# CMS Todo And Progress This file is the single source of truth for roadmap and delivery progress. ## Status Legend - [ ] Planned - [~] Partially done - [x] Done ## MVP 0: Foundations ### MVP1 Gate: Mandatory Before Feature Work - [ ] RBAC domain model finalized (roles, permissions, resource scopes) - [ ] RBAC enforcement at route and action level in admin - [ ] Permission matrix documented and tested - [ ] Reusable CRUD base patterns (list/detail/editor/service/repository) - [ ] Shared CRUD validation strategy (Zod + server-side enforcement) - [ ] Shared error and audit hooks for CRUD mutations ### Admin App - [x] Separate Next.js admin app in monorepo - [x] App Router + TypeScript + `src/` structure - [x] Shared DB access via `@cms/db` - [~] Base admin dashboard shell and roadmap page (`/todo`) - [ ] Authentication and session model (`admin`, `editor`, `manager`) - [ ] Protected admin routes and session handling - [ ] Core admin IA (pages/media/users/commissions/settings) ### Public App - [x] Separate Next.js public app in monorepo - [x] App Router + TypeScript + `src/` structure - [~] Public app connected to shared data layer - [ ] Public layout system (header/footer/navigation) - [ ] Header banner rendering from CMS-managed content - [ ] Basic SEO defaults (metadata, OG, sitemap, robots) ### Testing - [x] Vitest + Testing Library + MSW baseline - [x] Playwright baseline with web/admin projects - [ ] CI workflow for lint/typecheck/unit/e2e gates - [ ] Test data strategy (seed fixtures + isolated e2e data) - [ ] RBAC policy unit tests and permission regression suite - [ ] CRUD contract tests for shared service patterns ### Delivery Pipeline And Runtime - [x] Theoretical Gitea Actions workflow scaffold (`.gitea/workflows/ci-cd-theoretical.yml`) - [x] Bun-based Dockerfiles for public and admin apps - [x] Staging and production docker-compose templates - [ ] Registry credentials and image push strategy - [ ] Staging deployment automation against real host - [ ] Production promotion and rollback procedure ## MVP 1: Core CMS Business Features ### Admin App (Primary Focus) - [ ] Page management (create/edit/publish/unpublish/schedule) - [ ] Navigation management (menus, nested items, order, visibility) - [ ] Media library (upload, browse, replace, delete) - [ ] Media enrichment metadata (alt text, copyright, author, source, tags) - [ ] Media refinement for artworks (medium, dimensions, year, framing, availability) - [ ] Users management (invite, roles, status) - [ ] Commissions management (request intake, owner, due date, notes) - [ ] Kanban workflow for commissions (new, scoped, in-progress, review, done) - [ ] Header banner management (message, CTA, active window) ### Public App - [ ] Dynamic page rendering from CMS page entities - [ ] Navigation rendering from managed menu structure - [ ] Media entity rendering with enrichment data - [ ] Artwork views and listing filters - [ ] Commission request submission flow - [ ] Header banner render logic and fallbacks ### News / Blog (Secondary Track) - [ ] News/blog content type (not primary CMS domain) - [ ] Admin list/editor for news posts - [ ] Public news index + detail pages - [ ] Tag/category and basic archive support ### Testing - [ ] Unit tests for content schemas and service logic - [ ] Component tests for admin forms (pages/media/navigation) - [ ] E2E happy paths: create page, publish, see on public app - [ ] E2E happy paths: media upload + artwork refinement display - [ ] E2E happy paths: commissions kanban transitions ## MVP 2: Production Readiness ### Admin App - [ ] Audit log for key content operations - [ ] Revision history for pages/navigation/media metadata - [ ] Permission matrix refinement with granular scopes - [ ] Error boundaries and UX fallback states ### Public App - [ ] Revalidation strategy and cache tuning - [ ] Performance budget checks (Core Web Vitals) - [ ] 404/500 content-aware error pages - [ ] Accessibility review and fixes ### Platform - [x] Bun workspace + Biome + Turbo baseline - [x] Prisma + PostgreSQL baseline - [ ] Monitoring and alerting baseline - [ ] Backup and migration rollback playbook - [ ] Release/versioning checklist per environment ### Testing - [ ] Visual regression workflow for critical templates - [ ] Load/perf tests for key public routes - [ ] Flake tracking and quarantine policy for e2e - [ ] Coverage thresholds and enforcement policy ## Discovery Log - [2026-02-10] Prisma client must be generated before app/e2e startup to avoid runtime module errors. - [2026-02-10] `bun test` conflicts with Playwright-style test files; keep e2e files on `*.pw.ts` and run e2e via Playwright. - [2026-02-10] Linux Playwright runtime depends on host packages; browser setup may require `playwright install --with-deps`. ## How We Use This File - Mark completed items by switching `[ ]` to `[x]`. - Mark ongoing work by switching `[ ]` to `[~]`. - Add new findings to Discovery Log with date. - Keep MVP scope changes in this file first, then implement.