Skip to main content

P0 Critical Workflows - Implementation Plan

Date: December 26, 2025 Status: Ready for Implementation Total P0 Workflows: 15 Estimated Effort: 168 hours (4.2 weeks with 2 engineers)

Executive Summary

This plan outlines the implementation strategy for 15 P0 (Critical) H.P.006-WORKFLOWS required for CODITECT Pilot Launch. These H.P.006-WORKFLOWS are essential for production readiness and must be completed before public launch.

Implementation Phases:

  • Phase 1A: User Authentication (2 H.P.006-WORKFLOWS, 14 hours) - Week 1
  • Phase 1B: Billing Operations (4 H.P.006-WORKFLOWS, 40 hours) - Week 1-2
  • Phase 1C: Workstation Management (5 H.P.006-WORKFLOWS, 64 hours) - Week 2-3
  • Phase 1D: Security & Operations (4 H.P.006-WORKFLOWS, 50 hours) - Week 3-4

Phase 1A: User Authentication (Week 1)

WF-009: Email Verification Flow

Priority: P0 | Effort: 8 hours | Dependencies: WF-001

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-009-email-verification.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-009-email-verification.md

Nodes (8):

  1. Webhook Trigger (GET /verify-email?token=xxx)
  2. Validate Token (PostgreSQL SELECT)
  3. Check Expiration (< 24 hours)
  4. Update User (SET email_verified = TRUE)
  5. Generate Access Token (JWT)
  6. Send Confirmation Email
  7. Publish Event (Pub/Sub: user.verified)
  8. Redirect to Dashboard

Success Criteria:

  • ✅ Token validation < 500ms
  • ✅ Email sent within 60 seconds
  • ✅ 99.9% success rate

WF-010: Password Reset Flow

Priority: P0 | Effort: 6 hours | Dependencies: None

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-010-password-reset.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-010-password-reset.md

Nodes (9):

  1. Webhook Trigger (POST /reset-password)
  2. Validate Email (PostgreSQL SELECT)
  3. Generate Reset Token (UUID)
  4. Store Token (PostgreSQL INSERT, expires 1 hour)
  5. Send Reset Email (with link)
  6. Token Validation Endpoint (GET /reset?token=xxx)
  7. Update Password (Firebase Auth)
  8. Invalidate Token
  9. Send Confirmation Email

Success Criteria:

  • ✅ Token expires after 1 hour
  • ✅ Password strength validation
  • ✅ Audit log created

Phase 1B: Billing Operations (Week 1-2)

WF-021: Subscription Upgrade

Priority: P0 | Effort: 12 hours | Dependencies: WF-002, WF-006

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-021-subscription-upgrade.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-021-subscription-upgrade.md

Nodes (11):

  1. Webhook Trigger (POST /upgrade-subscription)
  2. Get Current Subscription (Stripe API)
  3. Calculate Prorated Amount
  4. Create Stripe Invoice Item
  5. Update Subscription (Stripe)
  6. Process Payment
  7. Update Database (PostgreSQL)
  8. Trigger Workstation Resize (Pub/Sub)
  9. Send Upgrade Confirmation Email
  10. Log Billing Event
  11. Return Success Response

Success Criteria:

  • ✅ Proration calculated correctly
  • ✅ Immediate tier upgrade
  • ✅ Workstation resources increased

WF-023: Subscription Cancellation

Priority: P0 | Effort: 10 hours | Dependencies: WF-007

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-023-subscription-cancellation.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-023-subscription-cancellation.md

Nodes (12):

  1. Webhook Trigger (POST /cancel-subscription)
  2. Show Retention Offer (discount modal)
  3. Capture Cancellation Reason
  4. Schedule Cancellation (end of billing period)
  5. Update Stripe Subscription (cancel_at_period_end)
  6. Update Database Status
  7. Send Cancellation Email
  8. Create Follow-up Task (check in 30 days)
  9. Preserve Data (flag for 90 days)
  10. Notify Admin (Email)
  11. Track Churn Metric (Analytics)
  12. Return Confirmation

Success Criteria:

  • ✅ Access until period end
  • ✅ Data retained 90 days
  • ✅ Winback email sent

WF-024: Payment Method Update

Priority: P0 | Effort: 8 hours | Dependencies: WF-006

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-024-payment-method-update.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-024-payment-method-update.md

Nodes (9):

  1. Webhook Trigger (POST /update-payment-method)
  2. Create Stripe SetupIntent
  3. Return Client Secret
  4. Client Confirms (Stripe Elements)
  5. Webhook: setup_intent.succeeded
  6. Attach Payment Method to Customer
  7. Set as Default
  8. Retry Failed Invoices (if any)
  9. Send Confirmation Email

Success Criteria:

  • ✅ PCI DSS compliant (no card data touches server)
  • ✅ Auto-retry past-due invoices
  • ✅ $1 auth verification

WF-025: Failed Payment Retry & Grace Period

Priority: P0 | Effort: 10 hours | Dependencies: WF-007

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-025-payment-failure-recovery.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-025-payment-failure-recovery.md

Nodes (14):

  1. Webhook Trigger (Stripe: invoice.payment_failed)
  2. Increment Retry Count
  3. Update Subscription Status (past_due)
  4. Wait 3 Days → Retry Payment
  5. If Failed → Wait 5 Days → Retry
  6. If Failed → Wait 7 Days → Final Retry
  7. Send Dunning Emails (3 tiers)
  8. If 3 Failures → Suspend Service
  9. Update Database (subscription_status = suspended)
  10. Send Final Notice Email
  11. Schedule Offboarding (30 days)
  12. Notify Admin (high-value customers)
  13. Track Recovery Metrics
  14. Log All Attempts

Success Criteria:

  • ✅ 3 retry attempts (Smart Retries)
  • ✅ 40% recovery rate
  • ✅ Grace period 14 days total

Phase 1C: Workstation Management (Week 2-3)

WF-031: Workstation Start (from Stopped)

Priority: P0 | Effort: 10 hours | Dependencies: WF-003

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-031-workstation-start.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-031-workstation-start.md

Nodes (10):

  1. Webhook Trigger (POST /workstation/start)
  2. Validate User Has Access
  3. Check Subscription Active
  4. Get Workstation Config (PostgreSQL)
  5. Start Workstation (GCP API)
  6. Poll Status (every 5s, max 2 min)
  7. Update Database Status (running)
  8. Generate Access URL (signed)
  9. Send "Workstation Ready" Notification
  10. Return Access URL

Success Criteria:

  • ✅ Start time < 90 seconds
  • ✅ 99.5% success rate
  • ✅ Access URL valid 8 hours

WF-032: Workstation Stop (Manual)

Priority: P0 | Effort: 8 hours | Dependencies: WF-003

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-032-workstation-stop.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-032-workstation-stop.md

Nodes (8):

  1. Webhook Trigger (POST /workstation/stop)
  2. Validate User Has Access
  3. Check for Unsaved Work (optional warning)
  4. Stop Workstation (GCP API)
  5. Poll Status (every 5s, max 1 min)
  6. Update Database Status (stopped)
  7. Log Stop Event (with reason)
  8. Return Success

Success Criteria:

  • ✅ Graceful shutdown
  • ✅ Data persistence verified
  • ✅ Cost savings logged

WF-037: Workstation Deletion

Priority: P0 | Effort: 12 hours | Dependencies: WF-032

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-037-workstation-deletion.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-037-workstation-deletion.md

Nodes (13):

  1. Webhook Trigger (DELETE /workstation/{id})
  2. Validate Admin Permission
  3. Check Workstation Stopped (if not, stop first)
  4. Create Final Backup (GCS snapshot)
  5. Verify Backup Complete
  6. Delete Persistent Disk (GCP API)
  7. Delete Workstation Config (GCP API)
  8. Update Database (status = deleted)
  9. Archive Metadata (keep 90 days)
  10. Send Deletion Confirmation Email
  11. Publish Event (Pub/Sub: workstation.deleted)
  12. Log Deletion (audit trail)
  13. Return Success

Success Criteria:

  • ✅ Final backup created
  • ✅ All resources deleted
  • ✅ Metadata archived 90 days

WF-038: Workstation Access URL Generation

Priority: P0 | Effort: 8 hours | Dependencies: WF-003

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-038-workstation-access-url.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-038-workstation-access-url.md

Nodes (7):

  1. Webhook Trigger (GET /workstation/{id}/access-url)
  2. Validate User Has Access (RBAC)
  3. Check Workstation Running
  4. Get Workstation Details (PostgreSQL)
  5. Generate Signed URL (GCP IAM, TTL 8 hours)
  6. Log Access Attempt (audit)
  7. Return Access URL

Success Criteria:

  • ✅ URL generation < 200ms
  • ✅ Signed URLs expire 8 hours
  • ✅ Access logged for compliance

WF-039: Workstation Idle Detection & Warning

Priority: P0 | Effort: 16 hours | Dependencies: WF-003, WF-032

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-039-idle-detection.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-039-idle-detection.md

Nodes (12):

  1. Scheduled Trigger (every 30 minutes)
  2. Query Running Workstations (PostgreSQL)
  3. Get CPU/Network Metrics (GCP Monitoring, last 2 hours)
  4. Calculate Idle Score (CPU < 5%, Network < 1MB)
  5. If Idle > 2 hours → Send Warning Notification
  6. Wait 30 Minutes for Response
  7. If No Activity → Stop Workstation (WF-032)
  8. Send "Workstation Stopped" Email
  9. Update Database
  10. Log Idle Event
  11. Track Cost Savings (Analytics)
  12. Return Summary Report

Success Criteria:

  • ✅ Detect idle within 30 min
  • ✅ 30 min warning before auto-stop
  • ✅ 20-30% cost reduction

Phase 1D: Security & Operations (Week 3-4)

WF-054: GDPR Data Export (User Request)

Priority: P0 | Effort: 14 hours | Dependencies: WF-007 (existing)

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-054-gdpr-data-export.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-054-gdpr-data-export.md

Nodes (13):

  1. Webhook Trigger (POST /gdpr/export)
  2. Validate User Identity (2FA required)
  3. Create Export Job (PostgreSQL)
  4. Query User Data (users, orgs, workstations)
  5. Query Activity Logs (last 12 months)
  6. Query Billing History
  7. Compile JSON Export
  8. Encrypt Export (AES-256)
  9. Upload to GCS (user-specific bucket, 30-day TTL)
  10. Generate Signed Download URL
  11. Send Export Ready Email
  12. Log GDPR Request (audit)
  13. Return Download Link

Success Criteria:

  • ✅ Export within 48 hours (GDPR compliance)
  • ✅ Encrypted at rest and in transit
  • ✅ Auto-delete after 30 days

WF-055: Security Incident Detection & Alert

Priority: P0 | Effort: 18 hours | Dependencies: None

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-055-security-incident-detection.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-055-security-incident-detection.md

Nodes (15):

  1. Pub/Sub Trigger (Topic: security-events)
  2. Parse Event Type (login anomaly, API abuse, etc.)
  3. Check Severity (Low, Medium, High, Critical)
  4. If Critical → Lock Account Immediately
  5. If High → Challenge with 2FA
  6. Query Recent Activity (last 24 hours)
  7. Calculate Threat Score (ML model)
  8. Create Incident Record (PostgreSQL)
  9. Send Alert Email to User
  10. Send Alert to Security Team (Email/PagerDuty)
  11. Log Security Event (immutable audit log)
  12. If Automated Response → Execute (block IP, etc.)
  13. Track Incident Metrics
  14. Update Security Dashboard
  15. Return Incident ID

Success Criteria:

  • ✅ Detection within 1 minute
  • ✅ Alert sent < 5 seconds
  • ✅ Auto-remediation for known threats

WF-066: Incident Response & Communication

Priority: P0 | Effort: 10 hours | Dependencies: WF-055

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-066-incident-response.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-066-incident-response.md

Nodes (11):

  1. Webhook Trigger (POST /incident/{id}/update)
  2. Validate Admin Access
  3. Update Incident Status (PostgreSQL)
  4. Assess Impact (affected users, workstations)
  5. Create Status Page Update
  6. Send Email to Affected Users
  7. Post to Status Page (status.coditect.ai)
  8. Send Internal Alert (Email to ops team)
  9. Track Resolution Time (SLA)
  10. When Resolved → Post-mortem Created
  11. Return Updated Status

Success Criteria:

  • ✅ First response < 15 minutes
  • ✅ Status page updated < 5 min
  • ✅ Post-mortem within 48 hours

WF-072: Database Backup & Point-in-Time Recovery

Priority: P0 | Effort: 8 hours | Dependencies: None

n8n Workflow: /H.P.006-WORKFLOWS/n8n/WF-072-database-backup.json Narrative: /H.P.006-WORKFLOWS/narratives/WF-072-database-backup.md

Nodes (10):

  1. Scheduled Trigger (daily 2am UTC)
  2. Create PostgreSQL Snapshot (GCP Cloud SQL)
  3. Verify Snapshot Success
  4. Tag Snapshot (date, retention policy)
  5. Test Restore (random snapshot weekly)
  6. Delete Old Snapshots (> 30 days)
  7. Upload Backup Logs to GCS
  8. Send Backup Report Email (to ops team)
  9. Update Backup Dashboard (Grafana)
  10. Return Backup Summary

Success Criteria:

  • ✅ Daily backups at 2am UTC
  • ✅ 30-day retention
  • ✅ Weekly restore test
  • ✅ RPO < 24 hours, RTO < 4 hours

Implementation Schedule

Week 1: Authentication & Billing Foundations

Target: WF-009, WF-010, WF-021

  • Day 1-2: Email Verification (WF-009)
  • Day 3: Password Reset (WF-010)
  • Day 4-5: Subscription Upgrade (WF-021)

Deliverables: 3 n8n JSONs, 3 narratives, testing complete

Week 2: Billing Operations & Workstation Start

Target: WF-023, WF-024, WF-025, WF-031, WF-032

  • Day 1-2: Subscription Cancellation (WF-023)
  • Day 2-3: Payment Method Update (WF-024)
  • Day 3-4: Payment Retry (WF-025)
  • Day 5: Workstation Start (WF-031)
  • Day 5: Workstation Stop (WF-032)

Deliverables: 5 n8n JSONs, 5 narratives, integration testing

Week 3: Workstation Management & Security

Target: WF-037, WF-038, WF-039, WF-054

  • Day 1-2: Workstation Deletion (WF-037)
  • Day 2: Access URL Generation (WF-038)
  • Day 3-4: Idle Detection (WF-039)
  • Day 5: GDPR Export (WF-054)

Deliverables: 4 n8n JSONs, 4 narratives, security audit

Week 4: Security & Operations

Target: WF-055, WF-066, WF-072

  • Day 1-3: Security Incident Detection (WF-055)
  • Day 3-4: Incident Response (WF-066)
  • Day 5: Database Backup (WF-072)

Deliverables: 3 n8n JSONs, 3 narratives, disaster recovery test

Success Metrics

MetricTargetMeasurement
Implementation Completion100% of P0 H.P.006-WORKFLOWS15/15 H.P.006-WORKFLOWS live
Code Coverage80%+Unit + integration tests
PerformanceP95 latency < 3sNew Relic monitoring
Reliability99.9% success rateError rate < 0.1%
SecurityZero breachesSecurity audit pass

Resource Requirements

ResourceQuantityRole
Backend Engineers2n8n workflow development, API integration
QA Engineers1Test automation, integration testing
DevOps Engineer0.5n8n deployment, monitoring setup
Product Manager0.5Requirements, acceptance criteria

Total Effort: 168 hours Timeline: 4 weeks Cost: ~$25,000 (fully loaded cost)

Risk Mitigation

RiskImpactMitigation
Stripe API changesHighVersion pinning, webhook testing
GCP quota limitsMediumRequest increase proactively
Database migration issuesHighBlue-green deployment, rollback plan
Security vulnerabilitiesCriticalPenetration testing, code review
Performance degradationMediumLoad testing, auto-scaling

Next Steps

  1. Review & Approve this implementation plan
  2. ⏸️ Assign H.P.006-WORKFLOWS to engineering team
  3. ⏸️ Setup n8n production environment
  4. ⏸️ Configure Stripe webhook endpoints
  5. ⏸️ Begin Week 1 implementation (WF-009, WF-010, WF-021)

Plan Status: ✅ Ready for Implementation Approval Required: Product, Engineering, Security Start Date: TBD Target Completion: 4 weeks from start