Recommendation A: 12% placement — market benchmark VN industrial recruitment

Impact: GTM · Partner contracts · Unit economics

Q8. MVP Feature Set

Scope Phase 1 bao rộng tới đâu?

A: Strict MVP (Core only, 8m)
B: Core + Priority-2 (10m, 3-5 canary) — recommended
C: Full scope (14m all modules)

Recommendation B: Core + Priority-2 — balances time-to-revenue vs completeness

Impact: Team size · P1 scope · Revenue timing

Q13. Canary Tenants Identity

2-3 existing + 2-3 new SMBs, MIXED factory/supplier

A: 2-3 existing customers (friendly)
B: 2-3 new SMB pilots
C: Mix B+C — recommended · diverse data

Recommendation B+C: Mix existing + new SMBs · BD team phải shortlist 5-8 candidates tuần 1-2

Impact: P2 exit gate · Revenue validation · Feedback diversity

Q23. Financial Licensing Strategy

Consumer loans SBV license 6-12m lead. Làm thế nào?

A: Full license Y1 (risk delay)
B: No financial services Y1
C: Phased + immediate compliance hire M7, defer consumer loans Y2 — recommended

Recommendation C: Phased · Y1 launch 3 license-free products · Y2 consumer loans với license ready

Impact: P4 scope · Risk mitigation · Revenue timing

Q27. Launch Sequence

B2B first hay Worker App 247 first?

A: B2B-first Q1-2 2027, 247 app Q2 2027 — recommended
B: 247-first (worker app launch trước)
C: Parallel launch

Recommendation A: B2B-first — tenant revenue unlocks worker 247 build

Impact: Revenue timing · Sales hire · Marketing budget

Q28. Team Hiring + Budget

Scale team thế nào cho 14 tháng?

A: Big bang hire (12 ngay từ đầu)
B: Defer hiring (5 FTE toàn bộ)
C: Phased 5 → 12 FTE, $442K budget tranched — recommended

Recommendation C: Phased + tranched budget · Approve P0+P1 ngay, stage P2-P5 · Compliance + AI/ML start recruit Week 1

Impact: Budget · Cash flow · Delivery speed

📋 Top 6 Priorities — Action List (Week 1-4)

#	Priority	Why / Evidence	Deadline
1	Reconcile strategy CONFLICT (M1) — Pick ONE: Clone+Rewrite PG16 vs Incremental MySQL. Ảnh hưởng tất cả downstream decisions.	Hai plan iterations mâu thuẫn. Tight coupled với DB engine + folder structure + reuse % + team size.	2026-04-21
2	Schedule BOD Tier 1 meeting — 60 phút answer 8 câu Tier 1 trước 2026-04-21.	Q1 Tenant Unit · Q2 Pricing · Q3 Txn % · Q8 MVP · Q13 Canary · Q23 Financial · Q27 Launch · Q28 Team.	2026-04-21
3	Start recruiting Compliance Officer + AI/ML NGAY — lead time 3-6 tuần VN + 20-30% premium.	Compliance blocks P4a ứng lương (M7). AI/ML blocks P3 AI accuracy target (M6).	Week 1
4	Identify 2-3 canary tenants trong BD pipeline — engage trước P2 start (M3).	Mixed factory + supplier. SLA signed = P2 exit gate. BD team phải shortlist 5-8 candidates.	Week 2-4
5	Approve $442K budget envelope — fund P0+P1 immediately, stage P2-P5 (tranched).	Team $236K + AI $82K + Compliance $30K + Buffer $52K + Other $40K. Fully loaded 14 tháng.	Week 2
6	Run Phase 0 Infrastructure Sprint — 2 tuần, 5.5 FTE. Mitigates 3 CRITICAL + 7 HIGH risks.	TenantRedisStore + HasTenancy + TenantAwareJob + 40+ isolation tests. Mitigates risks #1/#2/#5/#8.	Week 3-4

📆 90-Day Breakdown

🔴 Days 1-7 · URGENT

Decisions

BOD Tier 1 prep (8 questions + 2 meta)
Strategy reconcile document
Recruiting job posts draft
Budget memo to finance
Canary tenant shortlist 5-8 candidates

🟡 Days 8-14 · SCHEDULING

Kickoff Setup

BOD Tier 1 meeting (60 phút)
Canary shortlist review + outreach
Recruiter engagement (Compliance + AI/ML)
P0 kickoff prep doc
Insurance partner first-contact

🔵 Days 15-30 · EXECUTION

P0 Infrastructure

P0 Sprint start (2 weeks, 5.5 FTE)
Interview candidates (Compliance + AI/ML)
Canary tenant SLA negotiate
40+ isolation tests scaffolded
Insurance partner contract draft

🟢 Days 31-90 · BUILD

P1 Foundation

P1 kick-off (3 tháng, 6.5 FTE)
Trust Layer v1 + permission DB migrate
AI/ML + Compliance onboard M5-7
BOD Tier 2 decisions (15 questions)
Canary tenant SLA signed

📝 55 Other Questions (Tier 2 + Tier 3 + Technical + Operational + NEW)

Có default answers — BOD review/override khi cần. Không block Phase 0.

Tier 2 — 15 BOD Questions (Month 1, deadline 2026-05-05) ▸

Q4 AI Pricing — baked-in vs separate tier (default: baked-in)
Q5 Financial Revenue Share — phased / immediate / hybrid (default: phased)
Q6 247 App — Free vs Paid (default: free forever)
Q7 Data Licensing — worker opt-in scope (default: opt-in everywhere)
Q9 Formal vs Seasonal — single codebase + flags (default yes)
Q10 Integration Hub — A→B phased (default phased)
Q11 247 App Independence — Phase 2 launch (default: yes after B2B)
Q12 AI Advisor Accuracy — phased 85%→98% (default phased)
Q14 V3→V4 Migration path — phased w/ rollback (default phased)
Q15 Pilot Compensation — free 6m + 50% off + 2h SLA
Q19 Permission Matrix — RBAC + delegation + audit
Q20 Trust Layer Depth — full 7-year immutable
Q22 Data Retention — 3/7y platform default
Q24 GDPR/VN Law — VN + future-ready
Q29 Success Metrics — technical + customer + financial

Tier 3 — 7 BOD Fine-tuning (Month 2-3, deadline 2026-06-05) ▸

Q16 Employer Data Ownership — tenant owns
Q17 Worker Data Portability — 30-day recovery
Q18 Multi-Tenant Isolation — app-layer + audit
Q21 Chat-Service Rename — KHÔNG rename (expand in-place)
Q25 Dispute Resolution — guided resolution
Q26 Worker Classification — agnostic + tools P2
Q30 Competitive Positioning — category "nền tảng dữ liệu lao động"

Technical Unresolved — 13 questions (deferred to Phase 2-3) ▸

T1 Meilisearch per-tenant (separate vs filtered)
T2 S3 bucket structure (shared vs per-tenant)
T3 Lookup table mutations (skill_weight per-tenant vs global)
T4 Chat-service multi-tenancy (bridge supplier↔factory?)
T5 Backward compat window V3 API (default 6m — CONFIRMED)
T6-T9 🚨 Domain fates CONFLICT: Housing, Community, Content→CMS, HRM (→ Meta M2)
T10 V3 data migration: full migrate vs canary pilot first?
T11 Chat messages: MongoDB (current) vs PG 100%?
T12 Admin-spa hosting (CDN vs VPS nginx)
T13 API versioning (/v4/ prefix vs hard break)

Operational / Hiring — 5 questions ▸

O1 Canary tenant identity (2-3 existing + 2-3 new SMBs, who?)
O2 Feature flag tool: Pennant → LaunchDarkly (default: start Pennant)
O3 Compliance officer hiring timeline (start recruit M5, onboard M7)
O4 AI/ML engineer hiring delay (3-6w VN, 20-30% premium) — start NOW
O5 BOD risk tolerance on financial services (sandbox Decree 94/2025 Y1?)

NEW from Briefs — 10 questions (chưa address trong bất kỳ plan nào) ▸

NB1 AI specialists missing — Phase 3 chỉ 4 generic agents, brief yêu cầu 6 specialists. Scope-up hay defer?
NB2 AI permission boundary (BRIEF-P-038) — enforced at LiteLLM gateway hay application layer?
NB3 SaaS self-service (BRIEF-P-010) — signup + workspace + module activation. Chưa có plan.
NB4 Integration hub full (BRIEF-P-036) — webhooks + 2-way sync + field mapping + log.
NB5 Factory-supplier coordination workspace (BRIEF-P-062) — scoped access + exchange log.
NB6 Seasonal job UI (BRIEF-W-032) — per-shift pay, day/night, Sunday differential.
NB7 VNeID partnership (BRIEF-W-038) — cần MPS partnership hay third-party?
NB8 AI monetization (BRIEF-P-013) — director-AI, recruiter-AI premium tiers?
NB9 Certifications system (BRIEF-W-015) — platform verify OCR + manual review vs trust uploads?
NB10 Behavior data event log (BRIEF-W-057) — schema cho search/view/compare/AI-query/re-open?

NEW from Code Validation — 5 questions ▸

CV1 zalo-mini-app status — directory removed, CLAUDE.md vẫn claim PROD. Deprecated?
CV2 Repository discrepancy — backend/CLAUDE.md claim 20, thực tế 10. Audit app/Infrastructure/Repositories/
CV3 Audit log strategy V4 — Spatie ActivityLog NOT installed. Add package hay tự xây?
CV4 Permission counting method — 229 distinct hay ~358 role×perm mapping? Align.
CV5 Factory domain — mới add, có in-scope V4 multi-tenancy design?

✅ Final Verdict

V4 migration là WELL-PLANNED (maturity 8/10) nhưng NOT-YET-EXECUTABLE (impl readiness 4/10). Unblocking requires (all 3 must land):
1. BOD Tier 1 decisions + 2 meta-decisions (deadline 2026-04-21)
2. Team hiring kickoff: Compliance Officer + AI/ML engineer (start Week 1, lead time 3-6w)
3. Canary tenant SLA (2-3 mixed factory/supplier, sign by M3)

Timeline 13-14 tháng REALISTIC nếu Phase 0 start trong 2-3 tuần sau BOD approval.
Confidence: 50% cho 12-13m · 25% cho 14-15m · 25% risk cho 16m+.