Sprint 13 evolves the Buy Plan Platform from a three-level to a four-level merchandise-planning
hierarchy by inserting a new Platform tier between Brick and Fit. The release also
re-establishes Width as the planner’s editable lever, with Depth derived automatically.
Delivered scope includes the Platform planning view, the width-led calculation model,
distribution-percent normalization, a navy/red planning-grid redesign, engagement and finalization
dashboards, user management, reset-to-AI recommendations, and multi-level Excel export updates.
Features delivered
Feature
Summary
Fourth Planning Tier — Platform
Schema, DTOs, calculation engine, API, grid, and export now support GenCat → Brick → Platform → Fit.
Width-Led Planning Model
Width is edited directly and Depth is derived, with roll-up and cascade behavior.
Distribution % Normalization
Sibling values rebalance to 100%.
Navy & Red Design System
Planning grid rebuilt with Levi’s-aligned tokens and reusable primitives.
Focused Grid & Collapsible Bands
Reference bands collapse while User Inputs remain visible.
Per-View Search
Search shows matching editable-level rows with ancestor context.
Engagement & Finalization Dashboard
Admin KPIs and franchisee drill-downs delivered.
User Management & Profiles
Directory, role assignment, onboarding, profile, and password workflows completed.
Reset to AI Recommendations
Confirm-gated reset restores AI baseline values across planning levels.
Multi-Level Excel Export
Platform sheet, Depth values, and client-facing headers added.
Enhancements
Season relabel to H1-27 across planning UI and Excel exports.
“Brick Fit” renamed to “Fit” across tabs, breadcrumbs, and titles.
Live freshness labels added to dashboards.
Excel terminology aligned to Levi’s vocabulary.
Free-form categories supported by removing the hardcoded GenCat list.
Store Segment surfaced in the store list and planning header.
User edits preserved on recommendation re-upload.
Structured field-level validation errors.
Large-upload tuning for memory stability and polling cadence.
59.2% on 14k lines to cover · duplications 4.1% on 67k lines
The backend Jest coverage run completed with all 192 suites passing; the full command output and
scan notes are bundled in the Appendix. Test scope includes end-to-end
journey, edge-case, and concurrency suites with deterministic CI execution.
Engineered to enterprise standards
The platform has been engineered, tested, and documented to enterprise standards across
security, performance, reliability, and operations.
Security
TLS 1.2+ enforced on all connections — database, email, and file storage; 100% parameterized SQL, independently audited against injection.
OTP brute-force protection (3 attempts, 60-second lockout); JWT validation covering expired, malformed, and tampered tokens; role-based access control verified across all endpoints.
Security testing aligned to OWASP Top 10 — 0 critical/high findings (internal assessment; independent penetration test was out of scope); enforced security headers, environment-controlled CORS, and comprehensive input sanitization.
Upload controls: strict type whitelisting with MIME verification and 300 MB / 1M-row hard limits.
Privacy & audit
Passwords, tokens, and OTPs fully redacted in logs; PII partially masked to remain traceable without exposure; error responses sanitized against information leakage.
Cell-level audit metadata records who changed what and when across all planning data.
30-day log retention with automated archival to S3 under lifecycle policies.
Performance (validated, P95)
Dashboard and 500-store list in under 1 s; planning save under 2 s; export under 20 s.
100K-row upload in under 5 minutes; 1M-row capacity proven at under 400 MB memory.
50–100 concurrent users sustained under load testing.
Reliability
Zero partial writes — transaction rollback verified per operation.
Multi-tenant isolation explicitly asserted — zero cross-environment access.
Connection-pool auto-recovery in under 30 seconds with graceful degradation (503 + Retry-After).
Operations
Structured JSON logs with correlation IDs — full request traceability.
Production alarms (CPU >80%, memory >90%, error rate >1%) with runbooks.
Tested rollback with database snapshots and automated post-deploy smoke tests.
Security and integrity behaviors are verified by the
bundled automated test run (page 6); performance figures derive from
load/performance validation records; operational controls from operational configuration and
deployment records.
In this package
1 · System Overview — architecture, components, and module map of the platform.
2 · What’s New in v2 — every v2 feature and enhancement, with requirement references.