# 1. Product Overview

## What This App Does

Sasha Studio is a web-based AI knowledge management platform that wraps Claude Code (Anthropic's CLI tool) in a business-friendly interface. It enables organizations to upload institutional knowledge -- documents, methodologies, project histories -- and interact with that knowledge through a conversational AI assistant. The platform manages sessions, personas, skills, scheduled automations, cloud drive connections, and meeting transcription, all through a single browser-based workspace.

Sasha Studio is deployed as a Docker container per customer, running on Sliplane or AWS ECS Fargate. Each deployment is single-tenant: one organization per container, with its own database, file system, and Claude CLI installation.

## User Roles

| Role | Description |
|------|-------------|
| **Admin** | First user registered. Full access: user management, AI provider configuration, analytics, system settings. Single `is_admin` boolean flag. |
| **Regular User** | Created by admin. Can chat with Sasha, manage files, run skills, use meeting features. Cannot access admin routes. |
| **API Consumer** | External system using API keys (`sk_` prefix). Access to projects, meetings, and tasks APIs (`/api/v1/*`). No UI access. |
| **Claude CLI (localhost)** | The Claude CLI process itself, connecting from localhost. Bypasses JWT auth via IP detection. Used for cron execution and internal operations. |

**Role Model:** Binary admin/non-admin. No intermediate roles, no RBAC, no tenant hierarchy.

## Core Modules

| Module | Business Criticality | Description |
|--------|---------------------|-------------|
| Chat Interface | **Critical** | WebSocket-based conversational UI with Claude CLI backend |
| Knowledge Base | **Critical** | Markdown file system with doc-builder HTML generation |
| File Management | **Critical** | Upload, organize, convert documents across projects |
| Authentication | **Critical** | JWT-based login, API keys for external access |
| Skills & Workflows | High | Markdown-based skill definitions with visual workflow editor |
| Scheduling | High | Cron-based automated prompt execution |
| Cloud Drives | High | Google Drive, OneDrive, SharePoint via rclone/OAuth |
| Admin Portal | High | User management, AI config, analytics dashboards |
| AI Provider Management | High | Claude direct, AWS Bedrock, model selection |
| Meeting Transcription | Medium | Live meeting capture, analysis, advisor system |
| Git Integration | Medium | Version control for knowledge base files |
| MCP Integrations | Medium | 21 external service connectors via Model Context Protocol |
| Onboarding | Medium | 3-step employee-metaphor setup flow |
| Report Publisher | Low | PPTX/PDF generation from design packs |

## How Users Move Through It

1. **Deploy** -- Admin deploys a Docker container (Sliplane or AWS ECS).
2. **First Login** -- First user registers and becomes admin. Configures Claude API key.
3. **Onboarding** -- 3-step flow: company info → API key → live research session where Claude learns about the organization.
4. **Knowledge Upload** -- Admin uploads documents (Word, PDF, Markdown, Excel) to project directories. Documents are converted and indexed.
5. **Daily Use** -- Users log in, select a project, and chat with Sasha. The sidebar provides access to files, knowledge base, skills, schedules, meetings, and settings.
6. **Automation** -- Admin creates skills (reusable prompts) and schedules them via cron expressions for recurring tasks.
7. **Administration** -- Admin manages users, configures AI providers, reviews analytics and usage reports.

## Critical Paths

1. **Chat execution pipeline**: User message → WebSocket → Claude CLI spawn → `--append-system-prompt` with persona/guides → streaming response → tool call rendering → message persistence. Failure here = core product unusable.
2. **Claude CLI availability**: The CLI must be installed, configured with API key, and spawnable. If Anthropic API is down or key is invalid, no AI functionality works.
3. **File system integrity**: Knowledge base files, skills, session data, and logs all live on the filesystem. Docker volume persistence is essential.
4. **Authentication flow**: JWT generation and validation must work for any UI access. Localhost bypass must work for Claude CLI internal calls.
5. **Database availability**: SQLite database stores users, sessions, schedules, cloud connections, API keys, and all configuration. Corruption = data loss.

## Non-Goals (Current Scope)

- **Multi-tenant SaaS**: Each deployment is single-tenant. No shared infrastructure between customers.
- **User self-registration**: Only admin can create new users (after initial registration).
- **Real-time collaboration**: No simultaneous multi-user editing or shared sessions.
- **Mobile native app**: Web-only, with responsive mobile layout.
- **Offline mode**: Requires network connectivity for Claude API access.
- **Fine-tuning or model training**: Uses Claude as-is with prompt engineering and knowledge base context.