RTOpacks — Scope Review¶
10 March 2026
Where we are. What changed. What Phase 3 looks like.
Follows: Phase 1 (data surface) + Phase 2 (clean & rename) + Tim's full review of ops.ucca.online
The Moment: For the first time, ops.ucca.online shows the real state of the platform. Engine runs. Purchase flow works. Real data across three databases. Correct names. Correct layer labels. What was a build project now looks like a product. This document captures where that leaves us and what comes next.
1. What Is Done¶
These are complete. They do not need revisiting in Phase 3 unless something breaks.
| Item | Status | Notes |
|---|---|---|
| Engine — first fire (CHCPRT025) | DONE | Contract v2 PASS, ~100s, 3 modules, all outputs |
| Engine — knowledge/performance evidence fix | DONE | 1,655 chars knowledge + 692 chars performance evidence flowing |
| Engine — quiz schema fix | DONE | 12 questions, 4/module, correct structure |
| Purchase flow — Stripe → ops-db order record | DONE | unit_code in metadata, webhook creates order on payment |
| Purchase flow — PDF renderer | DONE | reportlab, tested on CHCPRT025, 20KB PDF |
| Purchase flow — R2 upload | DONE | rtopacks-output bucket, signed URLs working |
| Purchase flow — email delivery | DONE | Gmail SMTP, HTML+text, non-fatal if fails |
| Purchase flow — /account/orders page | DONE | Magic link auth, orders list, status badges, download |
| Local job poller | DONE | Dev/test tool only — Mac Mini, not production |
| DNS security baseline — all 7 zones | DONE | DNSSEC, CAA, DMARC, SPF, HSTS, SSL Full Strict |
| Security hardening — ucca.online + rtopacks.com.au | DONE | Grade A SecurityHeaders, A+ Qualys SSL |
| Terraform state → Cloudflare R2 | DONE | 202 resources, 9 types, ucca-terraform-state bucket |
| rtopacks-db — 75,189 units, 15,202 enriched | DONE | Read-only, GIN indexing, pg_trgm fuzzy matching |
| ops-db — auth, customers, Stripe, orders | DONE | Magic link auth, customer tables, rtopacks_orders |
| L2 surface — Phase 1 data build (6 pages) | DONE | Courses, RTO Accounts, Production Log, Enrichment, Scope Analytics, Provenance, Compliance |
| L2 surface — Phase 2 clean & rename | DONE | All labels correct, duplicates removed, badges updated |
| reg-intel — KV namespace live, cron wired | DONE | 741fa25a, daily cron 0 3 * * *, 3 seed items |
| US prompt engineering preserved | DONE | worlds/usa_for_later/ — 8 files, README, originals untouched |
| CLAUDE.md — Mac Mini rule, poller note, README rule | DONE | Committed to ucca-docs |
| World container spec, auth model, governance controls | DONE | 38 canonical controls, 12 domains |
| Auth Phase 1+2 — magic link + Stripe checkout | DONE | rtopacks.com.au fully auth-gated |
2. What Is Partial¶
These exist but are incomplete. Phase 3 may address some of these — see Section 4.
| Item | Status | Gap |
|---|---|---|
| Provenance page | PARTIAL | Order-level data live. Full bundle manifests need poller to upload manifest.json to R2. |
| Generation cost column | PARTIAL | Omitted — requires run bundle manifest from engine host. Will populate when poller uploads to R2. |
| RTO domain → account matching | PARTIAL | Email domain cross-reference against rtopacks-db RTOs not yet wired in RTO Accounts page. |
| Catalogue filters | PARTIAL | Filters exist but do not fully mirror TGA taxonomy. Status, NRT Type, Education Level present. Reg Manager filter incomplete. |
| Production Log | PARTIAL | Shows order status only. Contextualisation parameters, cost, and full output detail not yet surfaced. |
| reg-intel — Phase 2/3 feeds | PARTIAL | Phase 1 seed data live. Phase 2 (live regulatory feeds) and Phase 3 (training.gov.au for RTOpacks) not yet built. |
| Workbook generation | PARTIAL | Never implemented. ~2hr build. New method on CourseGenerator. |
| Contextualisation parameterisation | PARTIAL | US hardcode removed to usa_for_later/. AU default not yet wired as first-class parameter. |
| SCORM exporter | PARTIAL | 780 lines exist (backend/scripts/export_scorm_12.py). Not wired to purchase flow or L2 surface. |
| Schema audit | PARTIAL | Not yet done — nested vs top-level mapping needed before restructure. |
3. What Changed — How the Build Shifted Scope¶
These are the significant scope changes that emerged from building and reviewing. They are not failures — they are the product becoming more correct.
3.1 — The Nav Was Wrong¶
The original L2 nav was built around engineering concepts (Pipeline, Enrichment, Scope Analytics) that made sense as infrastructure ideas but were wrong as operator surfaces. Tim's review corrected this. The product now has operator language throughout.
- RTO Explorer → Catalogue (it was always a catalogue browser)
- Enrichment → Production Log (it is a job log, not an enrichment monitor)
- Pipeline → Engine Monitor (it is I/O optics, not a mutation lane)
- Customers → RTO Accounts (L2 sees RTOs as billing entities, not end users)
3.2 — The Layer Model Was Misunderstood¶
God Mode, Operator, World Admin, Customer View — none of these labels described what they were. The four-layer control plane is now correctly labelled: Platform, Ops, RTO Admin, Client. Every surface now uses this language consistently.
3.3 — The Catalogue Is the Core Product¶
What emerged from Tim's review is that the Catalogue — the TGA corpus filtered, navigable, and cross-referenced — is not just a reference tool. It is the core of the RTOpacks product at every layer. The Scope Bible model (TGA View / Your View / Provenance) is the definitive L3 product design. This was not in the original scope — it emerged from seeing the data live.
3.4 — Quality State vs Operational State¶
The platform currently shows operational state (is the order complete?) but not quality state (is the output good?). These are different things. The Triumvirate contract status — PASS/FAIL per element — is invisible. This is a gap that was not visible until Tim looked at the live product. It affects L2, L3, and L4.
3.5 — The Door and the Onboarding Model¶
The Door onboarding experience (pre-populated account, enrolled course, gift pack on the counter) emerged as the most powerful acquisition mechanism in the product. It was not in the original scope. It is now locked as a product decision and needs a build brief.
3.6 — Beyond TGA Is Real¶
The enterprise extension (general training, internal certification, pathway to accreditation) emerged as a natural product extension that the engine already supports. It requires no new engine work — only new world configuration and L3 surface design. This changes the addressable market significantly.
4. Phase 3 — What Comes Next¶
These are ordered by priority. P0 = blocks go-live or first customer. P1 = needed before scale. P2 = important but not blocking.
| Pri | Item | Why | Brief Type |
|---|---|---|---|
| P0 | End-to-end test | No real customer has been through the full flow yet. Stripe → engine → PDF → email → /account/orders. Must be confirmed working before any other work. | Tim action — not Alex |
| P0 | Job poller — cloud move | Mac Mini is a production dependency today. Must move to Cloudflare Workers + cloud engine hosting before first real customer. | Architecture decision + Alex brief |
| P0 | Contextualisation → AU default | US hardcode removed but AU default not wired as first-class parameter. Every generation defaults to US framing until fixed. | Alex brief — short |
| P1 | L3 RTO Control Panel — Scope Bible | The three-tab model (TGA View / Your View / Provenance) is the core L3 product. Nothing exists at L3 yet. This is the RTO's primary surface. | Major Alex brief |
| P1 | Catalogue filters → TGA taxonomy | Filters must mirror TGA exactly across L2, L3, L4. Currently partial. This is a locked product decision. | Alex brief — medium |
| P1 | RTO onboarding — Domain match + scope pre-population | Account creation flow: email domain → rtopacks-db match → scope pre-populated. The foundation of the Door experience. | Alex brief — medium |
| P1 | Triumvirate contract status visible at L2 | Quality state is invisible. Order shows 'complete' but not whether the output is good. Triumvirate PASS/FAIL per element needs to surface. | Alex brief — short |
| P1 | Production Log — full detail | Currently shows order status only. Needs: unit, customer, contextualisation params, output format, cost, generation time. | Alex brief — short |
| P1 | Schema audit + restructure | Run bundle output has nested schema issues. Map first, restructure second. Required before workbook generation. | Alex brief — 2 parts |
| P2 | Door onboarding — enrolled course experience | The full onboarding sequence: unit spec display, TAE, SCORM delivery, self-assessment, debrief, gift pack. Requires L3 surface. | Major Alex brief — after L3 |
| P2 | Workbook generation | ~2hr build on CourseGenerator. Structured assessment workbook from Triumvirate outcomes. Requires schema restructure first. | Alex brief — after schema |
| P2 | Drift Monitor — L2 aggregate view | reg-intel Phase 3. Wire training.gov.au feed. Show aggregate drift signal at L2. Client-facing alerts at L3/L4. | Alex brief — after L3 |
| P2 | LIVE/GUIDED/COMPLIANCE mode switcher | Currently decorative. All three modes need wiring. COMPLIANCE mode = ASQA prep view. Major feature. | Separate brief — large |
| P2 | Provenance — full bundle manifests | Poller needs to upload manifest.json to R2 alongside PDF. Then Provenance page reads full detail automatically. | Alex brief — short |
| P2 | SCORM wired to purchase flow | Exporter exists (780 lines). Wire as output format option alongside PDF. | Alex brief — medium |
| P2 | reg-intel Phase 2+3 | Live regulatory feeds + training.gov.au revision alerts. The compliance trigger engine. | Alex brief — after L3 |
| P2 | US world build | worlds/usa_for_later/ is the starting point. Community college market. After AU RTOpacks is stable. | Future — not Phase 3 |
5. The Shape of What We Have Now¶
Before Phase 3 begins — this is an honest description of the product as it stands today.
What Works: The engine generates real, compliant course content from TGA units. Contract PASS. ~100 seconds. All outputs. A customer can pay via Stripe, receive a PDF course pack by email, and view their order history. ops.ucca.online shows the real state of the platform — orders, customers, 75K units, 12.5K RTOs, provenance. All infrastructure is cloud-native except the job poller. DNS hardened. Security A+. Terraform managed. The product philosophy is locked: Scope Bible, TGA taxonomy, Door onboarding, enterprise extension, ASQA boundary.
What Doesn't Work Yet: An RTO cannot log in and manage their scope. L3 does not exist. The job poller dies if the Mac Mini is offline. Every generation defaults to US framing — AU contextualisation not wired. Quality state is invisible — you can see an order is complete but not whether the output is good. The onboarding experience is a login form. The Door does not exist yet.
The One-Line Summary: The cash register works. The shop front doesn't exist yet. Phase 3 builds the shop front.
Living document. Update after each phase. Next update: after Phase 3 P0 items complete.
Version History¶
| Version | Date | Change | Author |
|---|---|---|---|
| 1.0 | 2026-03-11 | Converted from RTOpacks-Scope-Review-2026-03-10.docx | Claude Code |