Sprint Plan: Finnest — Phase 0 (Foundation)¶
Date: 2026-04-17 Scrum Master: Gautham Chellappa Project Level: 4 Phase: Phase 0 — Foundation (Weeks 1–4) Total Stories: 20 (STORY-F-021 added 2026-04-18 per Sprint 3 gate check §TD1) Total Points: 52 Planned Sprints: 4 (1 week each)
Workflow context: Generated via BMAD /sprint-planning. Scout + Verify Go-Live (Weeks 5–12) will be re-planned at the start of Week 3 of Phase 0, once execution signal informs the 8-sprint window.
Executive Summary¶
Phase 0 delivers an empty but deployable Finnest platform — login works, org setup works, agent chat responds, Cmd+K navigates, and the application runs on the existing AgenticAI-app AWS infrastructure (per ADR-014-F co-deploy). Four 1-week sprints totalling 50 points across 19 stories.
Sprint 1 lays the umbrella + local dev baseline. Sprint 2 is the critical decision gate — it validates external MySQL (V2Repo) and deploys to integration. Sprint 3 builds the agent orchestrator + MCP infrastructure + compliance seed. Sprint 4 wires event store immutability, agent chat UI, Cmd+K, and extends the deploy to staging and production hosts.
Key Metrics:
- Total Stories: 20
- Total Points: 52
- Sprints: 4
- Team: 1 developer (Gautham) + AI assistance
- Sprint cadence: 1 week, 15-point capacity, ~13-point target velocity
- Target Completion: 2026-05-15 (4 weeks from 2026-04-17)
Critical milestone: End of Sprint 2 = Week 2 decision gate. If V2Repo + Kamal deploy work, commit to Elixir Direct for Scout + Verify go-live. If blockers emerge, fall back to shipping Laravel as Plan B safety net.
Inputs & References¶
Sprint plan synthesised from:
brainstorms/brainstorm-10-development-roadmap.md§Phase 0 — foundation scopebrainstorms/brainstorm-11-traffio-laravel-migration-naming.mdTopic 2 — Week-by-week breakdownarchitecture/architecture.md— component boundaries, NFRs, architectural invariantsarchitecture/agents.md— agent infrastructure designarchitecture/data.md— data model, event store, tenant enforcementadrs/adr-014-F-infrastructure-reuse-from-agenticai-app.md§Implementation Plan — 9 Phase 0 infra steps42-COMMANDMENTS.md+10-GUARDRAILS.md— philosophy + 180 guardrails (every story obeys)
Stories are infrastructure / scaffolding — no PRD needed for Phase 0. Scout + Verify PRD covers Weeks 5–12.
Team Capacity¶
| Parameter | Value |
|---|---|
| Team size | 1 (Gautham) + AI assistance |
| Sprint length | 1 week (5 working days) |
| Productive hours/day | ~6 |
| Capacity per sprint | 30 hours |
| Point calibration | 1 pt ≈ 2–3 hours for Senior + AI (Elixir learning curve absorbs some velocity) |
| Target capacity | 15 points per sprint |
| Target velocity | ~13 points per sprint (buffer for unknowns, Elixir learning) |
Capacity model rationale: AgenticAI-app sprint status yaml records 15-point capacity, ~12.5-point rolling velocity. Finnest starts below that baseline due to Elixir learning curve (~30% velocity hit per ADR-0011 tipping-point analysis); recovers to baseline by Sprint 3 as patterns become idiomatic.
Story Inventory¶
All stories follow the same shape (per BMAD template). Full story files in stories/STORY-F-*.md.
| ID | Title | Epic / Theme | Points | Priority | Sprint |
|---|---|---|---|---|---|
| STORY-F-001 | Elixir umbrella scaffold (21 OTP app skeletons) | Foundation | 3 | Must | 1 |
| STORY-F-002 | Boundary library config + CI enforcement (AR-07) | Foundation | 2 | Must | 1 |
| STORY-F-003 | finnest_core: Repo, correlation ID, tenant primitives, supervisor |
Foundation | 3 | Must | 1 |
| STORY-F-004 | finnest_web: Phoenix endpoint, /health, /ready, DaisyUI asset pipeline |
Foundation | 2 | Must | 1 |
| STORY-F-005 | Bitwarden finnest project + GitHub Actions ci-finnest.yml |
Infrastructure | 2 | Must | 1 |
| STORY-F-006 | phx.gen.auth scaffold + Argon2 + TOTP MFA |
Auth | 3 | Must | 2 |
| STORY-F-007 | Organisation + Office + User schemas + architecture tests | Core Data | 3 | Must | 2 |
| STORY-F-008 | Tenant enforcement: Finnest.Repo.prepare_query + Tenant plug |
Multi-Tenancy | 2 | Must | 2 |
| STORY-F-009 | V2Repo MyXQL connection to admin_central + admin_atslive (read-only) |
Migration Foundation | 3 | Must | 2 |
| STORY-F-011 | Kamal deploy.finnest.integration.yml + first integration deploy |
Infrastructure | 2 | Must | 3 |
| STORY-F-012 | finnest_agents: Orchestrator + AgentSupervisor + BudgetGuard |
Agent Infra | 3 | Must | 3 |
| STORY-F-013 | AiProvider behaviour + AnthropicDirect + MockProvider adapters |
Agent Infra | 3 | Must | 3 |
| STORY-F-014 | MCP Tool behaviour + ToolRegistry + sample tool | Agent Infra | 3 | Must | 3 |
| STORY-F-015 | finnest_compliance schemas + credential_types seed (~100 types) |
Compliance Seed | 3 | Must | 3 |
| STORY-F-016 | Event store table + immutability trigger + hash chain | Core Data | 3 | Must | 4 |
| STORY-F-017 | Agent Chat LiveView + Phoenix Channels streaming | Agent UI | 3 | Must | 4 |
| STORY-F-018 | Command Bar (Cmd+K) overlay on authenticated pages | UX | 2 | Must | 4 |
| STORY-F-019 | Industry profiles seed (labour_hire + construction) + ETS cache | Compliance Seed | 2 | Must | 4 |
| STORY-F-020 | Staging + Production host Postgres + Finnest deploy + smoke test | Infrastructure | 3 | Must | 4 |
| STORY-F-021 | agents schema + real persistence (sessions, messages, budget, audit) |
Agent Infra | 2 | Must | 4 |
Point distribution: 2-pt × 8 stories, 3-pt × 12 stories, no 5+ (all within sprint-fit range).
Sprint Allocation¶
Sprint 1 — Weeks 1 (2026-04-17 → 2026-04-24)¶
Goal: Elixir umbrella running locally with Postgres 17 and green CI; health endpoints reachable in a local container.
| Story | Title | Points |
|---|---|---|
| STORY-F-001 | Elixir umbrella scaffold | 3 |
| STORY-F-002 | Boundary library + CI enforcement | 2 |
| STORY-F-003 | finnest_core foundations |
3 |
| STORY-F-004 | finnest_web Phoenix endpoint + health |
2 |
| STORY-F-005 | Bitwarden + GitHub Actions ci-finnest.yml |
2 |
Total: 12 / 15 points (80% utilisation; 3-point buffer)
Sprint 1 deliverable: mix test green. Local docker compose up serves /health on port 4000. CI green on push.
Risks: Elixir toolchain setup unfamiliarity (first sprint). Mitigation: AI pair-programs the scaffold; reference AgenticAI-poc-elixir repo.
Sprint 2 — Week 2 (2026-04-24 → 2026-05-01) ⚠️ DECISION GATE¶
Goal: Authentication works end-to-end; V2Repo reads admin_central; first Finnest deploy to integration host running alongside Laravel.
| Story | Title | Points |
|---|---|---|
| STORY-F-006 | phx.gen.auth + Argon2 + TOTP MFA |
3 |
| STORY-F-007 | Organisation + Office + User schemas | 3 |
| STORY-F-008 | Tenant enforcement prepare_query + plug |
2 |
| STORY-F-009 | V2Repo MyXQL read-only connection | 3 |
Total: 11 / 15 points (73% utilisation)
Sprint 2 deliverable: End of sprint = Week 2 decision gate. - ✅ Login/logout works with MFA optional - ✅ Org admin can create orgs + users + offices - ✅ V2Repo reads 1 candidate from admin_atslive (proves MyXQL path) - ✅ Tenant isolation architecture test passes (query without context raises)
Gate decision criteria (2026-05-01): - Proceed to Sprint 3 on Elixir track if ALL of above pass - Pivot to Laravel Plan B if MySQL connection or deploy pipeline blocks
Risks: V2Repo MyXQL edge cases; Ecto multi-repo wiring unfamiliar. Mitigation: document decision gate criteria ahead of Sprint 2 start.
Sprint 3 — Week 3 (2026-05-01 → 2026-05-08)¶
Goal: Agent orchestrator + MCP registry + credential registry seeded; first deploy pipeline runs on every merge.
| Story | Title | Points |
|---|---|---|
| STORY-F-011 | Kamal deploy.finnest.integration.yml + integration deploy |
2 |
| STORY-F-012 | finnest_agents orchestrator + supervisor + budget guard |
3 |
| STORY-F-013 | AiProvider behaviour + AnthropicDirect + Mock |
3 |
| STORY-F-014 | MCP Tool behaviour + ToolRegistry + sample tool | 3 |
| STORY-F-015 | finnest_compliance + 100 credential types seeded |
3 |
Total: 14 / 15 points (93% utilisation)
Sprint 3 deliverable: Agent orchestrator classifies a test intent and calls a sample MCP tool end-to-end. Credential registry queryable. Scout + Verify PRD re-planning session scheduled for Sprint 3 end.
Risks: MCP protocol design decisions surface during Sprint 3 (JSON-RPC fallback path, tool registration ergonomics). Mitigation: keep same-node function-call transport (Part 6 decision); defer JSON-RPC transport work.
Sprint 4 — Week 4 (2026-05-08 → 2026-05-15)¶
Goal: Deployable to all three environments (integration, staging, production-finnest) with agent chat UI + Cmd+K reachable. Phase 0 deliverable demonstrable.
| Story | Title | Points |
|---|---|---|
| STORY-F-016 | Event store + immutability trigger + hash chain | 3 |
| STORY-F-017 | Agent Chat LiveView + Phoenix Channels streaming | 3 |
| STORY-F-018 | Command Bar (Cmd+K) overlay | 2 |
| STORY-F-019 | Industry profiles seed + ETS cache | 2 |
| STORY-F-020 | Staging + Production host Postgres + deploy + smoke test | 3 |
| STORY-F-021 | agents schema + real persistence (swaps F-012/F-013/F-014 stubs) |
2 |
Total: 15 / 15 points (100% utilisation — added 2026-04-18 per Sprint 3 gate check §TD1)
Sprint 4 deliverable: Phase 0 acceptance criteria: - ✅ Login → org setup → agent chat responds → Cmd+K navigates - ✅ Event store rejects UPDATE and DELETE at DB trigger level - ✅ Hash chain verification script runs on event log and passes - ✅ All three envs respond on their respective URLs - ✅ 2 industry profiles loaded (labour_hire + construction) - ✅ Smoke test journey passes on production-finnest
Risks: Staging/prod host resource contention with Laravel (ADR-014-F Option A). Mitigation: monitor RAM during Sprint 4 deploys; upgrade instance if sustained >85% RAM.
Epic / Theme Traceability¶
| Theme | Stories | Points | Sprint(s) |
|---|---|---|---|
| Foundation (umbrella + web + core) | F-001, F-002, F-003, F-004 | 10 | 1 |
| Infrastructure (secrets, CI, deploy, hosts) | F-005, F-011, F-020 | 7 | 1, 3, 4 |
| Auth (phx.gen.auth + MFA) | F-006 | 3 | 2 |
| Core Data (schemas, event store) | F-007, F-016 | 6 | 2, 4 |
| Multi-Tenancy | F-008 | 2 | 2 |
| Migration Foundation (V2Repo) | F-009 | 3 | 2 |
| Agent Infra (orchestrator, AiProvider, MCP, persistence) | F-012, F-013, F-014, F-021 | 11 | 3, 4 |
| Compliance Seed | F-015, F-019 | 5 | 3, 4 |
| Agent UI + UX (chat, Cmd+K) | F-017, F-018 | 5 | 4 |
| Total | 20 stories | 52 points | 4 sprints |
Architecture Decision Coverage¶
Each Phase 0 story implements or directly enables these ADRs:
| ADR | Coverage in Phase 0 |
|---|---|
| ADR-001-F Elixir/Phoenix stack | STORY-F-001 (umbrella), F-004 (Phoenix endpoint) |
| ADR-002-F Supervised Modular Monolith | STORY-F-001 (21 OTP apps), F-002 (Boundary enforcement) |
| ADR-003-F Three-tier agents | STORY-F-012 (orchestrator + supervisor) |
| ADR-004-F MCP at every domain boundary | STORY-F-014 (MCP behaviour + ToolRegistry) |
| ADR-005-F Event-driven cross-domain | STORY-F-016 (event store) |
| ADR-006-F Hexagonal ports | STORY-F-013 (AiProvider port with 2 adapters) |
| ADR-010-F Strangler Fig migration | STORY-F-009 (V2Repo read-only) |
| ADR-013-F 42 Commandments | Every story (test-first, gold-standard files, etc.) |
| ADR-014-F Infrastructure reuse | STORY-F-005, F-011, F-020 (Bitwarden, Kamal, host provisioning) |
Three ADRs are built upon but not directly implemented in Phase 0 (deferred to Scout + Verify window):
- ADR-007-F Three-layer IRAP — Phase 3 work
- ADR-008-F Flutter mobile — Phase 2 work
- ADR-011-F Compliance auto-blocking — uses compliance registry from F-015 but the gated caller sites land in Scout/Verify/roster/timekeep sprints
- ADR-012-F Adopt all features — scoping decision, not implementation
Risks and Mitigation¶
High:
- Week 2 decision gate risk (Sprint 2 end) — if MySQL V2Repo or Kamal deploy fail, entire Elixir Direct plan is at risk. Mitigation: Laravel Plan B ship stays an option through Sprint 2; explicit decision criteria documented at Sprint 2 kickoff.
- Elixir learning curve — Sprint 1 velocity likely below target. Mitigation: AI-pair programming; leverage AgenticAI-poc-elixir repo as pattern reference; ~30% velocity buffer built into capacity.
Medium:
- ADR-014-F co-deploy resource contention on t3.medium hosts. Mitigation: Monitor RAM; upgrade to t3.large before Phase 1 end if needed.
- IRAP pre-assessment scheduling — should happen in Phase 0 per brainstorm-10 but is a separate thread. Mitigation: Gautham schedules IRAP assessor meeting independently of sprint flow; not blocking Phase 0.
Dependencies¶
- External: IRAP assessor availability (non-blocking for Phase 0); Anthropic API key; AWS account access for all 4 envs.
- Internal: Bitwarden Secrets Manager admin access for
finnestproject creation; GitHub Actions runner availability on CI bastion; Route 53 access for subdomain records. - Cross-repo: None — Finnest code repo (
MMGS-Softnet-Pty-Ltd/finnest) not created yet; code lives in a working copy during Phase 0, published to the code repo when Sprint 4 deploys land.
Definition of Done¶
A Phase 0 story is complete when:
- Code implemented in the Finnest Elixir working copy
- Unit + integration tests written (ExUnit) — target ≥80% coverage per CQ-02/CQ-03
-
mix format --check-formattedpasses (CQ-01) -
mix credo --strictpasses (CQ-20) -
mix dialyzerzero warnings (CQ-09) -
mix sobelow+mix deps.auditgreen (SE-11) -
mix boundarypasses (AR-08) — no cross-domain violations - Architecture tests (tenant isolation, event immutability) still pass (once applicable)
- Relevant acceptance criteria in this story file all ticked
- Story status updated in
sprint-status.yaml - Commit references story ID (
STORY-F-NNN: short message)
Worktree Quickstart¶
JIT — copy-paste these when you start each story, not now. Each command creates a feature-branch worktree under ~/Documents/GitHub/finnest-worktrees/ and cds into it. From there: claude → /first-in → /dev-story.
All Phase 0 stories are backend (no mobile stories until Phase 2).
# blocked by ... annotations show within-sprint blockers only — cross-sprint blockers are implied satisfied by sprint ordering. For the live wave-by-wave view, run /moons-spawn.
Sprint 1 — Foundation¶
gwtnew-backend F-001-elixir-umbrella-scaffold
gwtnew-backend F-002-boundary-ci-enforcement # blocked by F-001
gwtnew-backend F-003-finnest-core-foundations # blocked by F-001, F-002
gwtnew-backend F-004-finnest-web-endpoint # blocked by F-003
gwtnew-backend F-005-bitwarden-gh-actions-ci # blocked by F-001, F-002
Sprint 2 — Auth + V2Repo + Deploy (Decision Gate)¶
gwtnew-backend F-006-phx-gen-auth-argon2-totp
gwtnew-backend F-007-org-office-user-schemas # blocked by F-006
gwtnew-backend F-008-tenant-enforcement # blocked by F-007
gwtnew-backend F-009-v2repo-myxql-connection
Sprint 3 — Agent Infra + Integration Deploy¶
gwtnew-backend F-011-kamal-integration-deploy
gwtnew-backend F-012-finnest-agents-orchestrator
gwtnew-backend F-013-ai-provider-adapters # blocked by F-012
gwtnew-backend F-014-mcp-tool-registry # blocked by F-012
gwtnew-backend F-015-finnest-compliance-schemas-seed
Sprint 4 — Event Store + Agent UI + Full Deploy¶
gwtnew-backend F-016-event-store-immutability-hash-chain
gwtnew-backend F-021-agents-schema-persistence # blocked by F-012 (Sprint 3)
gwtnew-backend F-017-agent-chat-liveview # blocked by F-016, F-021
gwtnew-backend F-018-command-bar-cmdk-overlay # blocked by F-017
gwtnew-backend F-019-industry-profiles-seed-ets-cache
gwtnew-backend F-020-staging-prod-deploy-smoke-test # blocked by F-016, F-017, F-018, F-019
Next Steps¶
Immediate: Start Sprint 1.
Primary actions:
- Start implementing STORY-F-001 (umbrella scaffold) — use
/dev-story STORY-F-001or work independently - Sprint 1 retrospective end of Week 1 — record actual velocity in
sprint-status.yaml - Schedule IRAP pre-assessment meeting (independent thread, Gautham-owned)
- Schedule Scout + Verify PRD re-planning session for 2026-05-08 (Sprint 3 end)
Sprint cadence:
- Sprint length: 1 week
- Sprint kickoff: Monday
- Sprint review/retrospective: Friday
- Sprint planning for next sprint: Friday (rolling — re-plan against reality)
After Phase 0: Sprint planning session for Scout + Verify Go-Live (Weeks 5–12) — 8 sprints covering the PRD's 10 epics and ~60 stories. Run /sprint-planning again at Week 3 of Phase 0 with Phase 0 execution signal informing capacity and risk.
This plan was created using BMAD Method v6 — Phase 4 (Implementation Planning)