Cases Runtime · Planning

Context บริบท

Phase 12E ประกอบ Case Issues Portal ครบ: schema 27 fields · 6 creation modes (manual + 5 AI) · 7 view modes · 11 lifecycle statuses · 10 mapping rules · 12-stage AI analytics · alerting 4 levels · SLA per-level · PDPA discipline. A ต้อง build runtime: cron scheduler · source-monitoring pipeline · AI inference service · review queue UI · notification escalation · SLA enforcement. Daily possible-case cap = 20/day (12E.1 locked) · 07:00 Asia/Bangkok cadence · 4h review SLA.

docs/kb/data/case_schema.json27 fields · 12 case_types · alert_level mapping · PDPA discipline

docs/kb/data/case_portal.json6 creation modes · 7 view modes · 4 export · 20/day cap · 07:00 queue

docs/kb/data/case_mapping_model.json10 mapping rules · case → signals/dashboards/actors

docs/kb/data/ai_issue_analytics.json12 pipeline stages · dual-view + proactive/reactive rule

docs/kb/data/alerting_model.json4 levels · 11 lifecycle · 3 escalation paths · 5 measures

docs/kb/data/sla_model.jsonPer-level bands · sensitive_override dual-approval

docs/kb/data/multi_source_intake.jsonSource-monitoring input for AI cases

Scope A implement อะไร

Case store: Postgres table matching case_record schema · indexes on status/case_type/severity/datetime/location
Cron scheduler: 07:00 Asia/Bangkok · generates ≤20 possible-cases/day per daily_possible_case_generation.max_items_per_day
Source monitoring: social listening + internal signal aggregation feeding AI pipeline
AI pipeline service: 12-stage per ai_issue_analytics.pipeline_stages · Claude API via CLAUDE.md Layer F · faithfulness floor 0.70
Review queue UI: 4h SLA timer per case · default_status from queue config · filter + assign + sign-off
7 view modes: overview · search · map · table · dashboard · report · detail
6 creation modes: manual form + 5 AI input paths (text · image · pdf · link · social)
Alerting engine: 4 levels → PagerDuty (P0/P1) / Slack (P2/P3) / LINE (P0) per CLAUDE.md
SLA enforcement: breach consequences per sla_model.breach_consequences · sensitive_override requires dual-approval
Sign-off capture: reviewer identity · decision · timestamp · attachment · audit-log
Export: 4 formats per case_portal.export_formats · PDPA-safe
Trilingual labels: TH/EN/ZH throughout

Field Mapping — case_record B schema → A runtime table

Source: case_schema.case_record (27 fields).

B Field	B Type	A Runtime Target	A Owner	Approval Gate	Binding	Notes
id	string	`cases.id` PK (UUID or CASE-YYMMDD-XXXX)	Backend	none	mapped-not-bound	Stable; referenced by signals/dashboards
title_th / title_en / title_zh	string × 3	`cases.title_{lang}` columns	Backend	none	mapped-not-bound	Trilingual parity · auto-translate fallback with review flag
case_type	enum(12)	`cases.case_type` · FK → case_types lookup	Backend	none	mapped-not-bound	Drives alert_level default via `case_type_to_alert_level_default`
severity	enum	`cases.severity`	Backend	none	mapped-not-bound	Surfaced in alerting routing + SLA band
alert_level	enum(4)	`cases.alert_level` · triggers `alerting_model.escalation_paths`	Backend	gate-alert-routing	mapped-not-bound	L0/L1 = PagerDuty · L2/L3 = Slack · L0 also LINE
status	enum(11)	`cases.status` · state machine enforced at API layer	Backend	none	mapped-not-bound	11 statuses from `alerting_model.lifecycle_statuses`
datetime	ISO-8601	`cases.occurred_at` TIMESTAMPTZ · TimescaleDB hypertable dim	Backend	none	mapped-not-bound	Separate `created_at` for record audit
reporter	object	`cases.reporter` JSONB · PII-hashed email/phone	Backend	gate-pdpa	mapped-not-bound	SHA-256 hash per CLAUDE.md PDPA rules
location	object	`cases.location` · PostGIS point + H3 cell	Backend	gate-pdpa	mapped-not-bound	GPS fuzz ±50m before storage · k-anon on map view
issue_definition_{th/en/zh}	text × 3	Text columns · full-text index	Backend	none	mapped-not-bound	pgvector embedding for semantic search
attributes	object	`cases.attributes` JSONB from `pattern_extraction`	Backend	none	mapped-not-bound	AI-extracted; `requires_human_review` flag if AI-generated
pattern	object	`cases.pattern` JSONB · ref to pattern_extraction output	Backend	none	mapped-not-bound	From AI pipeline stage 4-6
related_actors / related_services / related_signals / related_dashboards / related_source_provenance	array<id>	Edge tables `case_links` · FK pairs	Backend	none	mapped-not-bound	Drives case-detail "Connections" panel · related-card graph
owner	object	`cases.owner_user_id` FK + role	Backend	gate-auth	mapped-not-bound	Admin surface for reassignment
follow_up	array	`case_follow_ups` child table · each has action/owner/due	Backend	none	mapped-not-bound	—
ai_analysis_ref	string	`cases.ai_analysis_ref` → `ai_analysis` table	Backend	gate-faithfulness	mapped-not-bound	Faithfulness <0.70 → regenerate · full log retained
sensitive_surface_flag	boolean	`cases.sensitive_flag` · enforces dual-approval path	Backend	gate-sensitive-dual	mapped-not-bound	Triggers `approval_matrix.row-sensitive-override`
attachments	array	S3 URLs + metadata · PII scan before persist	Backend	gate-pii-scan	mapped-not-bound	OCR + PDF parse for AI analysis
language_detected	string	`cases.language_detected`	Backend	none	mapped-not-bound	Whisper/detector output · drives default render lang
export_log	array	`case_exports` audit table · WORM	Backend	none	mapped-not-bound	Every export (CSV/JSON/PDF/PNG) logged

Field Mapping — Daily Queue 07:00 possible-case queue

Source: case_portal.daily_possible_case_generation.

B Field	A Runtime Target	A Owner	Binding	Notes
queue_name	`case_queues.name`	Backend	mapped-not-bound	Registry of queues (future: multiple queues)
default_status	Status assigned on queue-insert	Backend	mapped-not-bound	Must be one of 11 lifecycle_statuses
max_items_per_day	Cron rate-limit `= 20` (locked 12E.1)	Backend	mapped-not-bound	Hard cap · overflow → next day queue
sla	Timer service · 4h review SLA	Backend	mapped-not-bound	Breach → alerting escalation per `sla_model.breach_consequences`
requires_human_review	UI banner + blocking flag	Frontend	mapped-not-bound	AI-generated cases show review banner until signed-off

Field Mapping — AI Pipeline 12-stage inference

Source: ai_issue_analytics.pipeline_stages (12 stages · each has id + inputs + outputs + owner).

Each stage maps to an Airflow task (dag_case_ai_pipeline). Every stage output carries confidence + requires_human_review.

Stage (B)	A Task	A Owner	Binding	Notes
intake	Kafka consumer → `case_inbox`	Backend	mapped-not-bound	Multi-source per `multi_source_intake`
language_detect	Whisper/langdetect	Backend	mapped-not-bound	Populates `language_detected`
normalise	OCR + PDF parse + HTML strip	Backend	mapped-not-bound	—
embed	Voyage AI voyage-3 → pgvector	Backend	mapped-not-bound	CLAUDE.md Layer E
cluster	HDBSCAN or HNSW neighbors	Backend	mapped-not-bound	Deduplicate near-duplicates
pattern_extract	Claude prompt per `pattern_extraction`	Backend	mapped-not-bound	Outputs → `cases.pattern`
attribute_extract	Claude prompt per `attribute_extraction`	Backend	mapped-not-bound	Outputs → `cases.attributes`
classify	case_type + severity inference	Backend	mapped-not-bound	Haiku for speed · Sonnet if low-confidence
alert_level_decide	Apply `case_type_to_alert_level_default`	Backend	mapped-not-bound	Override if severity mismatch
map_relations	Apply `case_mapping_model` 10 rules	Backend	mapped-not-bound	Populates related_* edges
faithfulness_check	RAGAS score ≥0.70	Backend	mapped-not-bound	Retry once → if still <0.70 decline
queue_or_alert	Daily queue insert OR immediate alert	Backend	mapped-not-bound	L0/L1 bypass queue

A-owned Runtime Boundary ขอบเขต A vs B

B owns (read-only for A)

Contract JSON (all fields listed in "Context" block above)
Trilingual label parity
honest_note + requires_human_review flags
Contract evolution (schema-versioned)

A owns (this runtime)

All tables + indexes for entities in ER diagram below
API endpoints in API Sketch block
Frontend components + chart/form rendering
Cache + feature flag integration
Auth + sign-off capture
Audit trail

ER Diagram A-owned tables · Cases · schema + queue + signals

Cases · schema + queue + signals

API Sketch FastAPI endpoints

POST/api/cases

Create case (manual or AI) · enforces schema · sensitive flag triggers dual

GET/api/cases/{id}

Read case · joins follow_ups + ai_analysis + links

PATCH/api/cases/{id}/status

Transition status · state machine + sign-off enforced

POST/api/cases/queue/run

Admin: run 07:00 daily queue manually · respects 20/day cap

GET/api/cases/feed?view=map

Feed for view modes (overview/search/map/table/dashboard/report/detail)

Sequence Flow Daily 07:00 queue + AI pipeline

Daily 07:00 queue + AI pipeline

Dependencies

Upstream

Auth + JWT tier
Signal pipeline (multi-source intake)
RAG engine (Claude API)
Feature flags (cases.ai_pipeline_v1)
Approval matrix integration (sensitive dual)
PagerDuty / Slack / LINE integrations

Downstream

Dashboard runtime (cases feed dashboards)
Reporting (case export → PDF)
City Health Dashboard (case count metric)

Human Approval Gates

gate-alert-routing Platform-governance sign-off on L0..L3 → channel mapping
gate-pdpa Privacy: PII hash · GPS fuzz · k-anon enforced before storage
gate-faithfulness AI output ≥0.70 or decline · retry cap 1
gate-sensitive-dual Sensitive flag → dual-approval per approval_matrix.row-sensitive-override
gate-pii-scan Attachment PII scan before persistence
gate-auth Reviewer role ≥ staff for sign-off

Risks

AI generates false-positive cases (spam)

High

20/day cap · faithfulness floor · human review SLA · reject → proposal archive (not deleted)

Sensitive case mishandled without dual-approval

High

API layer enforces sensitive_flag=true → requires two distinct reviewer identities before status transitions

4h SLA breach during off-hours

Med

Escalation to on-call via alerting_model paths · LINE for L0 · SLA pause on governance-reviewing status

PII leaks via attachment OCR output

High

PII scanner pre-OCR · hashed reporter · attachments stored in PDPA-hot S3 bucket with retention policy

Trilingual translation drift (TH→ZH auto-translate)

Med

Untranslated badge · premium_wizard.trilingual_policy native review required for sensitive

Queue overflow (>20 items/day during incident)

Med

Overflow → next-day queue + alert to platform governance · cap is locked (12E.1)

Definition of Done

All 27 case_record fields persistable via API + query · schema-validated
6 creation modes end-to-end · manual form + 5 AI paths produce valid case records
7 view modes render with ≤300ms p95 filter response
Cron fires 07:00 Asia/Bangkok daily · respects 20/day cap
12-stage AI pipeline produces auditable trace per case (RAGAS log retained)
4h SLA timer + escalation to PagerDuty/Slack/LINE per alert_level
Sensitive-surface path requires 2 distinct reviewer signatures before transition
All 6 approval gates signed off with evidence in audit trail
Feature flag cases.runtime_v1 staged rollout + rollback drilled
4 export formats produce PDPA-safe output (hash/fuzz/k-anon verified)

Deferred

Cross-tenant case sharing (out of platform scope per handoff)
Case templates / playbook automation (later phase)
Video attachment analysis (stage-12F deferred)
Case-to-case merge / split UX polish (MVP uses simple link)
Multi-language attachment OCR (TH/EN only at launch)

Cases Runtime 02 · เคส · daily queue + case portal + AI 12-stage pipeline + alerting + SLA

Context บริบท

Scope A implement อะไร

Field Mapping — case_record B schema → A runtime table

Field Mapping — Daily Queue 07:00 possible-case queue

Field Mapping — AI Pipeline 12-stage inference

A-owned Runtime Boundary ขอบเขต A vs B

B owns (read-only for A)

A owns (this runtime)

ER Diagram A-owned tables · Cases · schema + queue + signals

API Sketch FastAPI endpoints

Sequence Flow Daily 07:00 queue + AI pipeline

Dependencies

Upstream

Downstream

Human Approval Gates

Risks

Definition of Done

Deferred