# 11. Non-Functional Requirements

## Security

| Requirement | Current State | Notes |
|------------|--------------|-------|
| Password hashing | bcrypt | Default salt rounds |
| Token authentication | JWT (no expiry) | See Q1 in open questions |
| API key storage | bcrypt hash | Full key shown once, irretrievable |
| Secret encryption | AES-256-GCM | Cloud credentials, Bedrock keys, named secrets |
| Path traversal prevention | `safePath()` utility | All user-controlled paths validated |
| Rate limiting | express-rate-limit | Default: 100 req/15 min, configurable |
| Security headers | Helmet.js | Enabled by default |
| CORS | Express CORS middleware | TBD: exact configuration |
| SQL injection | Parameterized queries (better-sqlite3) | Prepared statements throughout |
| XSS | React (auto-escaped), `rehype-raw` for markdown | `rehype-raw` in markdown rendering needs review |
| Dependency scanning | CodeQL, Semgrep, OSV (GitHub Actions) | Automated on PRs |
| Container scanning | Trivy/Grype (GitHub Actions) | Scans Docker images |

## Privacy

| Requirement | Current State |
|------------|--------------|
| Data isolation | Single-tenant per container |
| Data location | Configurable (Sliplane regions, AWS regions) |
| Data at rest | SQLite file on Docker volume, no filesystem encryption |
| Data in transit | HTTPS (TLS termination at load balancer/Sliplane) |
| PII handling | User data in SQLite, knowledge base on filesystem |
| Data deletion | User delete cascades in DB, files remain on filesystem |
| Audit trail | `hook_events`, `execution_history`, `api_key_usage` tables |

## Performance

| Metric | Target | Current Implementation |
|--------|--------|----------------------|
| Time to first token | < 100ms (after Claude responds) | WebSocket streaming, no server buffering |
| Page load | < 2s | Vite production build, code splitting |
| File upload | 50MB default limit | Configurable via `MAX_FILE_SIZE` |
| Database queries | < 50ms typical | SQLite with indexes, synchronous API |
| File tree rendering | < 1s for 1000 files | File tree caching (`fileTreeCache.js`) |
| Memory usage | < 2GB per container | Docker resource limits, memory monitoring |

## Reliability

| Requirement | Current State |
|------------|--------------|
| Uptime target | No formal SLA (customer-deployed) |
| Health check | `GET /health` endpoint, Docker HEALTHCHECK |
| Auto-restart | Docker `restart: unless-stopped` |
| Database integrity | `PRAGMA integrity_check` on startup |
| Session resilience | Filesystem-based (survives browser data clearing) |
| Graceful shutdown | TBD: shutdown handling for CLI processes |
| Error boundaries | React ErrorBoundary wraps main content |

## Observability

| Component | Mechanism |
|-----------|-----------|
| Server logs | stdout/stderr (Docker logs) |
| Execution logs | JSONL files (`EXECUTION_LOG_FILE`, `SCHEDULER_LOG_FILE`) |
| Hook analytics | `hook_events`, `hook_tool_execs` tables |
| Usage metrics | `usage_events` table (tokens, cost, latency) |
| Quality signals | `response_quality_signals` table |
| Activity logging | `sessions`, `raw_exchanges` tables |
| Memory monitoring | `memoryMonitor.js`, `containerMemory.js` |
| Event loop monitoring | `eventLoopMonitor.js` |
| Debug flags | 10+ `DEBUG_*` env vars for targeted logging |

## Scalability

| Dimension | Current Capacity | Scaling Strategy |
|-----------|-----------------|-----------------|
| Users per instance | ~10-50 (single-tenant) | Deploy more containers |
| Concurrent sessions | Limited by Claude API rate limits | Per-container isolation |
| Knowledge base size | Limited by filesystem/volume size | EFS for large bases |
| Database size | SQLite practical limit ~100GB | Retention policies, archival |
| File storage | Volume-dependent | EFS or S3 mount |

## Accessibility

| Requirement | Current State |
|------------|--------------|
| Keyboard navigation | Partial (standard HTML controls) |
| Screen reader support | TBD -- not verified |
| Color contrast | Dark/light themes, TBD: WCAG compliance |
| Focus management | TBD |
| ARIA labels | TBD -- not systematically applied |

## Browser/Device Support

| Platform | Support Level |
|----------|-------------|
| Chrome (latest) | Primary |
| Firefox (latest) | Supported |
| Safari (latest) | Supported |
| Edge (latest) | Supported |
| Mobile browsers | Responsive layout, MobileNav component |
| IE11 | Not supported |

## Compliance & Data Retention

| Requirement | Current State |
|------------|--------------|
| GDPR | TBD -- single-tenant helps (data stays with customer) |
| HIPAA | TBD -- depends on deployment configuration |
| SOX | TBD |
| Data retention | Configurable via retention services (`ACTIVITY_LOG_RETENTION_DAYS`, `QUALITY_RETENTION_DAYS`) |
| Right to deletion | User delete cascades in DB; file cleanup TBD |
| Audit logging | Hook events, execution history, API key usage |