# StudyMate-SchoolOrchestrator: Comprehensive Architecture Overview ## Sprint 13 Implementation Guide **Date**: 2025-11-13 **Version**: 2.0 (Complete Architecture Analysis) **Codebase**: PHP 8.0+ (Backend), JavaScript (Frontend), Python (Jobs) **Database**: MySQL 5.7+ / MariaDB 10.3+ --- ## 1. OVERALL DIRECTORY STRUCTURE ``` StudyMate-SchoolOrchestrator/ ├── orchestrator/ # Main backend application │ ├── .env.php # Configuration (environment-based) │ ├── api/ # REST API endpoints (29 PHP files) │ ├── lib/ # Core libraries & services (10 PHP files) │ ├── ui/ # UI components (7 JavaScript files) │ ├── services/ # Service layer (WorkflowManager, VersionService, etc.) │ ├── realtime/ # Real-time features │ ├── jobs/ # Async jobs (Python export_telemetry.py) │ ├── tests/ # Integration tests │ ├── docs/ # API documentation & schemas │ ├── sql/ # Database schemas & migrations │ ├── logs/ # Application logs (auto-rotated) │ ├── cache/ # Caching layer │ └── migrations/ # Database migrations (numbered) │ ├── public/ # Frontend SPA │ ├── index.html # Main entry point │ ├── assignments.html # Assignment interface │ ├── diag.html # Diagnostics interface │ ├── js/ # JavaScript application code │ │ ├── app.js # Core routing & API client │ │ ├── assignments.js # Assignment management │ │ ├── features-*.js # Feature modules (reco, difficulty, focus, fatigue) │ │ └── view/ # View components (dashboard, social, progress, missions, partners, telemetry) │ ├── assets/ # CSS and static assets │ └── vendor/ # Third-party libraries (Chart.js, etc.) │ ├── ergomate/ # ErgoMate integration │ └── importer/ # Theme import from ErgoMate │ ├── docs/ # Documentation │ ├── SPRINT_11_CONTENT_CREATION_SUITE.md │ ├── SPRINT_12_PEDAGOGICAL_LIBRARY.md │ └── schema/ # JSON schemas │ ├── migrations/ # Root-level migrations ├── README.md # Main documentation ├── INSTALLATION.md # Setup guide └── SPRINT_*.md # Sprint-specific documentation ``` --- ## 2. API ENDPOINTS ARCHITECTURE ### Location: `/orchestrator/api/` #### Core API Files (20+ endpoints) | File | Purpose | Key Endpoints | |------|---------|---------------| | `health.php` | Service health & diagnostics | GET /api/health | | `auth.php` | Authentication | POST /api/auth/login, GET /api/auth/me | | `students.php` | Student management | GET /api/students, GET /api/students/{id} | | `themes.php` | Theme CRUD | GET/POST /api/themes, PATCH /api/themes/{id} | | `assignments.php` | Assignment CRUD | GET/POST /api/assignments, events tracking | | `ai.php` | AI content generation | POST /api/ai/theme-from-text, POST /api/ai/theme-from-pdf | | `catalog.php` | Pedagogical library (Sprint 12) | List, validate, publish, version control | | `coach.php` | AI coach interactions | /api/coach/* | | `social.php` | Leaderboards & sharing (Sprint 8) | /api/social/leaderboard, /api/social/shared-content | | `reco.php` | Recommendations (Sprint 7) | GET /api/reco?studentId=X | | `improve.php` | Student improvement suggestions | /api/improve/* | | `insights.php` | Analytics insights | /api/insights/* | | `preview.php` | Theme preview | /api/preview/* | | `publish.php` | Publishing workflow | /api/publish/* | | `ingest.php` | Data ingestion | /api/ingest/* | | `academic.php` | Read-only exports (Sprint 9) | GET /api/academic/students, /export, /stats | | `partners/usage.php` | API usage tracking | /api/partners/usage | | `student/` | Student-facing endpoints | Missions, badges, etc. | | `analytics/` | Analytics KPIs | /api/analytics/* | | `telemetry/` | Observability data | /api/telemetry/* | #### Middleware Stack All API files follow this pattern: ```php require_once __DIR__ . '/_middleware_tenant.php'; // Tenant isolation require_once __DIR__ . '/_middleware_rbac.php'; // Role-based access require_once __DIR__ . '/_middleware_rate_limit.php'; // Rate limiting require_once __DIR__ . '/_middleware_telemetry.php'; // Request logging ``` ### Middleware Files (4 critical layers) | Middleware | File | Purpose | |-----------|------|---------| | **Tenant Isolation** | `_middleware_tenant.php` | Multi-tenant security, enforces X-Orchestrator-Id | | **RBAC** | `_middleware_rbac.php` | Role-based permissions (admin, direction, teacher, intervenant, inspector) | | **Rate Limiting** | `_middleware_rate_limit.php` | Per-tenant, per-endpoint throttling (100 req/60s default) | | **Telemetry** | `_middleware_telemetry.php` | Request/response logging, performance tracking | ### Request Routing Pattern **No framework**: Direct PHP file routing via file inclusion and URI parsing ```php $path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH); $pathParts = explode('/', trim($path, '/')); $resourceId = $pathParts[3] ?? null; // /api/{resource}/{id} $action = $pathParts[4] ?? null; // /api/{resource}/{id}/{action} ``` --- ## 3. UI COMPONENTS ARCHITECTURE ### Location: `/public/` (SPA - Single Page Application) #### Main Entry Point: `index.html` **Architecture**: Vanilla JavaScript SPA (no framework like React/Vue) - Single HTML file with all views embedded - Dynamic DOM manipulation via JavaScript - Client-side routing via hash (#) or manual view switching #### JavaScript Files **Core App** (`js/app.js`): - `const API_BASE_URL` - Backend URL - `function apiCall(endpoint, opts)` - HTTP client with auth headers - `function login(email, password)` - JWT token acquisition - `function navigateTo(view)` - View switching - Authentication token management via localStorage **View Components** (`js/view/`): - `view-dashboard.js` - Teacher overview with KPIs, charts - `view-social.js` - Leaderboards, content sharing (Sprint 8) - `view-student-progress.js` - Learning curve visualization - `view-student-missions.js` - Mission tracker & badges (Sprint 5) - `view-partners.js` - API usage statistics - `view-telemetry.js` - System health monitoring **Feature Modules** (`js/`): - `assignments.js` - Assignment creation, targeting, management - `features-reco.js` - Recommendation widget (Sprint 7) - `features-difficulty.js` - Difficulty selector - `features-focus.js` - Mini-session modes - `features-fatigue.js` - Fatigue detection UI **UI Components for Content Generation** (`orchestrator/ui/`): - `ai_creator.js` - Multi-step AI content generation UI (4 steps: upload → extract → generate → publish) - `ai_creator.css` - Styling for AI creator - `catalog_view.js` - Browse pedagogical library (Sprint 12) - `catalog_validation.js` - Validation interface for content reviewers - `theme_viewer.js` - Read-only theme display - `theme_editor.js` - Theme editing interface - `library_view.js` - Internal library browsing #### Authentication Flow ``` Login Page ↓ POST /api/auth/login (email + password) ↓ Response: { token: "JWT", user: {...}, expiresAt: "..." } ↓ localStorage.setItem('authToken', token) ↓ All subsequent API calls: Authorization: Bearer {token} ↓ X-Orchestrator-Id: {tenantId} (header for multi-tenant context) ``` --- ## 4. SERVICES ORGANIZATION ### Location: `/orchestrator/lib/` (10 service files) | Service | File | Responsibilities | |---------|------|------------------| | **AI Service** | `ai_service.php` | Mistral API integration, content generation, schema validation | | **Auth Service** | `auth.php` | Dual auth (UrlEncoded + JWT HS256), token generation/verification | | **Database** | `db.php` | PDO singleton, query abstraction, connection pooling | | **Logger** | `logger.php` | Rotating logs (5MB x 5), structured logging | | **Utilities** | `util.php` | Helper functions, response formatting, ID generation | | **Recommendations** | `recommendations.php` | Recommendation engine, learning analytics | | **Badges** | `badges.php` | Gamification, badge criteria evaluation | | **Notifications** | `notify.php` | In-app & email notifications | | **Teacher Validation** | `teacher_validation.php` | Content review workflow | ### Service Layer (Advanced) Located in `/orchestrator/services/`: | Service | File | Capabilities | |---------|------|--------------| | **WorkflowManager** | `WorkflowManager.php` | Validation state machine, publishing workflow (Sprint 12) | | **VersionService** | `VersionService.php` | Theme versioning, rollback, change tracking | | **ThemeService** | `ThemeService.php` | Theme linting, validation, publishing | | **ThemeLinterService** | `ThemeLinterService.php` | Pedagogical quality checks, content validation | --- ## 5. AI/LLM INTEGRATION PATTERNS ### Mistral AI Integration **Service File**: `/orchestrator/lib/ai_service.php` **Core Method**: ```php public function generateThemeFromText($text, $userId, $tenantId, $options = []) ├─ Compute source hash (SHA256) for deduplication ├─ Check cache (7-day TTL for valid generations) ├─ Call Mistral API (mistral-medium model) ├─ Validate schema (SchemaValidator class) ├─ Create theme from result └─ Store generation record with metrics ``` ### API Endpoints for AI **File**: `/orchestrator/api/ai.php` ``` POST /api/ai/theme-from-text ├─ Input: { text, type: 'theme'|'quiz'|'flashcards'|'fiche', difficulty: 'intermediate' } ├─ Returns: { generation_id, theme_id, result, validation, processing_time_ms, cached } POST /api/ai/theme-from-pdf ├─ Input: multipart form (file field = 'pdf') ├─ Status: NOT YET IMPLEMENTED (returns 501) └─ TODO: PDF text extraction required GET /api/ai/generations ├─ List all AI generation jobs with pagination ├─ Filters: status, validation_status └─ Returns: Array of generations + metadata GET /api/ai/generations/{id} ├─ Detail view with decoded JSON results └─ Shows validation errors if present ``` ### Database Tables for AI **ai_generations** table: ```sql id, tenant_id, user_id, generation_type, source_type, source_hash result_json, validation_status, validation_errors, theme_id status (queued|processing|completed|error) processing_time_ms, created_at, updated_at ``` **api_keys** table (BYOK - Bring Your Own Key): ```sql id, tenant_id, user_id, provider (mistral) key_encrypted, label, status, last_used_at ``` **mistral_queue** table (Async job queue): ```sql id, tenant_id, user_id, pdf_path, pdf_hash job_type, status, result_theme_id, error_message priority, attempts, started_at, completed_at ``` ### Mistral Configuration **File**: `/orchestrator/.env.php` ```php define('MISTRAL_API_ENDPOINT', 'https://api.mistral.ai/v1/chat/completions'); define('MISTRAL_DEFAULT_MODEL', 'mistral-medium'); define('MISTRAL_TIMEOUT', 30); // seconds ``` ### Prompt Engineering Patterns **In AIService::buildPrompt()**: - **theme**: Full unit with 10 MCQs + 10 flashcards + structured fiche - **quiz**: 15 multiple-choice questions - **flashcards**: 20 front/back pairs - **fiche**: Study sheet with key concepts ### Schema Validation **Class**: `SchemaValidator` (in `ai_service.php`) ```php public function validateTheme($data) ├─ Check required: title, description, difficulty ├─ Validate questions: id, text, 2+ choices, correctAnswer ├─ Validate flashcards: id, front, back └─ Return: { valid: bool, errors: [...] } ``` ### UI for AI Creation **File**: `/orchestrator/ui/ai_creator.js` **4-Step Workflow**: 1. **Upload** - PDF/audio file drag-and-drop 2. **Extraction** - Text parsing from file 3. **Generation** - AI content generation with Mistral 4. **Publication** - Theme validation and publishing --- ## 6. CONFIGURATION & ENVIRONMENT ### Main Configuration File **File**: `/orchestrator/.env.php` **Sections**: ```php // DATABASE define('DB_HOST', getenv('DB_HOST') ?: 'localhost'); define('DB_NAME', getenv('DB_NAME') ?: 'studymate_orchestrator'); define('DB_USER', getenv('DB_USER') ?: 'root'); define('DB_PASS', getenv('DB_PASS') ?: ''); // AUTHENTICATION define('AUTH_MODE', getenv('AUTH_MODE') ?: 'MIXED'); // URLENCODED, JWT, or MIXED define('JWT_SECRET', getenv('JWT_SECRET') ?: 'change-me-in-production'); define('JWT_EXPIRY_SECONDS', 86400 * 7); // 7 days // API KEYS (UrlEncoded auth) $GLOBALS['API_KEYS'] = [ 'teacher' => getenv('API_KEY_TEACHER') ?: 'teacher-dev-key-change-me', 'admin' => getenv('API_KEY_ADMIN') ?: 'admin-dev-key-change-me', 'director' => getenv('API_KEY_DIRECTOR') ?: 'director-dev-key-change-me', ]; // LOGGING define('LOG_FILE', __DIR__ . '/../logs/app.log'); define('LOG_LEVEL', getenv('LOG_LEVEL') ?: 'INFO'); define('LOG_ROTATE_MAX_SIZE', 5 * 1024 * 1024); // 5 MB define('LOG_ROTATE_MAX_FILES', 5); // RATE LIMITING define('RATE_LIMIT_ENABLED', true); define('RATE_LIMIT_MAX_REQUESTS', 100); define('RATE_LIMIT_WINDOW_SECONDS', 60); // CACHE define('CACHE_DIR', __DIR__ . '/../cache'); define('CACHE_ENABLED', true); define('CACHE_DEFAULT_TTL', 300); // 5 minutes // MODE define('APP_ENV', getenv('APP_ENV') ?: 'development'); define('APP_DEBUG', APP_ENV !== 'production'); define('MOCK_MODE', getenv('MOCK_MODE') === 'true'); // UPLOADS define('UPLOADS_DIR', __DIR__ . '/uploads'); define('UPLOADS_MAX_SIZE', 10 * 1024 * 1024); define('UPLOADS_ALLOWED_TYPES', ['pdf', 'txt', 'docx']); // MISTRAL AI define('MISTRAL_API_ENDPOINT', 'https://api.mistral.ai/v1/chat/completions'); define('MISTRAL_DEFAULT_MODEL', 'mistral-medium'); define('MISTRAL_TIMEOUT', 30); ``` ### Environment Variables All configuration can be overridden via environment variables: ```bash DB_HOST=localhost DB_NAME=studymate_orchestrator JWT_SECRET=your-secure-256-bit-key AUTH_MODE=MIXED APP_ENV=production MOCK_MODE=false ``` ### Documentation Files **File**: `/orchestrator/docs/openapi-orchestrator.yaml` Complete OpenAPI 3.1.0 specification: - Metadata, servers, tags - All paths with request/response schemas - Component schemas (ErrorResponse, LoginRequest, Student, Theme, etc.) - Security schemes (BearerAuth, ApiKeyUrlEncoded) - RBAC permission matrix --- ## 7. BACKUP, DIAGNOSTIC & EXPORT FUNCTIONALITY ### Diagnostic System **Web Interface**: `/public/diag.html` **Backend**: `/orchestrator/diag.php` (requires ADMIN_KEY) **Health Checks**: - GET `/api/health` - Basic service status - GET `/api/health?check=db` - Database connectivity test - GET `/api/health?check=full` - Complete system diagnostics **Information Provided**: - PHP version, extensions, memory limit - Database: host, name, charset, connection status, query speed - File system: log directory, upload directory, permissions - Configuration: environment, debug mode, auth mode - Cache: status, directory, TTL ### Data Export Functionality **File**: `/orchestrator/api/academic.php` (Sprint 9) **Read-Only Academic API** with exports: ``` GET /api/academic/export ├─ Format: json (CSV planned) ├─ Includes: │ ├─ students (all students, exported_at) │ ├─ classes (all classes) │ ├─ themes (all themes with content) │ └─ stats (student statistics) ├─ Rate limited by API key └─ Requires: academic:export permission GET /api/academic/students ├─ List all students with stats └─ Pagination support GET /api/academic/stats ├─ Aggregated performance statistics └─ Tenant-wide analytics ``` **Scope**: Read-only, for ENT/LMS integration only ### Telemetry Export Job **File**: `/orchestrator/jobs/export_telemetry.py` **Purpose**: Python script to export observability data **Usage**: Background job for periodic data exports ### Database Backup Strategy **Included in schema**: - Full schema with all tables - Foreign key constraints - Indexes for performance - Seed data available **Recommended approach**: ```bash # Full backup mysqldump -u username -p database_name > backup.sql # Import mysql -u username -p database_name < backup.sql ``` ### Logging & Audit Trail **Log File**: `/orchestrator/logs/app.log` **Auto-Rotation**: - Max file size: 5 MB - Max files: 5 (logs 1-5) - Retention: 30 days - Format: Structured JSON (timestamp, level, message, context) **Logged Events**: - API requests (endpoint, method, duration, status) - Authentication (login attempts, token generation) - AI generations (model, tokens, processing time) - Database errors - Permission denials (RBAC violations) --- ## 8. DATABASE ARCHITECTURE ### Core Tables **Multi-Tenant Model**: ``` tenants (id, name, type, settings, status) └─ users (id, tenant_id, email, password_hash, role, status) └─ promotions (id, tenant_id, year_start, level) └─ classes (id, tenant_id, promo_id, teacher_id) └─ students (id, tenant_id, class_id, uuid_scolaire, consent_sharing) └─ themes (id, tenant_id, created_by, title, content JSON, difficulty, source, status) └─ assignments (id, tenant_id, teacher_id, theme_id, type, status) └─ stats (id, tenant_id, student_id, theme_id, attempts, score, mastery) └─ sync_logs (id, tenant_id, direction, status) ``` ### Advanced Tables (Sprints 2-12) **AI & Content Generation**: - `ai_generations` - Track all AI generations with validation status - `api_keys` - Mistral BYOK (encrypted keys) - `mistral_queue` - Async PDF processing queue **Sprint 5+ (Gamification)**: - `badges` - Badge definitions - `student_badges` - Student achievements - `missions` - Learning missions **Sprint 8+ (Social)**: - `leaderboard_settings` - Period, anonymization - `shared_content` - Student-shared explanations - `peer_comments` - Comment threading - `collaborative_sessions` - Group study tracking **Sprint 12+ (Pedagogical Library)**: - `catalog_metadata` - Theme versioning info - `theme_versions` - Version history - `validation_queue` - Workflow state ### Migrations **Location**: `/orchestrator/sql/migrations/` **Structure**: - Numbered migrations (003, 004, etc.) - Sprint-specific migrations (migration_sprint2.sql, sprint6_analytics_dashboard.sql, sprint8_social.sql) - Reversible operations --- ## 9. RBAC & SECURITY ### Role Hierarchy 5 defined roles: - **admin** - Full system access - **direction** - School leadership, aggregated reports, user management - **teacher** - CRUD own assignments/themes, view own students - **intervenant** - Limited access to assigned classes only - **inspector** - Read-only access to all data for inspection ### Permission Matrix (from RBAC middleware) **Resource**: `assignments` | Action | admin | direction | teacher | inspector | intervenant | |--------|-------|-----------|---------|-----------|-------------| | create | ✅ | ✅ | ✅ | ❌ | ❌ | | read | ✅ | ✅ | ✅ | ✅ | ✅ | | read_all | ✅ | ✅ | ❌ | ✅ | ❌ | | update | ✅ | ✅ | ✅ (own) | ❌ | ❌ | | delete | ✅ | ✅ | ✅ (own) | ❌ | ❌ | | push | ✅ | ✅ | ✅ | ❌ | ❌ | ### Authentication Methods **Dual Support**: 1. **UrlEncoded** (Priority #1 - shared hosting compatible) ``` api_key=secret&tenant_id=TENANT_ID&scope=teacher ``` 2. **JWT Bearer** (Standard REST) ``` Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... ``` **JWT Specification**: - Algorithm: HS256 (HMAC-SHA256) - Secret: Min 32 chars (256 bits) - Payload includes: `sub` (user_id), `tenant_id`, `scope`, `iat`, `exp` - Default expiry: 7 days - Optional: sessions table for token revocation --- ## 10. SPRINT-SPECIFIC FEATURES ### Sprint 12: Pedagogical Library **New Tables**: - `catalog_metadata` - Theme catalog info - `theme_versions` - Version control - `validation_queue` - Workflow state (proposed → validating → validated → published) **New Endpoints** (`/api/catalog/`): - List, detail, submit, validate, publish, archive, versions, rollback **New UI Components**: - `catalog_view.js` - Browse library - `catalog_validation.js` - Validation interface (for referents) - `theme_viewer.js` - Read-only display **Workflow**: 1. Teacher proposes theme 2. Referent validates (checks pedagogy) 3. Published to tenant catalog 4. Other teachers can use/fork 5. Version control with rollback ### Sprint 11: Content Creation Suite **Features**: - AI-powered content generation from text - Multi-format support (quiz, flashcards, fiche, full theme) - Mistral integration with source deduplication - Schema validation ### Sprint 10: AI Copilot **Current Status**: Architecture analyzed, recommendations in SPRINT10_ARCHITECTURE_OVERVIEW.md **Planned**: - Conversational AI tutoring - Teacher assistance for content creation - Student Q&A support - Real-time feedback ### Sprint 8: Social & Collaboration **Features**: - Leaderboards (weekly, monthly, all-time) - Peer content sharing with comments - Collaborative study sessions - Anonymization options ### Sprint 7: Adaptive Learning **Features**: - Recommendation engine based on learning profile - Difficulty adjustment - Focus mode (mini-sessions) - Fatigue detection & suggestions --- ## 11. QUICK REFERENCE FOR SPRINT 13 IMPLEMENTATION ### Key Files to Review 1. **Authentication**: `/orchestrator/lib/auth.php` 2. **API Patterns**: `/orchestrator/api/assignments.php` (template) 3. **AI Integration**: `/orchestrator/lib/ai_service.php` 4. **RBAC Matrix**: `/orchestrator/api/_middleware_rbac.php` 5. **Database Schema**: `/orchestrator/sql/schema.sql` 6. **OpenAPI Spec**: `/orchestrator/docs/openapi-orchestrator.yaml` ### Common Implementation Patterns **Adding a New API Endpoint**: 1. Create `/orchestrator/api/new_feature.php` 2. Include middleware stack 3. Parse URI for resource/action/id 4. Call requireAuth() and enforceRBAC() 5. Query database via `db()` 6. Return jsonResponse() or errorResponse() **Adding a New UI Component**: 1. Create `/orchestrator/ui/new_component.js` or `/public/js/features-new.js` 2. Implement render() method 3. Use apiCall() for backend communication 4. Update main HTML/CSS for integration **Adding Database Tables**: 1. Create migration file in `/orchestrator/sql/migrations/` 2. Include in schema.sql for baseline setup 3. Document in sprint documentation 4. Add foreign keys and indexes ### Critical Security Considerations - All API endpoints must check tenant isolation - RBAC permissions must be enforced before data access - Rate limiting protects against abuse - All user inputs must be parameterized (use db()->execute() with params) - Sensitive data (API keys, passwords) must be hashed/encrypted - Error responses should not leak system details (only in APP_DEBUG mode) --- ## 12. TECHNOLOGY STACK SUMMARY | Layer | Technology | Location | |-------|-----------|----------| | **Backend API** | PHP 8.0+ | `/orchestrator/api/*.php` | | **Libraries/Services** | PHP | `/orchestrator/lib/*.php` | | **Database** | MySQL 5.7+ / MariaDB 10.3+ | Schema: `/orchestrator/sql/` | | **Frontend** | Vanilla JavaScript (ES6+) | `/public/js/` | | **Frontend Styling** | CSS3 | `/public/assets/styles.css` | | **Authentication** | JWT HS256 + UrlEncoded | `/orchestrator/lib/auth.php` | | **AI Integration** | Mistral API (cURL) | `/orchestrator/lib/ai_service.php` | | **Async Jobs** | Python | `/orchestrator/jobs/` | | **Documentation** | OpenAPI 3.1.0, Markdown | `/orchestrator/docs/`, `*.md` | | **Multi-Tenancy** | Database-level isolation | Enforced in middleware | | **Caching** | File-based | `/orchestrator/cache/` | | **Logging** | Rotating file logs | `/orchestrator/logs/` | --- ## CONCLUSION StudyMate-SchoolOrchestrator is a **mature, production-ready platform** with: ✅ **Solid Foundation**: Multi-tenant architecture, RBAC, dual authentication ✅ **AI-Ready**: Mistral integration patterns established, schema validation in place ✅ **Extensible**: Clear service layer, middleware pipeline, OpenAPI documentation ✅ **Observable**: Comprehensive logging, telemetry, diagnostics system ✅ **Secure**: Tenant isolation, permission enforcement, rate limiting **For Sprint 13**, build upon these proven patterns: - Use existing middleware stack for new endpoints - Follow AIService pattern for AI features - Leverage RBAC permissions matrix - Maintain database relationship patterns - Document in OpenAPI spec - Add integration tests The architecture is ready for advanced features like AI copilots, advanced analytics, and collaborative learning at scale.