Gap Analysis — client/lumiscare (CRITICAL)

Gap Analysis: client

Blueprint Reference: ALAI-PROJECT-BLUEPRINT.md Sections 2.3, 4.1, 6.2, 9
Date: 2026-04-29 | Analyst: Petter Graff (MC #10043)
Tool-verified: Bash ls, secrets scan (grep), cd lumiscare + git ls-files, git remote -v

SUMMARY

Client deliverables workspace containing multiple sub-projects: lumiscare, lumiscare-alpha through epsilon, klofta-il, nordfit, rendrom, vivacareusa. CRITICAL SECURITY FINDING: RSA private keys git-tracked in lumiscare sub-project (committed to GitHub johnatbasicas/vivacare). Only top-level workspace has CLAUDE.md. No sub-project has standard blueprint structure.

RISK

• CRITICAL: RSA private keys (MyPrivate.key, CAPrivate.key) are committed to git and pushed to github.com/johnatbasicas/vivacare. If these keys protect any live SSL/TLS endpoint (Lumiscare patient app, VivaCare), they must be treated as COMPROMISED.
• HIGH: Multiple client projects (klofta-il, nordfit, vivacareusa, lumiscare) with no individual documentation — agents operating on these sub-projects are flying blind.
• HIGH: No CI on any sub-project — broken builds are invisible.

Priority: CRITICAL (due to private key exposure)
Blueprint compliance score: 10/100

File location: /Users/makinja/system/specs/gap-analysis/client.md
MC Task: #10043
Tags: system-reform-2026-04, MC-10043, petter-graff, gap-analysis, CRITICAL