Intro Project Analysis and Context
This PRD is designed for SIGNIFICANT enhancements to existing projects that require comprehensive planning and multiple stories.
Analysis Source​
IDE-based fresh analysis - Comprehensive review of project files, documentation, and monorepo structure
Current Project State​
Project: EMTB Tax Claim Management System
Primary Purpose: Multi-tenant tax claim management platform where EMTB firm employees manage tax claims (TF/CFE) on behalf of business clients, with role-based access ensuring clients only see their own data.
Current Technical Architecture:
- Monorepo Structure: Independent apps (apps/api, apps/frontend) with separate deployment cycles
- Backend: NestJS API with TypeScript, TypeORM, PostgreSQL database, Swagger documentation
- Frontend: Next.js 15 with App Router, React 19, Material-UI (MUI)
- Authentication: Custom JWT-based auth with Passport (LocalStrategy + JwtStrategy), bcrypt password hashing
- Infrastructure: Cloud infrastructure for independent deployment of API and frontend services
- Migration Status: Completed migration from Strapi CMS to custom NestJS API, custom authentication implemented
Available Documentation Analysis​
Available Documentation âś“:
- âś“ Complete Project Brief (32-page comprehensive analysis in docs/brief.md)
- âś“ Tech Stack Documentation (evident from package.json analysis)
- âś“ Source Tree/Architecture (monorepo with apps/api and apps/frontend structure)
- âś“ API Documentation (Swagger integration in NestJS)
- âś“ Deployment Documentation (deployment guides and troubleshooting resources)
- âś“ Technical Migration Context (CLI tools for data import, validation scripts)
Documentation Quality: Excellent - comprehensive project brief covers all major aspects including business requirements, technical constraints, migration status, and user personas.
Enhancement Scope Definition​
Enhancement Type:
- âś“ Integration with New Systems (implementing comprehensive RBAC system)
- âś“ Major Feature Modification (adding data isolation to existing workflows)
- âś“ Performance/Scalability Improvements (optimizing multi-tenant architecture)
Enhancement Description: Implementation of comprehensive role-based authentication and multi-tenant data siloing system for the EMTB Tax Claim Management platform. This enhancement will ensure that EMTB staff have appropriate access levels based on their roles (admin, account manager, tax specialist) while maintaining strict data isolation where clients can only access their own tax claim data, documents, and related information.
Impact Assessment:
- âś“ Major Impact (architectural changes required) - This enhancement requires:
- Database schema modifications for tenant isolation
- API-level authorization middleware implementation
- Frontend UI adjustments for role-specific interfaces
- Authentication system integration with existing Auth0 setup
- Comprehensive testing of data isolation boundaries
Goals and Background Context​
Goals:
- Implement granular role-based access control for EMTB staff with different permission levels
- Ensure complete data isolation between clients (tenant-based data siloing)
- Maintain security compliance with French data protection regulations
- Enable scalable multi-tenant architecture supporting client growth
- Preserve existing functionality while adding security layers
Background Context: Based on your project brief, the current EMTB system handles sensitive tax claim data for multiple business clients. The completed Strapi→NestJS migration and custom JWT authentication implementation provide the foundation for enhancing multi-tenant security architecture. The existing custom JWT-based authentication (NestJS + Passport + JWT) provides the authentication foundation with user roles already in the database, but you need comprehensive authorization and data isolation to ensure clients never see each other's data and EMTB staff have appropriate access levels for their roles.