Wizard Runtime · Planning

Context

Phase 12F เปิด Premium Wizard contract: 8 steps (profile → goal → pain → target → service → outcome → upload → review) · trilingual TH/EN/ZH · 4 approval gates · output bundle shape กำหนด. เป้าหมาย: ให้ Premium subscribers กรอก input แล้วระบบ map → persona + journey + dashboard + service → output เป็น personal KB-view bundle. ไม่ใช่ tenant factory · ใช้สำหรับ individual user customisation เท่านั้น.

docs/kb/data/premium_wizard.json8 steps · personas · approval_gates · output_bundle_shape · trilingual_policy

docs/kb/data/journeys.json7 persona journeys · map wizard input → journey

docs/kb/data/lexicon.json80 entries · terminology for AI suggestion grounding

docs/kb/data/dashboard_contract.jsonpersonal_dashboard_model · wizard outputs feed preset storage

docs/kb/data/approval_matrix.jsonSensitive-surface + ai-faithfulness gates

Scope

Interactive form (web + mobile): 8 steps · trilingual labels · validation per step
Auth + session persistence: Premium-tier JWT required · save draft mid-wizard
File upload pipeline: PII scan + OCR + PDF parse (step 7)
AI suggestion engine: Claude via CLAUDE.md Layer F · faithfulness ≥0.70 · retry cap 1
Sensitive-surface flag escalation UI: gate-sensitive triggers dual-approval path
Output bundle generation: persona match + journey match + dashboard preset + service recommendations per output_bundle_shape
Personal Dashboard preset storage: write to user_preferences.dashboards JSONB · consumed by Dashboard Runtime
Trilingual parity: TH/EN/ZH per trilingual_policy · keyboard variants · input methods
Review gate at step 8: user confirms output bundle before commit · can revise
Faithfulness log: per AI suggestion, store RAGAS score · audit trail

Field Mapping — Wizard Steps 8-step contract → A form + state

Source: premium_wizard.steps[*] (each step has id · order · labels × 3 · purpose × 3 · fields · validation_rules · related_* · required_review · honest_note).

B Field	B Type	A Runtime Target	A Owner	Approval Gate	Binding	Notes
id	string	Route param · `/app/wizard/{step_id}`	Frontend	none	mapped-not-bound	Deep-linkable per step · resume draft
order	integer	Step indicator · progress bar	Frontend	none	mapped-not-bound	1..8
label_th / label_en / label_zh	string × 3	i18n dict · step title in current lang	Frontend	none	mapped-not-bound	Trilingual parity enforced
purpose_th / purpose_en / purpose_zh	string × 3	Step header subtitle · hint system	Frontend	none	mapped-not-bound	Never hand-typed in A code
fields[]	array<field>	Dynamic form generator · component per field type	Frontend	none	mapped-not-bound	Validation rules picked up from contract
validation_rules	object	Client-side + server-side validator · Zod-like schema	Backend + FE	none	mapped-not-bound	Both layers must enforce · never trust client alone
related_truth_nodes	array<id>	Deep-link to KB truth tree entry	Frontend	none	mapped-not-bound	Context panel · "learn more" link
related_lexicon	array<id>	Glossary popover on term hover	Frontend	none	mapped-not-bound	Uses lexicon.json
related_journeys	array<id>	Persona match hint · feeds output bundle	Backend	gate-ai-faithfulness	mapped-not-bound	AI inference · faithfulness floor enforced
related_services	array<id>	Service recommendation in output bundle	Backend	gate-ai-faithfulness	mapped-not-bound	From services.json current state
related_dashboards	array<id>	Dashboard preset targets	Backend	none	mapped-not-bound	Feeds personal_dashboard_model preset
required_review	boolean	Yellow review banner on step · blocks progress	Frontend	gate-review	mapped-not-bound	Typically on sensitive steps · user + reviewer confirmation
honest_note_th / honest_note_en	string × 2	Footer caption on step · verbatim	Frontend	none	mapped-not-bound	Must render as-authored

Field Mapping — Approval Gates 4 gates per contract

Source: premium_wizard.approval_gates.

Gate (B)	A Runtime Enforcement	A Owner	Binding	Notes
gate-sensitive	Sensitive-flag detection → dual-approval path	Backend	mapped-not-bound	Per `approval_matrix.sensitive_surface_markers`
gate-ai-faithfulness	RAGAS ≥0.70 per AI suggestion	Backend	mapped-not-bound	Retry 1 · decline + fallback to user-input if still <0.70
gate-upload-pii	PII scan before persist upload	Backend	mapped-not-bound	OCR output scrubbed too
gate-finalize	Step-8 user confirmation checkbox + signature	Frontend	mapped-not-bound	Cannot finalize without explicit user review

Field Mapping — Output Bundle what A produces at step 8

Source: premium_wizard.output_bundle_shape.

B Field	A Runtime Storage	A Owner	Binding	Notes
id_pattern	Bundle ID generator (e.g., `PWB-YYMMDD-{user}-{seq}`)	Backend	mapped-not-bound	Deterministic + auditable
fields	`wizard_bundles` table · JSONB shape	Backend	mapped-not-bound	Persona · journey · dashboards · services · upload refs · AI suggestions + RAGAS scores
not_allowed	Validation blocklist · rejects attempts to set forbidden fields	Backend	mapped-not-bound	E.g., tenant_id, auto-publish, cross-tenant share — all blocked

A-owned Runtime Boundary ขอบเขต A vs B

B owns (read-only for A)

Contract JSON (all fields listed in "Context" block above)
Trilingual label parity
honest_note + requires_human_review flags
Contract evolution (schema-versioned)

A owns (this runtime)

All tables + indexes for entities in ER diagram below
API endpoints in API Sketch block
Frontend components + chart/form rendering
Cache + feature flag integration
Auth + sign-off capture
Audit trail

ER Diagram A-owned tables · Wizard · draft + bundle + suggestions

Wizard · draft + bundle + suggestions

API Sketch FastAPI endpoints

POST/api/wizard/draft

Create/resume draft · Premium tier required

PATCH/api/wizard/draft/{id}

Save step answers · validate against contract

POST/api/wizard/draft/{id}/upload

Upload file · PII scan · OCR · PDF parse

POST/api/wizard/draft/{id}/suggest

AI suggestion for current step · RAGAS ≥0.70

POST/api/wizard/draft/{id}/finalize

Finalize → bundle · writes Dashboard preset

Sequence Flow Wizard flow · suggestion + faithfulness + finalize

Wizard flow · suggestion + faithfulness + finalize

Dependencies

Upstream

Auth + JWT with Premium tier
File upload + S3 storage
PII scanner
Claude API integration (Layer F)
RAGAS faithfulness evaluator
Dashboard Runtime (preset storage consumer)

Downstream

Personal dashboard rendering (uses wizard preset)
Service recommendations surface
Journey personalisation

Human Approval Gates

gate-sensitive Dual-approval when sensitive flag triggered
gate-ai-faithfulness RAGAS ≥0.70 · auto-decline below
gate-upload-pii PII scan · block upload with PII residue
gate-finalize User signature at step 8
gate-pilot-rollout tenant-admin + platform-governance sign-off before any pilot

Risks

AI suggestion fabricates persona match

High

Faithfulness ≥0.70 enforced · retry 1 · decline-to-answer if below · user sees score

Upload contains PII that leaks into vector store

High

PII scan pre-OCR · pre-embed · SHA-256 for any identifier fields per CLAUDE.md

Sensitive-surface path bypassed

High

Sensitive flag detected at step-ingest · dual-approval path enforced at API · cannot finalize without

Trilingual parity breaks mid-wizard

Med

Language toggle locked mid-wizard · switch only between steps · contract validator ensures all labels present

Wizard abandoned mid-flow loses data

Low

Auto-save draft to server every step · resume on return · 7-day draft retention

User grants output bundle tenant-level scope (not allowed)

Med

not_allowed validation · output scoped to user · UI cannot expose tenant-grant

Definition of Done

All 8 steps renderable in TH · EN · ZH with trilingual parity
Dynamic form generator builds from contract · validation bi-layer
Auth-guarded to Premium+ tier · draft autosave
File upload pipeline: PII scan + OCR + PDF parse end-to-end
AI suggestion engine enforces RAGAS 0.70 floor with retry
Sensitive-flag triggers dual-approval path · blocks finalize
Output bundle persisted to wizard_bundles + Dashboard preset
not_allowed fields rejected at API layer
All 5 approval gates signed off · WORM audit log
Feature flag wizard.runtime_v1 staged rollout + rollback drill

Deferred

Wizard for non-Premium tiers (Premium-only at launch)
Voice-assisted wizard (accessibility later phase)
Wizard clone / sharing between users (personal-only)
Auto-publish output bundle to tenant (explicitly blocked by contract)
Offline wizard mode
A/B test engine for wizard copy (later phase)

Wizard Runtime 05 · Premium Wizard · 8-step personal view · trilingual · AI-assisted · not tenant

Context

Scope

Field Mapping — Wizard Steps 8-step contract → A form + state

Field Mapping — Approval Gates 4 gates per contract

Field Mapping — Output Bundle what A produces at step 8

A-owned Runtime Boundary ขอบเขต A vs B

B owns (read-only for A)

A owns (this runtime)

ER Diagram A-owned tables · Wizard · draft + bundle + suggestions

API Sketch FastAPI endpoints

Sequence Flow Wizard flow · suggestion + faithfulness + finalize

Dependencies

Upstream

Downstream

Human Approval Gates

Risks

Definition of Done

Deferred