Citali/cms.fellies.org
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b96cd6d8005aea50c49a70540e0fd2afff94c682
cms.fellies.org/TODO.md

9.4 KiB
Raw Blame History

CMS Todo And Progress

This file is the single source of truth for roadmap and delivery progress.

Status Legend

  • Planned
  • [~] Partially done
  • Done

Priority Legend

  • [P1] Critical path / prerequisite
  • [P2] Important but not blocking
  • [P3] Nice-to-have / optimization

MVP 0: Foundations

MVP1 Gate: Mandatory Before Feature Work

  • [P1] RBAC domain model finalized (roles, permissions, resource scopes)
  • [P1] RBAC enforcement at route and action level in admin
  • [P1] Permission matrix documented and tested
  • [P1] i18n baseline architecture (default locale, supported locales, routing strategy)
  • [P1] i18n runtime integration baseline for both apps (locale provider + message loading)
  • [P1] Locale persistence and switcher base component (cookie/header + UI)
  • [P1] Integrate Better Auth core configuration and session wiring
  • [P1] Bootstrap first-run owner account creation via initial registration flow
  • [P1] Enforce invariant: exactly one owner user must always exist
  • [P1] Create hidden technical support user by default (non-demotable, non-deletable)
  • [~] [P1] Admin registration policy control (allow/deny self-registration for admin panel)
  • [P1] First-start onboarding route for initial owner creation (/welcome)
  • [P1] Split auth entry points (/welcome, /login, /register) with cross-links
  • [~] [P2] Support fallback sign-in route (/support/:key) as break-glass access
  • [P1] Reusable CRUD base patterns (list/detail/editor/service/repository)
  • [P1] Shared CRUD validation strategy (Zod + server-side enforcement)
  • [P1] Shared error and audit hooks for CRUD mutations

Admin App

  • [P1] Separate Next.js admin app in monorepo
  • [P1] App Router + TypeScript + src/ structure
  • [P1] Shared DB access via @cms/db
  • [~] [P2] Base admin dashboard shell and roadmap page (/todo)
  • [P1] Authentication and session model (admin, editor, manager)
  • [P1] Protected admin routes and session handling
  • [P1] Core admin IA (pages/media/users/commissions/settings)

Public App

  • [P1] Separate Next.js public app in monorepo
  • [P1] App Router + TypeScript + src/ structure
  • [~] [P1] Public app connected to shared data layer
  • [P1] Localized route structure and middleware rules
  • [P2] Public layout system (header/footer/navigation)
  • [P1] Header banner rendering from CMS-managed content
  • [P2] Basic SEO defaults (metadata, OG, sitemap, robots)

Testing

  • [P1] Vitest + Testing Library + MSW baseline
  • [P1] Playwright baseline with web/admin projects
  • [P1] CI workflow for lint/typecheck/unit/e2e gates
  • [P1] Test data strategy (seed fixtures + isolated e2e data)
  • [~] [P1] RBAC policy unit tests and permission regression suite
  • [P1] i18n unit tests (locale resolution, fallback, message key loading)
  • [P1] i18n integration tests (admin/public locale switch and persistence)
  • [P1] i18n e2e smoke tests (localized headings/content per route)
  • [P1] CRUD contract tests for shared service patterns

Documentation

  • [P1] Docs tool baseline added (docs/ via VitePress)
  • [P1] RBAC and permission model documentation in docs site
  • [P2] i18n conventions docs (keys, namespaces, fallback, translation workflow)
  • [P1] CRUD base patterns documentation and examples
  • [P1] Environment and deployment runbook docs (dev/staging/production)
  • [P2] API and domain glossary pages
  • [P2] Architecture Decision Records (ADR) structure and first ADRs

Delivery Pipeline And Runtime

  • [P2] Theoretical Gitea Actions workflow scaffold (.gitea/workflows/ci-cd-theoretical.yml)
  • [P2] Bun-based Dockerfiles for public and admin apps
  • [P2] Staging and production docker-compose templates
  • [P1] Registry credentials and image push strategy
  • [P1] Staging deployment automation against real host
  • [P1] Production promotion and rollback procedure

Git Flow And Branching

  • [P1] Protect main and staging branches in Gitea
  • [P1] Define PR gates: lint + typecheck + unit + e2e list minimum
  • [P1] Enforce one todo item per branch naming convention
  • [P2] Add PR template requiring linked TODO step
  • [P2] Define branch lifecycle for todo/*, refactor/*, and code/*
  • [P2] Conventional commit schema documentation (CONTRIBUTING.md)
  • [P2] Changelog scaffold and generation scripts (CHANGELOG.md, bun run changelog:*)
  • [P1] Versioning policy definition (SemVer strategy + when to bump major/minor/patch)
  • [P1] Source of truth for version (package.json root) and release tagging rules (vX.Y.Z)
  • [P1] Build metadata policy for git hash (+sha.<short>) in app runtime footer
  • [P1] App footer implementation plan for version + commit hash (admin + web)
  • [P2] Automated version injection in CI (stamping build from tag + commit hash)
  • [P2] Validation tests for displayed version/hash consistency per deployment
  • [P1] Release tagging and changelog publication policy in CI

MVP 1: Core CMS Business Features

Admin App (Primary Focus)

  • [P1] Page management (create/edit/publish/unpublish/schedule)
  • [P1] Navigation management (menus, nested items, order, visibility)
  • [P1] Media library (upload, browse, replace, delete)
  • [P1] Media enrichment metadata (alt text, copyright, author, source, tags)
  • [P1] Media refinement for artworks (medium, dimensions, year, framing, availability)
  • [P1] Users management (invite, roles, status)
  • [P1] Disable/ban user function and enforcement in auth/session checks
  • [P1] Owner/support protection rules in user management actions (cannot delete/demote)
  • [P1] Commissions management (request intake, owner, due date, notes)
  • [P1] Kanban workflow for commissions (new, scoped, in-progress, review, done)
  • [P1] Header banner management (message, CTA, active window)

Public App

  • [P1] Dynamic page rendering from CMS page entities
  • [P1] Navigation rendering from managed menu structure
  • [P1] Media entity rendering with enrichment data
  • [P1] Translation-ready content model for public entities (pages/news/navigation labels)
  • [P2] Artwork views and listing filters
  • [P1] Commission request submission flow
  • [P1] Header banner render logic and fallbacks

News / Blog (Secondary Track)

  • [P2] News/blog content type (not primary CMS domain)
  • [P2] Admin list/editor for news posts
  • [P2] Public news index + detail pages
  • [P3] Tag/category and basic archive support

Testing

  • [P1] Unit tests for content schemas and service logic
  • [P1] Component tests for admin forms (pages/media/navigation)
  • [P1] Integration tests for owner invariant and hidden support-user protection
  • [P1] Integration tests for registration allow/deny behavior
  • [P1] Integration tests for translated content CRUD and locale-specific validation
  • [P1] E2E happy paths: create page, publish, see on public app
  • [P1] E2E happy paths: media upload + artwork refinement display
  • [P1] E2E happy paths: commissions kanban transitions

MVP 2: Production Readiness

Admin App

  • [P1] Audit log for key content operations
  • [P2] Revision history for pages/navigation/media metadata
  • [P1] Permission matrix refinement with granular scopes
  • [P1] Verify email pipeline and operational templates (welcome/verify/resend)
  • [P1] Forgot password/reset password pipeline and support tooling
  • [P2] GUI page to edit role-permission mappings with safety guardrails
  • [P2] Translation management UI for admin (language toggles, key coverage, missing translation markers)
  • [P2] Error boundaries and UX fallback states

Public App

  • [P1] Revalidation strategy and cache tuning
  • [P2] Performance budget checks (Core Web Vitals)
  • [P1] 404/500 content-aware error pages
  • [P1] Accessibility review and fixes

Platform

  • [P1] Bun workspace + Biome + Turbo baseline
  • [P1] Prisma + PostgreSQL baseline
  • [P1] Monitoring and alerting baseline
  • [P1] Backup and migration rollback playbook
  • [P2] Release/versioning checklist per environment

Testing

  • [P2] Visual regression workflow for critical templates
  • [P2] Load/perf tests for key public routes
  • [P2] Flake tracking and quarantine policy for e2e
  • [P1] Coverage thresholds and enforcement policy
  • [P1] Locale matrix regression suite for critical user journeys

Discovery Log

  • [2026-02-10] Prisma client must be generated before app/e2e startup to avoid runtime module errors.
  • [2026-02-10] bun test conflicts with Playwright-style test files; keep e2e files on *.pw.ts and run e2e via Playwright.
  • [2026-02-10] Linux Playwright runtime depends on host packages; browser setup may require playwright install --with-deps.
  • [2026-02-10] Next.js 16 deprecates middleware.ts convention in favor of proxy.ts; admin route guard now lives at apps/admin/src/proxy.ts.
  • [2026-02-10] server-only imports break Bun CLI scripts; shared auth bootstrap code used by scripts must avoid Next-only runtime markers.

How We Use This File

  • Mark completed items by switching [ ] to [x].
  • Mark ongoing work by switching [ ] to [~].
  • Prefix each task with [P1], [P2], or [P3].
  • Add new findings to Discovery Log with date.
  • Keep MVP scope changes in this file first, then implement.