Non-Functional Requirements (NFRs)

NFR-Security & Privacy

NFR-S1: Enforce invite-based onboarding; session security; 2FA required for admins/owners; optional passwordless fallback.
NFR-S2: Role-based access controls across admin features and APIs; least-privilege defaults.
NFR-S3: Media access via scoped tokens; no direct public RW access to R2.
NFR-S4: Payment flows must be PCI-compliant through the chosen gateway(s); do not store raw card data.
NFR-S5: Basic content moderation hooks for uploads; audit and traceability of changes.
NFR-S6: Conform to privacy policy; provide clear consent for notifications.

NFR-Performance

NFR-P1: Use SSR-friendly, server-side image processing; progressive/lazy-loading for rich media.
NFR-P2: Apply CDN caching and optimized asset delivery to keep LCP/INP within target budgets for typical gallery pages.
NFR-P3: Minimize egress from R2 through caching and efficient formats; favor WebP/AVIF where supported.

NFR-Reliability & Availability

NFR-R1: Implement robust error handling and retries for R2/D1 operations; graceful degradation of images.
NFR-R2: Eventual consistency acceptable for search indices and non-critical caches (<1 minute).
NFR-R3: Activity logs retained per policy; include export capabilities for audits.

NFR-Usability & Accessibility

NFR-U1: Follow ShadCN conventions for components and patterns; consistent spacing/typography.
NFR-U2: WCAG AA baseline for color contrast, focus states, and keyboard navigation.
NFR-U3: Responsive layouts and touch targets across breakpoints.

NFR-Observability & Ops

NFR-O1: Centralized error tracking for client/server, with release tagging.
NFR-O2: Structured logs; avoid logging PII beyond necessity.
NFR-O3: Staging environment should mimic production settings for realistic previews.

NFR-Documentation & Handoff

NFR-D1: Up-to-date README, architecture overview, environment setup, and runbooks.
NFR-D2: Owner-facing guides for day-to-day tasks (invites, portfolio updates, refunds, content).