Aldar Education

This is the delivery plan for Aldar Education — the five things Aldar asked for, shaped as epics and stories you can pick and ship. Sales, commercial structure, timeline, risks, and 3-year value scenarios live in personal artifacts cited under See also — this page stays focused on the work.

Their five requirements

Epics at a glance

Epics

01 — ADEK attendance submission · Tech · In Progress

attendance · attendance models live at prisma/models/attendance.prisma + attendance-enhanced.prisma

ADEK mandates daily upload to eSIS and parent contact within 2 hours of unreported absence. We already have production attendance schema, bulk APIs, and cron scaffolding — the gap is the eSIS connector. Triple-track: official API, Aldar credential piggyback, RPA fallback.

• File formal eSIS-integration inquiry to ADEK via Aldar's compliance team · needs issue
• Ask Aldar for permission to piggyback on their group-level eSIS credentials for the pilot · needs issue
• Design EsisSubmission Prisma model — daily submission record, status, receipt, errors · needs issue
• Daily eSIS CSV export job, scheduled 14:00 GST, reusing the attendance/bulk/route.ts pattern · needs issue
• RPA submitter (Playwright headless) for esis.adek.gov.ae — credentials in encrypted Postgres column · needs issue
• Typed adek-esis-connector package (activated once API docs land) with retry + idempotency · needs issue
• Map ADEK 2025/26 absence categories (authorized / unauthorized / cause-for-concern at >5%) into our enum · needs issue
• Audit-trail hook — extend audit.prisma with eventType = "ESIS_SUBMITTED" · needs issue
• 2-hour parent-contact automation on unreported absence (cross-link Epic 04 messaging) · needs issue

02 — Multi-method fees + Apple Pay + AED · Tech · Shipped

finance · Source of truth: hogwarts#356 (P0+P1+P2+P3 — uncommitted, awaiting push)

Stripe + Tap + Bankak webhooks shipped. Payment-method enum extended via ALTER TYPE ADD VALUE (APPLE_PAY / GOOGLE_PAY / MADA / KNET / ATM_DEPOSIT) in the canonical prisma/models/finance-fees.prisma enum (not just the SaaS subscription enum). Currency snapshot columns landed on FeeStructure / FeeAssignment / Payment / Receipt with backfill from schools.currency (38 / 5906 / 600 / 0 rows). Parent-facing UI, AED localisation end-to-end, and the offline bank-transfer + ATM deposit reconciliation flows are all live.

• ✅ Activated Apple Pay through Tap src_all source picker — Tap maps source.payment_method to canonical PaymentMethod enum; raw value persisted as Payment.gatewayMethod for audit · #356 P1.3+P1.4
• ✅ Wired parent-side payment picker into fee-assignment page (FeePaymentMethods component); createFeePaymentCheckout auto-routes AE schools to Tap-first via resolveAvailableMethods. Stripe Checkout wallets (Apple Pay / Google Pay / Link) auto-unlocked by dropping the payment_method_types: ["card"] hardcode · #356 P0.3+P0.4
• ✅ AED end-to-end audit — formatCurrency signature now requires explicit currency; ~100 callers migrated; AED renders correctly in fee structures, invoices, receipts, and the server PDF · #356 P0.1+P1.1
• Per-school currency on School model + propagate (sprint Epic 01 — hogwarts#305) — denormalized onto payment/fee rows so receipts stay correct after a future currency switch · #356 P1.1
• ✅ Offline bank-transfer recording flow — admin captures reference + bank name + branch + sender IBAN + deposit-slip URL; row lands in PaymentStatus.PENDING_VERIFICATION; admin clicks Mark as Cleared → markPaymentCleared server action flips to SUCCESS inside $transaction, posts to double-entry ledger, syncs invoice, notifies student + guardians · #356 P2.1
• ✅ ATM-deposit recording flow — new PaymentMethod.ATM_DEPOSIT enum value + conditional form variant; shares the same markPaymentCleared reconciliation path · #356 P2.2
• ✅ Parent receipt PDF in AED with school logo + signature — server-rendered at /api/payment/[paymentId]/receipt via @react-pdf/renderer renderToBuffer; tenant-scoped + ACL'd (finance admin OR own student OR guardian); renders payment.currency snapshot through the canonical decimal-aware formatter (handles AED / KWD / BHD / OMR) · #356 P1.5+P2.4
• ✅ Reconciliation report — manual payments vs gateway payments vs ledger; live 3-column diff per PaymentMethod at /finance/banking/reconciliation and /finance/accounts/reconciliation; default 30-day window via ?days=N; pending-verification banner shows offline payments awaiting clear · #356 P2.3

Ship checklist (pre-push): seed Aldar demo tenant (pnpm db:seed:aldar), set TAP_SECRET_KEY + TAP_WEBHOOK_SECRET on the deploy target (webhook now fails-closed), verify Apple Pay enabled on the connected Stripe account, browser-smoke on aldar.localhost:3000/ar.

03 — LiveKit video conferencing · Tech · Vaporware

No existing integration — full build. Dedicated SFU node in-region (G42 Cloud or Etisalat AWS me-central-1).

The deepest greenfield work in the deal. Aldar wants reliable online classes inside UAE networks — UAE VoIP throttling makes the network test the single biggest pre-signature gate.

• Test LiveKit inside an Aldar school WiFi at Meeting 3 — non-negotiable pre-signature · needs issue
• Provision dedicated LiveKit SFU node in UAE region (G42 Cloud preferred) · needs issue
• Configure TURN-over-443-TCP fallback for restrictive networks · needs issue
• Design LiveClass + LiveClassRecording Prisma models · needs issue
• Server action — provision LiveKit room, issue JWT tokens gated by getTenantContext · needs issue
• Teacher "Start class" button on the section/timetable surface · needs issue
• Student/parent "Join class" surface with role-aware permissions · needs issue
• Recording pipeline — LiveKit Egress → MinIO (S3-compatible) on-prem · needs issue
• Recording playback via signed URLs (reuse @aws-sdk/cloudfront-signer pattern) · needs issue
• Capacity sizing — single SFU for pilot (~3-5K concurrent); 3-node active-active by Wave 2 · needs issue
• Per-school recording retention (default 90d, configurable for PDPL) · needs issue

04 — Parent portal completion · Tech · Built+Polish

parent · routes at src/app/[lang]/parent/{announcements,attendance,events}; grades + report-card APIs + email + WhatsApp notification crons all live

Most of this exists. Aldar's ask is "communicate, follow up on children's progress, view grades, download reports" — every piece is in the codebase; the work is polish and finishing the parent-side surfaces.

• Parent-side grades view consuming the existing grades API · needs issue
• Downloadable report-card PDF via @react-pdf/renderer extending api/mobile/report-cards/route.ts · needs issue
• Threaded parent ↔ teacher messaging (cross-link sprint Epic 06) · needs issue
• Parent-side fee balance + payment surface (cross-link Epic 02) · needs issue
• Parent-side video class join surface (cross-link Epic 03) · needs issue
• Attendance excuse submission via AttendanceExcuse model · needs issue
• AR (RTL) + EN polish pass on every parent surface · needs issue
• Push + email + WhatsApp notification preference per parent · needs issue
• Parent app store-gate consent screens (cross-link sprint Epic 09 mobile API) · needs issue

05 — On-premise + licensing · Tech · In Progress

self-hosting · multi-tenant adapter at src/lib/multi-tenant-prisma-adapter.ts is production-grade; only socket-server/Dockerfile exists today; deployment is Vercel-only

Aldar wants the platform on their UAE infrastructure with annual licensing. Build in the unified hogwarts codebase for now; the SaaS/standalone split is its own decision — see License & isolation.

• Top-level Dockerfile for the Next.js app (standalone output pattern) · needs issue
• docker-compose.aldar.yaml — web, socket-server, postgres, redis, livekit-server, livekit-egress, minio, caddy, observability stack · needs issue
• License-key library — signed JWT-style file, validated on boot + every 6h, 30-day grace · needs issue
• Telemetry beacon — hourly outbound metadata-only payloads to telemetry.databayt.org (no PII) · needs issue
• databayt-cli upgrade --version X.Y.Z — pull signed images, run migrations, rollback path · needs issue
• Backup runbook — nightly pg_dump + WAL archive + MinIO replication · needs issue
• Helm chart for Wave 2 (K8s HA across multi-school) · needs issue
• Postgres primary + replica with auto-failover (Wave 2) · needs issue
• Group-level admin views — extend getTenantContext to support Aldar HQ users spanning multiple schoolIds · needs issue

06 — Data migration from existing SIS · Tech · Vaporware

Per-school work — Aldar has 13 disparate SIS systems underneath their Salesforce + MuleSoft layer.

For the Yasmina BA pilot we need a per-school discovery + import workflow. Without it the cut-over is impossible. The MuleSoft connector is the longer arc; the importers are the immediate need.

• Discover Yasmina BA's source SIS (likely SchoolBase, iSAMS, or Engage) · needs discussion
• Field-mapping spreadsheet template (signed by school IT before any import) · needs issue
• Idempotent CSV importers — students, parents, staff, sections, timetables, 1-year historical attendance, 1-year historical grades, fee balances · needs issue
• Daily reconciliation report during parallel run · needs issue
• Cut-over runbook — source SIS → read-only, hogwarts → system-of-record, <1% discrepancy gate · needs issue
• MuleSoft connector — OpenAPI spec + adapter for student/staff/parent record sync into Salesforce (Wave 2) · needs issue
• Per-school importer parameterisation so Wave 2/3 schools onboard via the same kit · needs issue

07 — Security & compliance · Tech · Vaporware

Procurement gate. Aldar will accept "in flight" if the roadmap is dated and funded — but the workflows must be in product on day one.

• Parental-consent capture workflow in the parent portal (PDPL Jan 2027 prep) · needs issue
• Data-export endpoint per subject-access-request (PDPL) · needs issue
• Data retention policy enforcement per school + per data type · needs issue
• Mandatory MFA for admin + staff roles via Auth.js v5 · needs issue
• Audit log for every admin action touching PII (extend audit.prisma coverage) · needs issue
• Threat model (STRIDE) for the on-prem deployment · needs issue
• Pen test engagement (Help AG or DTS, UAE) — first pass during pilot Month 4 · needs issue
• ISO 27001 audit prep — BSI Middle East, target Month 12 · needs issue
• SOC 2 Type 1 prep — target Month 18 · needs issue
• Source-code escrow agreement (NCC Group Middle East) · needs issue
• Background-check process for engineers with prod access · needs issue

Stack & tooling

Two of the epics ride on tool choices that need a real comparison, not a default pick. Both are listed below as living tables — claim a row, add data, push the recommendation through a Discussion thread.

Video conferencing stack (Epic 03)

Current lean is LiveKit self-hosted on a UAE-region SFU because Aldar explicitly named LiveKit and dedicated servers, and because LiveKit's licensing (Apache 2.0) fits the open-core posture. Worth confirming the alternatives are worse before committing — UAE network behaviour can change the calculus.

Tasks:

• Network test inside an Aldar school WiFi at Meeting 3 — confirms LiveKit works before signing · needs issue (cross-link Epic 03)
• Spike — stand up Jitsi alongside LiveKit, compare CPU / bandwidth / quality on the same UAE node · needs discussion
• Decide on recording storage — MinIO on-prem vs AWS S3 me-central-1 vs Aldar's existing object store · needs discussion

ADEK attendance submission paths (Epic 01)

Three paths in priority order. We commit to the outcome (daily submission on time) and pick whichever path ADEK + Aldar make real. Each row is one delivery track in Epic 01.

Tasks:

• File formal eSIS-integration inquiry to ADEK via Aldar's compliance team · needs issue (cross-link Epic 01)
• Ask Aldar in Meeting 2 whether they'll share group-level eSIS credentials for the pilot · needs issue (cross-link Epic 01)
• Spike — single-school Playwright RPA against esis.adek.gov.ae in a sandbox tenant to validate path C end-to-end · needs discussion
• Decide on credential storage — encrypted Postgres column vs HashiCorp Vault vs Aldar's own secret manager · needs discussion

License & isolation

This is the most important decision on this page, raised multiple times by Moataz (team UAE advisor) and originally by Ahmed Bahaa from King Fahd Academy. Aldar wants their own infrastructure; we want one codebase. Resolving how those two truths coexist is upstream of every on-prem epic. The broader spectrum of delivery models — SaaS → Private — lives in delivery; the section below applies that spectrum to the Aldar-specific decision.

The licensing model itself is settled — open-core, per share-economy: hogwarts stays SSPL-1.0 on GitHub, enterprise customers buy a commercial license that grants on-prem use without SSPL's network-copyleft trigger. Source code escrow (NCC Group Middle East) layered on top.

What's not settled is how we organise the code for the two delivery shapes:

Stance for now: keep features in the unified databayt/hogwarts codebase (Epic 05 lives there), defer the split until we have signal. The next signal that forces the call: first paying on-prem customer signs or before Aldar Wave 2 rollout, whichever comes first.

• Pick A or B before Aldar Wave 2 kickoff (~Month 5 post-pilot) · needs discussion
• If A: scaffold databayt/hogwarts-enterprise repo from the hogwarts standalone Docker output · needs issue (post-decision)
• If B: define the enterprise branch ruleset (protected, restricted reviewers, release tags) · needs issue (post-decision)
• Commercial license template — terms, escrow trigger, indemnification cap, exit/handover · needs issue
• "Powered by databayt" branding toggle for enterprise installs · needs issue
• Telemetry payload spec — what we measure, what we never measure, parental review · needs issue

Open questions

Discussion threads, not yet concrete stories. Each becomes a hogwarts Discussion thread before it can be picked.

• ADEK eSIS API — does a documented API exist? Authentication model? Vendor certification process? · needs discussion
• Aldar's group-level eSIS credentials — can we piggyback for the pilot, or must we get our own vendor cert? · needs discussion
• Yasmina BA's source SIS — SchoolBase, iSAMS, Engage, or something else? Determines migration scope · needs discussion
• MuleSoft contract boundary — what record types does Salesforce read from hogwarts; which way does the truth flow? · needs discussion
• UAE hosting — G42 Cloud vs Etisalat AWS me-central-1? VoIP throttling tolerances inside Aldar networks? · needs discussion
• Apple Pay merchant ID — does Aldar's existing Apple Pay merchant work with Tap, or do we provision per-school? · needs discussion
• ISO 27001 certifying body — BSI Middle East default; alternatives? Budget timing? · needs discussion
• Escrow agent — NCC Group ME or local alternative? · needs discussion
• PDPL DPA timing — when does Aldar Legal want it signed (contract vs PDPL effective date 1 Jan 2027)? · needs discussion
• LiveKit recording retention — Aldar Legal default; per-brand variance for Cranleigh / Charter? · needs discussion

See also

• Private strategy plan (founder only): ~/.claude/plans/a-very-good-company-peppy-frost.md — sales, commercial structure, timeline, risks, KPIs, recommendations
• Memory (founder only): ~/.claude/projects/-Users-abdout-kun/memory/project_aldar_prospect.md · reference_adek.md · feedback_enterprise_licensing_open_core.md
• kun delivery — SaaS → Private spectrum (where Aldar's Private-enterprise package fits) · sprint — Q3 2026 epics across the whole org · share-economy — open-source doctrine the license decision flows from · self-hosting — on-prem deployment doc · repositories — hogwarts repo reference · team — who owns what · captain — CEO brain
• Aldar Education · ADEK · eSIS Portal · UAE PDPL