# Gap Analysis — client/lumiscare (CRITICAL)

# Gap Analysis: client

**Blueprint Reference:** ALAI-PROJECT-BLUEPRINT.md Sections 2.3, 4.1, 6.2, 9  
**Date:** 2026-04-29 | **Analyst:** Petter Graff (MC #10043)  
**Tool-verified:** Bash ls, secrets scan (grep), cd lumiscare + git ls-files, git remote -v

## SUMMARY

Client deliverables workspace containing multiple sub-projects: lumiscare, lumiscare-alpha through epsilon, klofta-il, nordfit, rendrom, vivacareusa. **CRITICAL SECURITY FINDING:** RSA private keys git-tracked in lumiscare sub-project (committed to GitHub johnatbasicas/vivacare). Only top-level workspace has CLAUDE.md. No sub-project has standard blueprint structure.

## RISK

- **CRITICAL:** RSA private keys (MyPrivate.key, CAPrivate.key) are committed to git and pushed to github.com/johnatbasicas/vivacare. If these keys protect any live SSL/TLS endpoint (Lumiscare patient app, VivaCare), they must be treated as COMPROMISED.
- **HIGH:** Multiple client projects (klofta-il, nordfit, vivacareusa, lumiscare) with no individual documentation — agents operating on these sub-projects are flying blind.
- **HIGH:** No CI on any sub-project — broken builds are invisible.

**Priority:** CRITICAL (due to private key exposure)  
**Blueprint compliance score:** 10/100

**File location:** /Users/makinja/system/specs/gap-analysis/client.md  
**MC Task:** #10043  
**Tags:** system-reform-2026-04, MC-10043, petter-graff, gap-analysis, CRITICAL