@kudusov.takhir/ba-toolkit 1.2.0

package/skills/principles/SKILL.md

@@ -0,0 +1,182 @@
+---
+name: ba-principles
+description: >
+  Define project-level principles that govern the entire BA Toolkit pipeline: artifact language, ID conventions, traceability requirements, Definition of Ready per artifact type, mandatory NFR categories, and quality gates. Use on /principles command, or when the user asks to "set project standards", "define conventions", "establish principles", "set up pipeline rules", "configure traceability requirements", "define definition of ready". Optional step — run before /brief or immediately after it. All subsequent skills load and apply these principles automatically.
+---
+
+# /principles — Project Principles
+
+Optional first step of the BA Toolkit pipeline. Defines project-level conventions used by all subsequent skills to generate, validate, and analyze artifacts. If this step is skipped, all skills use built-in defaults.
+
+The generated file acts as the project's analytical constitution: a single source of truth for what "correct" and "complete" means across the pipeline.
+
+## Workflow
+
+### 1. Environment detection
+
+Read `references/environment.md` from the `ba-toolkit` directory to determine the output directory. If unavailable, apply the default rule: if `/mnt/user-data/outputs/` exists and is writable, save there (Claude.ai); otherwise save to the current working directory.
+
+### 2. Pipeline check
+
+If `00_principles_*.md` already exists, load it and offer to:
+- View current principles.
+- Amend a specific section (`/revise [section]`).
+- Regenerate from scratch.
+
+If `01_brief_*.md` already exists, extract the slug and domain from it. Otherwise, ask the user for the project name (to derive the slug) and domain.
+
+### 3. Interview
+
+1–2 rounds, 3–5 questions each. Do not ask about topics the user can accept as defaults.
+
+**Required topics:**
+1. Artifact language — which language should all artifacts be generated in? (default: the language of the user's first message)
+2. Traceability strictness — should every Must-priority US require a Use Case, or only US with complex flows? (default: only complex flows)
+3. NFR baseline — which additional NFR categories are always required beyond the domain defaults? (e.g., GDPR compliance, WCAG accessibility)
+4. Definition of Ready — any project-specific acceptance criteria for finalizing an artifact? (e.g., stakeholder sign-off, specific review steps)
+5. Quality gate — at what severity level should `/analyze` findings block `/done`? (default: CRITICAL only)
+6. Output folder structure — save all artifacts flat in the output directory (default), or inside a `{slug}/` subfolder? (useful when managing multiple projects side by side)
+
+### 4. Generation
+
+**File:** `00_principles_{slug}.md`
+
+```markdown
+# Project Principles: {Project Name}
+
+**Version:** 1.0
+**Date:** {date}
+**Domain:** {domain}
+
+## 1. Artifact Language
+
+All artifacts are generated in: {language}
+
+## 2. ID Conventions
+
+| Artifact | Format | Example |
+|----------|--------|---------|
+| Functional Requirements | FR-NNN | FR-001 |
+| User Stories | US-NNN | US-001 |
+| Use Cases | UC-NNN | UC-001 |
+| Acceptance Criteria | AC-NNN-NN | AC-001-01 |
+| Non-functional Requirements | NFR-NNN | NFR-001 |
+| Data Entities | PascalCase (English) | UserAccount |
+| API Endpoints | REST path | POST /users |
+| Wireframes | WF-NNN | WF-001 |
+
+## 3. Traceability Requirements
+
+Mandatory links — violations flagged as **CRITICAL** by `/analyze` and `/trace`:
+
+- Every FR must have at least one linked US (after `/stories`).
+- Every Must-priority US must have at least one AC (after `/ac`).
+- Every NFR must have a measurable metric.
+- Every WF must link to at least one US.
+
+Recommended links — violations flagged as **HIGH**:
+
+- Must-priority US should have a linked UC (or documented exception).
+- Every Data Entity should link to at least one FR or US.
+- Every API endpoint should link to at least one FR or US.
+
+Optional links — violations flagged as **MEDIUM**:
+
+- Should-priority US may skip UC.
+- Could/Won't items may be undocumented in later artifacts.
+
+## 4. Definition of Ready
+
+An artifact is ready to `/done` when all of the following are true:
+
+### Functional Requirement (FR)
+- [ ] Description present and unambiguous.
+- [ ] Actor identified (not "the system" or "the user" without role).
+- [ ] Priority assigned (MoSCoW).
+- [ ] Input/Output specified.
+
+### User Story (US)
+- [ ] Role, Action, and Value filled.
+- [ ] Priority assigned.
+- [ ] Linked FR reference present.
+
+### Use Case (UC)
+- [ ] Actor, Preconditions, Main Flow, and at least one Exceptional Flow present.
+- [ ] Linked US reference present.
+
+### Acceptance Criterion (AC)
+- [ ] Given / When / Then all present and specific.
+- [ ] Type specified (positive / negative / boundary).
+- [ ] Linked US reference present.
+
+### NFR
+- [ ] Category specified.
+- [ ] Measurable metric present (numeric target, not adjective).
+- [ ] Verification method specified.
+
+### Data Entity
+- [ ] All attributes have types and constraints.
+- [ ] FK references point to existing entities.
+
+### API Endpoint
+- [ ] Request and Response schemas present.
+- [ ] At least one error code documented.
+- [ ] Linked FR/US present.
+
+### Wireframe (WF)
+- [ ] All four states present: default, loading, empty, error.
+- [ ] Navigation links (from / to) specified.
+- [ ] Linked US present.
+
+## 5. NFR Baseline
+
+The following NFR categories are required regardless of domain. They must appear in `06_nfr_{slug}.md`:
+
+- **Security:** authentication method, data encryption at rest and in transit.
+- **Availability:** uptime SLA with a numeric target.
+- **Compliance:** applicable laws and data retention policy.
+
+{additional_categories_if_specified}
+
+## 6. Quality Gates
+
+For `/analyze` findings — action required before `/done` at the current step:
+
+- **CRITICAL:** must be resolved. `/done` is blocked.
+- **HIGH:** {block | warn only} — {project decision}.
+- **MEDIUM:** documented and may be deferred.
+- **LOW:** informational only.
+
+## 7. Output Folder Structure
+
+**Mode:** {flat | subfolder}
+
+_(flat = all artifacts in the output directory root; subfolder = all artifacts under `{output_dir}/{slug}/`)_
+
+## 8. Project-Specific Notes
+
+{any_additional_conventions_from_interview}
+```
+
+### 5. Iterative refinement
+
+- `/revise [section]` — rewrite a section.
+- `/expand [section]` — add detail.
+
+### 6. Closing message
+
+After saving the artifact, present the following summary to the user (see `references/closing-message.md` for format):
+
+- Saved file path.
+- Language confirmed for all artifacts.
+- Traceability strictness level set.
+- Quality gate threshold confirmed (which severity blocks `/done`).
+- NFR baseline categories listed.
+
+Available commands: `/revise [section]` · `/expand [section]`
+
+Next step: `/brief` (if not yet started) or continue from where the pipeline left off — all skills now load `00_principles_{slug}.md` automatically.
+
+## Style
+
+Formal, neutral. No emoji, slang. The principles file itself is generated in the artifact language defined in section 1. Section headings and table column headers remain in that language.

package/skills/references/closing-message.md

@@ -0,0 +1,33 @@
+# Closing Message Template
+
+After saving an artifact, every BA Toolkit skill presents a short summary block to the user in the chat (not inside the saved file). This ensures a consistent pipeline experience across all steps.
+
+## Format
+
+Present the block in the same language as the artifact.
+
+```
+Artifact saved: `{file_path}`
+
+{Brief summary — 2–4 sentences or bullets covering:
+ total count of key elements generated (e.g., "18 FRs across 3 roles"),
+ main decisions captured during the interview,
+ any back-references updated in prior artifacts.}
+
+Available commands:
+  /clarify [focus]    — targeted ambiguity pass: vague terms, missing metrics, conflicting rules
+  /revise [section]   — rewrite a section with your feedback
+  /expand [section]   — add more detail to a section
+  /validate           — check completeness and cross-artifact consistency
+  /done               — finalize this artifact
+
+Next step: /{next_command}
+```
+
+## Rules
+
+- `{file_path}` is the full path where the artifact was saved.
+- The summary is generated dynamically — do not repeat boilerplate; mention actual numbers and decisions.
+- The "Next step" line is omitted for cross-cutting commands (/trace, /clarify, /analyze) that do not advance the pipeline.
+- For `/wireframes` (last pipeline step), replace "Next step" with: `Pipeline complete. Run /trace to check full coverage.`
+- The block is a chat message, not part of the saved Markdown file.

package/skills/references/domains/ecommerce.md

@@ -0,0 +1,209 @@
+# Domain Reference: E-commerce
+
+Domain-specific knowledge for e-commerce projects: B2C online stores, B2B catalogs, multi-vendor marketplaces, D2C brands, subscription box services, digital goods platforms.
+
+---
+
+## 1. /brief — Project Brief
+
+### Domain-specific interview questions
+- Product type: B2C store, B2B catalog, multi-vendor marketplace, D2C brand, subscription service, digital goods?
+- Catalog scale: number of SKUs, product variants, categories?
+- Fulfillment model: own warehouse, dropshipping, third-party fulfillment (3PL), seller-ships?
+- Monetization: product sales margin, seller commission (marketplace), subscription fee, advertising?
+- Existing systems to integrate or replace: ERP, PIM, WMS, accounting?
+
+### Typical business goals
+- Increase online revenue and GMV (Gross Merchandise Value).
+- Reduce cart abandonment rate.
+- Grow repeat purchase rate and customer LTV.
+- Expand to new markets or channels (mobile app, social commerce).
+- Automate order processing and reduce operational costs.
+
+### Typical risks
+- High cart abandonment at checkout.
+- Inventory sync failures across channels.
+- Payment processing downtime during peak sales events.
+- Seller fraud or counterfeit products (marketplace).
+- Regulatory requirements: consumer protection laws, VAT/tax compliance by geography.
+
+---
+
+## 2. /srs — Requirements Specification
+
+### Domain-specific interview questions
+- Roles: guest shopper, registered customer, seller/vendor (if marketplace), warehouse operator, admin, support agent, marketing manager?
+- Payment methods: card (Stripe, Braintree), PayPal, BNPL (Klarna, Afterpay), crypto, local methods?
+- Shipping: own couriers, third-party carriers (FedEx, UPS, DHL), real-time shipping rates?
+- Inventory management: single warehouse, multi-warehouse, real-time stock reservation?
+- Promotions: discount codes, bundle pricing, flash sales, loyalty points, gift cards?
+- Multi-currency and multi-language support?
+- Tax calculation: VAT by country, US sales tax, tax-exempt B2B customers?
+
+### Typical functional areas
+- Product catalog (browsing, search, filtering, sorting).
+- Product detail page (images, variants, stock status, reviews).
+- Cart and wishlist.
+- Checkout (address, shipping method, payment, order summary).
+- Order management (tracking, history, cancellation, returns/refunds).
+- Seller portal (marketplace): product listing, order management, payouts.
+- Admin panel: catalog management, order processing, customer management, promotions, reports.
+- Customer account: profile, address book, order history, loyalty points.
+
+---
+
+## 3. /stories — User Stories
+
+### Domain-specific interview questions
+- Critical flows: product search, add to cart, guest checkout vs. registered checkout?
+- Edge cases: out-of-stock during checkout, payment failure, partial shipment, return request?
+- Personas: one-time buyer, returning customer, B2B bulk buyer, marketplace seller?
+
+### Typical epics
+- Product Discovery (search, browse, filter, recommendations).
+- Cart and Wishlist.
+- Checkout and Payment.
+- Order Management and Tracking.
+- Returns and Refunds.
+- Customer Account.
+- Seller Portal (marketplace).
+- Promotions and Loyalty.
+- Admin and Reporting.
+
+---
+
+## 4. /usecases — Use Cases
+
+### Domain-specific interview questions
+- Critical alternative flows: item goes out of stock during checkout, payment declined, address validation fails, coupon code invalid?
+- External system actors: payment gateway, shipping carrier API, tax calculation service, fraud detection service?
+
+### Typical exceptional flows
+- Payment gateway timeout — retry or alternative payment method offered.
+- Item out of stock after cart reservation — notification and substitution or removal.
+- Shipping carrier API unavailable — fallback to flat-rate shipping estimate.
+- Fraud detection flag — order held for manual review.
+- Return request after return window closed — escalate to support.
+
+---
+
+## 5. /ac — Acceptance Criteria
+
+### Domain-specific interview questions
+- Inventory reservation: when is stock reserved — on add to cart, on checkout start, or on payment confirmation?
+- Return policy: return window (days), restocking fee, refund method (original payment, store credit)?
+- Partial fulfillment: can an order ship in multiple parcels? Is partial refund supported?
+- Price rules: are prices inclusive or exclusive of tax? Flash sale price — when does it expire?
+- Cart behaviour: does the cart persist across sessions? Across devices?
+
+---
+
+## 6. /nfr — Non-functional Requirements
+
+### Domain-specific interview questions
+- Peak load: expected traffic during flash sales, Black Friday, seasonal peaks (CCU, RPS)?
+- Page performance: target Core Web Vitals — LCP, FID, CLS?
+- PCI DSS compliance level required (depends on payment handling model)?
+- Search: full-text search with typo tolerance, faceted filtering — Elasticsearch, Algolia, or native DB?
+
+### Mandatory NFR categories for E-commerce
+- **Performance:** Product listing page load < 2s (LCP). Search results < 500ms. Checkout page < 1.5s. Cart update < 300ms.
+- **Scalability:** System must handle 10× normal traffic during peak sales events without degradation.
+- **Security:** PCI DSS compliance for cardholder data. HTTPS everywhere. CSRF protection on checkout. Fraud scoring on orders.
+- **Availability:** SLA 99.9% uptime. Checkout flow prioritised for zero-downtime deployments.
+- **SEO:** Server-side rendering or static generation for product and category pages. Canonical URLs. Structured data (Schema.org Product).
+- **Accessibility:** WCAG 2.1 AA for checkout and product pages.
+
+---
+
+## 7. /datadict — Data Dictionary
+
+### Domain-specific interview questions
+- Product variants: how are they modelled — attribute matrix (size × colour) or flat SKU list?
+- Prices: stored with or without tax? Multiple price tiers (retail, wholesale, member)?
+- Order states: what is the full lifecycle (pending → confirmed → processing → shipped → delivered → returned)?
+- Soft delete: are products and orders soft-deleted or hard-deleted?
+- Amounts: stored in minor currency units (cents)?
+
+### Mandatory entities for E-commerce
+- **Product** — master product record: name, description, brand, category, status.
+- **ProductVariant** — SKU-level record: size, colour, price, stock quantity, barcode.
+- **Category** — hierarchical product taxonomy.
+- **Cart** — session or user cart: items, applied coupons, shipping estimate.
+- **CartItem** — line item in cart: variant, quantity, price snapshot.
+- **Order** — placed order: status lifecycle, totals, shipping and billing addresses.
+- **OrderItem** — line item in order: variant, quantity, unit price, discount.
+- **Customer** — registered user: profile, address book, loyalty balance.
+- **Address** — shipping or billing address linked to customer or order.
+- **Payment** — payment attempt: method, status, gateway transaction ID, amount.
+- **Shipment** — shipment: carrier, tracking number, status, items shipped.
+- **Return** — return request: items, reason, status, refund amount.
+- **Coupon** — discount code: type (percentage, fixed, free shipping), usage limits, validity.
+- **Review** — product review: rating, text, verified purchase flag.
+- **Seller** _(marketplace)_ — vendor account: profile, commission rate, payout details.
+
+---
+
+## 8. /apicontract — API Contract
+
+### Domain-specific interview questions
+- Webhook needs: order status updates to seller, payment gateway callbacks, inventory webhooks from ERP?
+- Real-time: stock level updates on product page, order status notifications — WebSocket or polling?
+- Pagination: cursor-based or offset for product listing and order history?
+
+### Typical endpoint groups
+- **Catalog** — products list, product detail, search, categories, reviews.
+- **Cart** — get cart, add item, update quantity, remove item, apply coupon.
+- **Checkout** — calculate shipping, validate address, place order, payment initiation.
+- **Orders** — order history, order detail, cancel order, track shipment.
+- **Returns** — create return request, return status, refund status.
+- **Account** — register, login, profile, address book, loyalty balance.
+- **Seller** _(marketplace)_ — product management, order management, payout history.
+- **Admin** — catalog management, order management, customer management, promotions, reports.
+- **Webhooks** — payment gateway callback, carrier tracking update, inventory sync.
+
+---
+
+## 9. /wireframes — Wireframe Descriptions
+
+### Domain-specific interview questions
+- Key screens: homepage, category page, product detail, cart, checkout (single-page or multi-step), order confirmation?
+- Mobile-first or responsive desktop design?
+- Guest checkout allowed, or registration required?
+- Specific states: out of stock, pre-order, flash sale countdown, product with multiple variants?
+
+### Typical screens
+- **Homepage** — hero banner, featured categories, promotional items, recently viewed.
+- **Category / PLP (Product Listing Page)** — product grid/list, filter panel, sort, pagination, active filters.
+- **Product Detail / PDP** — images gallery, variant selector, price, stock status, add to cart, reviews.
+- **Cart** — line items, quantity controls, coupon input, order summary, proceed to checkout.
+- **Checkout** — address step, shipping method step, payment step, order review.
+- **Order Confirmation** — order number, summary, estimated delivery, next steps.
+- **Order History** — list of orders with status, link to tracking.
+- **Order Detail** — items, tracking, return option, invoice download.
+- **Customer Account** — profile, addresses, orders, wishlist, loyalty points.
+- **Seller Dashboard** _(marketplace)_ — orders pending, revenue, listings, payouts.
+
+---
+
+## Domain Glossary
+
+| Term | Definition |
+|------|-----------|
+| SKU | Stock Keeping Unit — unique identifier for a product variant |
+| GMV | Gross Merchandise Value — total sales volume before deductions |
+| AOV | Average Order Value |
+| PDP | Product Detail Page |
+| PLP | Product Listing Page |
+| PIM | Product Information Management — system for managing product data |
+| WMS | Warehouse Management System |
+| 3PL | Third-Party Logistics — outsourced fulfillment provider |
+| Dropshipping | Fulfillment model where the seller does not hold inventory |
+| BNPL | Buy Now Pay Later — deferred payment option |
+| LTV | Customer Lifetime Value |
+| CAC | Customer Acquisition Cost |
+| Cart abandonment | When a shopper adds items to cart but does not complete checkout |
+| Chargeback | Payment reversal initiated by the customer's bank |
+| PCI DSS | Payment Card Industry Data Security Standard |
+| Faceted search | Search with multiple simultaneous filter dimensions |
+| UGC | User-Generated Content (reviews, photos) |

package/skills/references/domains/fintech.md

@@ -0,0 +1,180 @@
+# Domain Reference: Fintech
+
+Domain-specific knowledge for Fintech projects: neobanks, payment systems, crypto exchanges, investment platforms, P2P lending, insurance tech, PFM (Personal Finance Management).
+
+---
+
+## 1. /brief — Project Brief
+
+### Domain-specific interview questions
+- Product type: neobank, payment gateway, crypto exchange, investment platform, PFM app, P2P lending, insurance aggregator?
+- Licenses and regulators: central bank, FCA (UK), BaFin (DE), SEC/FINRA (US), MAS (Singapore)?
+- Integrations: card processing (Visa/Mastercard), SWIFT, Open Banking API, exchanges, credit scoring?
+
+### Typical business goals
+- Reduce cost-to-serve per transaction.
+- Grow MAU (Monthly Active Users) and engagement.
+- Enter a new regulatory market.
+- Increase AUM (Assets Under Management).
+- Launch a new financial product (card, loan, investments).
+
+### Typical risks
+- License denial or regulatory restrictions.
+- Customer financial data breach.
+- Processing rule changes (PCI DSS, PSD2).
+- Operational losses due to calculation errors.
+
+---
+
+## 2. /srs — Requirements Specification
+
+### Domain-specific interview questions
+- Roles: individual customer, corporate customer, operator, compliance officer, risk manager, support agent?
+- External integrations: processing center, SWIFT/SEPA, Open Banking (PSD2), credit bureaus, KYC/AML provider, market data feeds?
+- Multi-currency: fiat currencies, crypto, conversion?
+- Regulatory requirements: PCI DSS, PSD2 (Strong Customer Authentication), GDPR, SOX, Basel III?
+
+### Typical functional areas
+- Onboarding and verification (KYC/KYB).
+- Account and balance management.
+- Transfers and payments (P2P, C2B, B2B, international).
+- Card products (issuance, management, limits).
+- Investments / trading (portfolio, orders, market data).
+- Lending (scoring, application, servicing).
+- Reporting (regulatory, management, customer).
+
+---
+
+## 3. /stories — User Stories
+
+### Domain-specific interview questions
+- Critical user flows: onboarding, first transfer, card top-up, investment trade, loan application?
+- Edge cases: double charge, transaction reversal, sanctions check, AML block, daily limit exceeded?
+- Personas: individual customer, sole proprietor, corporate treasurer, beginner investor, active trader?
+
+### Typical epics
+- Onboarding and KYC/KYB.
+- Accounts and balances.
+- Payments and transfers.
+- Cards.
+- Investments / trading.
+- Loans.
+- Notifications and alerts.
+- Administration and compliance.
+
+---
+
+## 4. /usecases — Use Cases
+
+### Domain-specific interview questions
+- Critical alternative flows: insufficient funds, processing rejection, SCA challenge (Strong Customer Authentication), sanctions stop-list?
+- System actors: processing center, SWIFT gateway, credit bureau, market data provider, AML service?
+
+### Typical exceptional flows
+- Transaction declined by processor.
+- Counterparty on sanctions list.
+- SWIFT/SEPA connection failure.
+- Market data feed unavailable.
+- Credit limit exceeded.
+
+---
+
+## 5. /ac — Acceptance Criteria
+
+### Domain-specific interview questions
+- Business rules: daily/monthly transfer limits, fees (fixed, percentage, tiered), minimum investment amount, interest rates?
+- Boundary values: minimum transfer, maximum balance, SCA timeout, trade holding period?
+- Precision: currency — 2 decimal places, crypto — up to 8, interest rates — up to 4?
+
+---
+
+## 6. /nfr — Non-functional Requirements
+
+### Domain-specific interview questions
+- Target TPS (Transactions Per Second) and payment processing time (p95)?
+- PCI DSS: which level (Level 1–4)? Certification or SAQ (Self-Assessment Questionnaire)?
+- Encryption: HSM (Hardware Security Module) for keys? Card tokenization?
+
+### Mandatory NFR categories for Fintech
+- **Performance:** payment processing time < 3s (p95), TPS for peak loads.
+- **Security:** PCI DSS compliance, HSM for cryptographic keys, PAN (Primary Account Number) tokenization, encryption at-rest and in-transit.
+- **Compliance:** regulatory reporting, transaction data retention 5–10 years, AML monitoring, PSD2 SCA.
+- **Availability:** SLA 99.99% for payment processing, RPO (Recovery Point Objective) < 1 min.
+- **Audit:** full audit trail for all financial operations, immutable logs.
+
+---
+
+## 7. /datadict — Data Dictionary
+
+### Domain-specific interview questions
+- Audit: which operations require immutable log (transfers, limit changes, logins)?
+- Amount precision: stored in minor units (cents) or fixed precision (decimal)?
+
+### Mandatory entities for Fintech
+- **User / Customer** — customer, KYC status, verification level, risk rating.
+- **Account** — account: type, currency, balance, status.
+- **Transaction** — transaction: type, amount, currency, status, fee, counterparty.
+- **Card** — card: tokenized PAN, status, limits, expiry.
+- **KYCRecord** — verification results: documents, check status, provider.
+- **AMLCheck** — AML check results: score, decision, timestamp.
+- **AuditLog** — audit log: action, actor, IP, timestamp, payload.
+- **Fee** — fee: type, calculation, applicability.
+- **ExchangeRate** — exchange rates: pair, rate, timestamp, source.
+
+---
+
+## 8. /apicontract — API Contract
+
+### Domain-specific interview questions
+- Webhook contracts: processing callback (payment status), AML service notifications, Open Banking events?
+- Authentication: OAuth2 + SCA, mTLS for service-to-service?
+
+### Typical endpoint groups
+- Auth (registration, login, SCA, refresh).
+- Accounts (creation, balance, statement).
+- Transfers (P2P, SEPA, SWIFT, internal).
+- Cards (issuance, blocking, limits, PIN).
+- Investments (portfolio, orders, quotes).
+- KYC (document upload, status).
+- Admin (customer management, AML review, reports).
+- Webhooks (payment status, AML alerts, card events).
+
+---
+
+## 9. /wireframes — Wireframe Descriptions
+
+### Domain-specific interview questions
+- Key screens: dashboard, account list, transfer, card, investments, transaction history?
+- Specific states: pending verification, card frozen, insufficient funds, SCA required?
+
+### Typical screens
+- Dashboard (account summary, recent transactions, quick actions).
+- Account (balance, statement, period and type filters).
+- Transfer (recipient selection, amount, confirmation, SCA).
+- Card (visualization, limits, block/unblock, PIN).
+- Investments (portfolio, charts, order placement).
+- Profile (data, KYC status, security settings).
+- Admin panel: customers, transactions, AML alerts, reports.
+
+---
+
+## Domain Glossary
+
+| Term | Definition |
+|------|-----------|
+| PCI DSS | Payment Card Industry Data Security Standard |
+| PSD2 | Payment Services Directive 2 — EU payment services directive |
+| SCA | Strong Customer Authentication — enhanced customer authentication (PSD2 requirement) |
+| KYC | Know Your Customer — customer identification |
+| KYB | Know Your Business — business entity identification |
+| AML | Anti-Money Laundering |
+| HSM | Hardware Security Module — hardware module for key storage |
+| PAN | Primary Account Number — payment card number |
+| SWIFT | Society for Worldwide Interbank Financial Telecommunication |
+| SEPA | Single Euro Payments Area |
+| TPS | Transactions Per Second |
+| RPO | Recovery Point Objective — acceptable data loss on failure |
+| RTO | Recovery Time Objective — acceptable recovery time after failure |
+| AUM | Assets Under Management |
+| MAU | Monthly Active Users |
+| SAQ | Self-Assessment Questionnaire — PCI DSS self-assessment |