Law/.codex/PROJECT_CONTEXT.md

Repository Context Map

Entry Points

• app/main.py: main backend API (/api/public, /api/admin).
• app/chat_main.py: dedicated chat API service.
• app/email_main.py: email service.
• docker-compose.yml: local service topology.

Main Backend Areas

• app/api/public/: public/client cabinet endpoints.
• app/api/admin/: admin and lawyer endpoints.
• app/api/admin/requests_modules/kanban.py: kanban aggregation and filters.
• app/api/admin/crud_modules/: generic CRUD/query layer.
• app/services/: shared domain services, including chat serialization/security.
  • app/services/chat_crypto.py: versioned chat crypto (v1/v2 backward-compatible read, v3 per-chat AEAD write path).
  • app/services/chat_secure_service.py: chat paging, explicit decrypt, message body batches, live delta.
• app/models/: SQLAlchemy models.
  • app/models/message.py: plaintext no longer auto-decrypts from ORM; chat body encryption happens on flush, read decrypt is explicit.
• app/core/: config, middleware, security hardening.

Frontend Areas

• app/web/admin/: admin/lawyer UI source modules.
• app/web/client.jsx: client cabinet entry.
• app/web/admin.js, app/web/client.js: built bundles.

Tests

• tests/test_http_hardening.py: middleware/security headers.
• tests/test_public_cabinet.py: client cabinet flows.
• tests/admin/test_lawyer_chat.py: admin/lawyer chat flows.
• tests/test_migrations.py: migration coverage.

High-Risk Zones

• Request workspace loading: admin app/web/admin/hooks/useRequestWorkspace.js, client app/web/client.jsx.
• Kanban performance: app/api/admin/requests_modules/kanban.py.
• Generic query endpoints used by request modal: app/api/admin/crud_modules/service.py, app/api/admin/invoices.py.
• Chat serialization and live updates: app/services/chat_secure_service.py, public/admin chat routers.
• Chat crypto and migration safety: app/services/chat_crypto.py, app/scripts/reencrypt_with_active_kid.py, tests/test_crypto_kid_rotation.py, tests/test_reencrypt_with_active_kid.py.