Bilko Documentation Index

Last updated: 2026-02-25 Total documents: 90 Status: 32 Final / 58 Draft

Quick Links

Business Requirements

6 documents

Document	Description	Status
Acceptance Criteria	Feature acceptance criteria and DoD per module	Draft
BRD	Business Requirements Document — project goals, stakeholders, scope	Draft
Functional Requirements	Detailed functional requirements for all features	Draft
Non-Functional Requirements	Performance, scalability, reliability, and quality requirements	Draft
Requirements Traceability Matrix	Maps requirements to implementation and tests	Draft
User Stories	Agile user stories with acceptance criteria by epic	Draft

Architecture

6 documents

Document	Description	Status
ADR	Architecture Decision Records — key technical decisions and rationale	Final
API Specification	OpenAPI v3 specification for the Bilko REST API	Final
Data Flow	Data flow diagrams — user actions, API calls, DB interactions	Draft
Database Schema Document	Full database schema documentation for bilko_production	Draft
Integration Design	External integrations — SEF, eRačun, SendGrid, ECB/Fixer.io, Cloudflare R2	Draft
Module Design	Design of @bilko/core accounting core module (Turborepo package)	Draft

Backend

14 documents

Document	Description	Status
API Coverage Report	Maps every frontend page to required API endpoints	Draft
API Reference	Full REST API reference with endpoints, schemas, and examples	Draft
Authentication	Auth architecture — JWT, sessions, OAuth, and RBAC design	Draft
Backend Architecture	Node.js/Express service architecture overview	Draft
Business Logic	Core accounting rules — invoicing, VAT calculation, journal entries	Draft
Database Schema	Prisma schema reference — implemented PostgreSQL data model	Final
Error Codes Catalog	Complete error code catalog with HTTP status, cause, and resolution	Final
Event Schema	Domain event definitions for the event-driven architecture	Draft
External Services	Third-party integrations — fiscal APIs, payment providers	Draft
Middleware Design	Express middleware stack — auth, logging, rate limiting design	Draft
Middleware	Middleware configuration and execution order specification	Draft
Roles and Permissions	RBAC model — roles, permissions, and resource access matrix	Final
Service Design	Service layer design for all backend services	Draft
Services	Service catalogue — external APIs and integrations consumed	Draft

Frontend

7 documents

Document	Description	Status
Accessibility Audit	WCAG 2.1 AA accessibility audit and remediation plan	Draft
Component Inventory	Full inventory of React components in apps/web/components/	Final
Design System	Design tokens, color palette, typography, and spacing system	Final
Forms	Form inventory, validation patterns, and react-hook-form migration plan	Final
Frontend Architecture	Next.js 15 App Router architecture, routing, and rendering strategy	Draft
Pages	All implemented pages with routes, components, and data requirements	Final
State Management	Current React hooks state + Zustand migration plan	Final

Security & Compliance

8 documents

Document	Description	Status
Breach Response Plan	IRP-SEC-001 — Incident response procedures for data breaches	Final
Compliance Framework	GDPR, PCI-DSS, and regional compliance requirements overview	Final
Compliance Status	Current compliance posture — gaps and remediation roadmap	Draft
Data Encryption Policy	POL-SEC-ENC-001 — Encryption standards for data at rest and in transit	Final
DPIA	Data Protection Impact Assessment for processing personal financial data	Final
Key Management Policy	POL-SEC-KM-001 — Cryptographic key lifecycle management	Final
Security Architecture	Security design — auth, network security, secrets, and threat model	Draft
Security Testing Policy	POL-SEC-TEST-001 — SAST, DAST, and penetration testing requirements	Final

Testing & QA

7 documents — see also Test Plan in Standalone

Document	Description	Status
Definition of Done	DoD checklist for features, sprints, and releases	Draft
E2E Test Plan	End-to-end testing plan with Playwright test scenarios	Draft
Performance Test Plan	Load and stress testing targets and methodology	Draft
Test Case Template	Standard template for writing and documenting test cases	Draft
Test Inventory	Catalogue of all planned tests — unit, integration, E2E	Draft
Test Strategy	Overall testing strategy — scope, tools, and coverage targets	Draft
Testing Guide	Developer guide for running and writing tests	Draft

Infrastructure & DevOps

6 documents

Document	Description	Status
CI/CD Pipeline	GitHub Actions pipeline design — build, test, deploy stages	Draft
Deployment Guide	Target deployment architecture — Railway/Fly.io, Postgres, S3	Draft
Disaster Recovery	DR plan — RTO/RPO targets, backup strategy, failover procedures	Draft
Environment Configuration	Environment variables, secrets management, dev/staging/prod config	Draft
Infrastructure as Code	Terraform/IaC specifications for cloud infrastructure	Draft
Monitoring & Observability	Metrics, logging, alerting, and observability stack design	Draft

Operations

5 documents

Document	Description	Status
Go-Live Runbook	Step-by-step production launch checklist and procedures	Draft
Incident Report	Incident report template and reporting process	Draft
Operational Runbook	Day-to-day ops procedures — deployments, rollbacks, monitoring	Draft
Post-Mortem	Post-incident analysis template and blameless review process	Draft
SLA Report	SLA definitions and monthly performance reporting template	Draft

Governance

5 documents

Document	Description	Status
Communication Plan	Stakeholder communication cadence and channels	Draft
Project Brief	One-page project summary — scope, goals, and constraints	Draft
Project Charter	Formal project authorization — objectives, budget, and authority	Draft
RACI Matrix	Responsibility assignment for all project activities	Draft
Risk Register	Identified risks with probability, impact, and mitigation	Draft

Release

4 documents

Document	Description	Status
Deployment Checklist	Pre/post-deployment verification checklist	Draft
Release Notes	Release notes template and changelog format	Draft
Rollback Plan	Rollback procedures and decision criteria	Draft
UAT Sign-Off	User acceptance testing sign-off template	Draft

Developer Experience

4 documents

Document	Description	Status
Coding Standards	TypeScript, ESLint, Prettier, and project-specific code conventions	Draft
Developer Offboarding	Knowledge transfer and access revocation checklist	Draft
Developer Onboarding	New developer orientation — codebase, tools, and first contribution	Draft
Local Development Setup	Step-by-step local environment setup with prerequisites	Draft

Cross-Cutting

3 documents

Document	Description	Status
Change Request	Change request process, templates, and approval workflow	Draft
Lessons Learned	Project retrospective insights and team learnings	Draft
Tech Debt Log	Known technical debt items with priority and remediation plan	Draft

Regulatory

8 documents

Document	Description	Status
Bosnia & Herzegovina Overview	BA regulatory requirements — entity structure and tax obligations	Final
BIH PDV (VAT)	Bosnia & Herzegovina VAT rules, rates, and e-invoicing status	Final
Chart of Accounts	Unified CoA reference — BA, RS, HR cross-country comparison	Final
Croatia eRačun	Croatia e-invoicing (eRačun) and fiscalization (Fiskalizacija)	Final
Croatia Overview	HR regulatory requirements — EU member, PDV, fiscal obligations	Final
Multi-Region Overview	Shared core + country plugin architecture for multi-region compliance	Final
Serbia Overview	RS regulatory requirements — SEF mandate, PDV, e-invoicing	Final
Serbia SEF	Serbia's Sistem Elektronskih Faktura — mandatory e-invoicing system	Final

Open Banking

2 documents

Document	Description	Status
Balkan Open Banking Strategy	CEO-approved unified platform strategy for open banking across the Balkans	Final
Open Banking Business Case	Financial and strategic justification for open banking investment	Final

Standalone Documents

5 documents

Document	Description	Status
Competitive Research	Market analysis — competitors, positioning, and differentiation strategy	Final
High-Level Design	System overview — architecture, technology stack, and key decisions	Final
Low-Level Design	Detailed component design — services, APIs, and data models	Final
Test Plan	Master test plan covering all testing phases and acceptance criteria	Final
Validation Report	Gate validation report — documentation completeness and quality	Final

Templates excluded. See templates/ for reusable document templates.

Documentation Index

Business Case (ZiCA v2)

Bilko — Project Handbook

Pipeline Gate Tracker

Architecture Document

API Specification

ADR-014 — Hybrid Encryption for L4 Restricted Fields

ADR-015: Four-Jurisdiction Plugin Architecture

ADR-016: EInvoice Adapter Lifecycle and Contract

ADR-017: RLS Multi-Tenancy Migration

ADR-019: Integration Adapter Registry

ADR-020: Backend Canonical — Deprecate api-kotlin

ADR-021: Bilko Blueprint Section 15 Realignment

Petter Graff Architecture Review

Architecture Validation Report

App Store: Metadata

App Store: Icon Spec

App Store: Screenshot Texts

Marketing Overview

Bilko Documentation Index

Bilko Documentation Index

Quick Links

Business Requirements

Architecture

Backend

Frontend

Security & Compliance

Testing & QA

Infrastructure & DevOps

Operations

Governance

Release

Developer Experience

Cross-Cutting

Regulatory

Open Banking

Standalone Documents