# CMS Todo And Progress This file is the single source of truth for roadmap and delivery progress. ## Status Legend - [ ] Planned - [~] Partially done - [x] Done ## Priority Legend - `[P1]` Critical path / prerequisite - `[P2]` Important but not blocking - `[P3]` Nice-to-have / optimization ## MVP 0: Foundations ### MVP1 Gate: Mandatory Before Feature Work - [x] [P1] RBAC domain model finalized (roles, permissions, resource scopes) - [x] [P1] RBAC enforcement at route and action level in admin - [x] [P1] Permission matrix documented and tested - [x] [P1] i18n baseline architecture (default locale, supported locales, routing strategy) - [x] [P1] i18n runtime integration baseline for both apps (locale provider + message loading) - [x] [P1] Locale persistence and switcher base component (cookie/header + UI) - [x] [P1] Integrate Better Auth core configuration and session wiring - [x] [P1] Bootstrap first-run owner account creation via initial registration flow - [x] [P1] Enforce invariant: exactly one owner user must always exist - [x] [P1] Create hidden technical support user by default (non-demotable, non-deletable) - [x] [P1] Admin registration policy control (allow/deny self-registration for admin panel) - [x] [P1] First-start onboarding route for initial owner creation (`/welcome`) - [x] [P1] Split auth entry points (`/welcome`, `/login`, `/register`) with cross-links - [x] [P2] Support fallback sign-in route (`/support/:key`) as break-glass access - [x] [P1] Reusable CRUD base patterns (list/detail/editor/service/repository) - [x] [P1] Shared CRUD validation strategy (Zod + server-side enforcement) - [x] [P1] Shared error and audit hooks for CRUD mutations ### Admin App - [x] [P1] Separate Next.js admin app in monorepo - [x] [P1] App Router + TypeScript + `src/` structure - [x] [P1] Shared DB access via `@cms/db` - [x] [P2] Base admin dashboard shell and roadmap page (`/todo`) - [x] [P1] Authentication and session model (`admin`, `editor`, `manager`) - [x] [P1] Protected admin routes and session handling - [x] [P1] Temporary admin posts CRUD sandbox for baseline functional validation - [x] [P1] Core admin IA (pages/media/users/commissions/settings) ### Public App - [x] [P1] Separate Next.js public app in monorepo - [x] [P1] App Router + TypeScript + `src/` structure - [x] [P1] Public app connected to shared data layer - [x] [P1] Localized route structure and middleware rules - [x] [P2] Public layout system (header/footer/navigation) - [x] [P1] Header banner rendering from CMS-managed content - [x] [P2] Basic SEO defaults (metadata, OG, sitemap, robots) ### Testing - [x] [P1] Vitest + Testing Library + MSW baseline - [x] [P1] Playwright baseline with web/admin projects - [x] [P1] CI workflow for lint/typecheck/unit/e2e gates - [x] [P1] Test data strategy (seed fixtures + isolated e2e data) - [x] [P1] RBAC policy unit tests and permission regression suite - [x] [P1] i18n unit tests (locale resolution, fallback, message key loading) - [x] [P1] i18n integration tests (admin/public locale switch and persistence) - [x] [P1] i18n e2e smoke tests (localized headings/content per route) - [x] [P1] CRUD contract tests for shared service patterns ### Documentation - [x] [P1] Docs tool baseline added (`docs/` via VitePress) - [x] [P1] RBAC and permission model documentation in docs site - [x] [P2] i18n conventions docs (keys, namespaces, fallback, translation workflow) - [x] [P1] CRUD base patterns documentation and examples - [x] [P1] Environment and deployment runbook docs (dev/staging/production) - [x] [P2] API and domain glossary pages - [x] [P2] Architecture Decision Records (ADR) structure and first ADRs ### Delivery Pipeline And Runtime - [x] [P2] Gitea workflow baseline (`.gitea/workflows/ci.yml`, `.gitea/workflows/deploy.yml`, `.gitea/workflows/release.yml`) - [x] [P2] Bun-based Dockerfiles for public and admin apps - [x] [P2] Staging and production docker-compose templates - [x] [P1] Registry credentials and image push strategy - [~] [P1] Staging deployment automation against real host - [~] [P1] Production promotion and rollback procedure ### Git Flow And Branching - [~] [P1] Protect `main` and `staging` branches in Gitea - [x] [P1] Define PR gates: lint + typecheck + unit + e2e list minimum - [x] [P1] Enforce one todo item per branch naming convention - [x] [P2] Add PR template requiring linked TODO step - [x] [P2] Define branch lifecycle for `todo/*`, `refactor/*`, and `code/*` - [x] [P2] Conventional commit schema documentation (`CONTRIBUTING.md`) - [x] [P2] Changelog scaffold and generation scripts (`CHANGELOG.md`, `bun run changelog:*`) - [x] [P1] Versioning policy definition (SemVer strategy + when to bump major/minor/patch) - [x] [P1] Source of truth for version (`package.json` root) and release tagging rules (`vX.Y.Z`) - [x] [P1] Build metadata policy for git hash (`+sha.`) in app runtime footer - [x] [P1] App footer implementation plan for version + commit hash (admin + web) - [x] [P2] Automated version injection in CI (stamping build from tag + commit hash) - [x] [P2] Validation tests for displayed version/hash consistency per deployment - [x] [P1] Release tagging and changelog publication policy in CI ### MVP0 Close-Out Checklist - [~] [P1] Verify and document protected branch rules in Gitea (`main`, `staging`) - [~] [P1] Run first staging deployment against a real host with deploy workflow and document result - [x] [P1] Replace release workflow placeholders with real release-notes and rollback execution steps - [x] [P1] Expose runtime version + short git hash in admin and public app footer - [x] [P2] Add CI build stamping for version/hash values consumed by app footers - [x] [P2] Add automated tests validating displayed version/hash format and consistency ## MVP 1: Core CMS Business Features ### MVP1 Suggested Branch Order - [x] [P1] `todo/mvp1-media-foundation`: media model, artwork entity, grouping primitives (gallery/album/category/tag), rendition slots - [~] [P1] `todo/mvp1-media-upload-pipeline`: S3/local upload adapter, media processing presets, metadata input flows, admin media CRUD UI - [ ] [P1] `todo/mvp1-pages-navigation-builder`: page CRUD, navigation tree, reusable page blocks (forms/price cards/gallery embeds) - [ ] [P1] `todo/mvp1-commissions-customers`: commission request intake + admin CRUD + kanban + customer entity/linking - [ ] [P1] `todo/mvp1-announcements-news`: announcement management/rendering + news/blog CRUD and public rendering - [ ] [P1] `todo/mvp1-public-rendering-integration`: public rendering for pages/navigation/media/portfolio/announcements and commissioning entrypoints - [ ] [P1] `todo/mvp1-e2e-happy-paths`: end-to-end scenarios for page publish, media flow, announcement display, commission flow ### Separate Product Ideas Backlog (Non-Blocking) - [ ] [P2] Smart homepage section presets for artists (featured artwork, latest news, open commissions) - [ ] [P2] Portfolio narrative mode (series story + process notes + ordered media sequence) - [ ] [P2] Reusable CTA/form snippets with per-page override tokens - [ ] [P2] Lightweight CRM timeline per customer (requests, replies, outcomes) - [ ] [P3] AI-assisted alt text and metadata suggestion workflow (human approval required) - [ ] [P3] Auto-generated social crops/promo packs from selected artworks ### Admin App (Primary Focus) - [ ] [P1] Page management (create/edit/publish/unpublish/schedule) - [ ] [P1] Page builder with reusable content blocks (hero, rich text, gallery, CTA, forms, price cards) - [ ] [P1] Navigation management (menus, nested items, order, visibility) - [~] [P1] Media library (upload, browse, replace, delete) with media-type classification (artwork, banner, promo, generic, video/gif) - [ ] [P1] Media enrichment metadata (alt text, copyright, author, source, tags, licensing, usage context) - [ ] [P1] Portfolio grouping primitives (galleries, albums, categories, tags) with ordering/visibility controls - [ ] [P1] Artwork refinement fields (medium, dimensions, year, framing, availability, price visibility) - [ ] [P1] Artwork rendition management (thumbnail, card, full, retina/custom sizes) - [ ] [P1] Type-specific processing presets (artwork/banner/promo/video/gif) with validation rules - [ ] [P1] Users management (invite, roles, status) - [ ] [P1] Disable/ban user function and enforcement in auth/session checks - [~] [P1] Owner/support protection rules in user management actions (cannot delete/demote) - [ ] [P1] Commissions management (request intake, owner, due date, notes, linked customer, linked artworks) - [ ] [P1] Customer records (contact profile, notes, consent flags, recurrence marker) - [ ] [P1] Customer-to-commission linkage and reuse workflow (no re-entry for recurring customers) - [ ] [P1] Kanban workflow for commissions (new, scoped, in-progress, review, done) - [ ] [P1] Header banner management (message, CTA, active window) - [ ] [P1] Announcements management (prominent site notices with schedule, priority, and audience targeting) - [ ] [P2] News/blog editorial workflow (draft/review/publish, authoring metadata) ### Public App - [ ] [P1] Dynamic page rendering from CMS page entities - [ ] [P1] Navigation rendering from managed menu structure - [ ] [P1] Media entity rendering with enrichment data - [ ] [P1] Portfolio views (gallery/album/category/tag) for artworks with filter and sort controls - [ ] [P1] Rendition-aware media delivery (thumbnail/card/full) per template slot - [ ] [P1] Translation-ready content model for public entities (pages/news/navigation labels) - [ ] [P2] Artwork views and listing filters - [ ] [P1] Commission request submission flow - [ ] [P1] Header banner render logic and fallbacks - [ ] [P1] Announcement render slots (homepage + optional global/top banner position) ### News / Blog (Secondary Track) - [ ] [P1] News/blog content type (editorial content for artist updates and process posts) - [ ] [P1] Admin list/editor for news posts - [ ] [P1] Public news index + detail pages - [ ] [P2] Tag/category and basic archive support ### Testing - [ ] [P1] Unit tests for content schemas and service logic - [ ] [P1] Component tests for admin forms (pages/media/navigation) - [ ] [P1] Integration tests for owner invariant and hidden support-user protection - [ ] [P1] Integration tests for registration allow/deny behavior - [ ] [P1] Integration tests for translated content CRUD and locale-specific validation - [ ] [P1] E2E happy paths: create page, publish, see on public app - [ ] [P1] E2E happy paths: media upload + artwork refinement display - [ ] [P1] E2E happy paths: commissions kanban transitions ## MVP 2: Production Readiness ### Admin App - [ ] [P1] Audit log for key content operations - [ ] [P2] Revision history for pages/navigation/media metadata - [ ] [P1] Permission matrix refinement with granular scopes - [ ] [P2] Media processing orchestration UI (queue status, retries, processing diagnostics) - [ ] [P2] Automatic color palette extraction from artworks (stored for theming/filtering) - [ ] [P2] Watermark pipeline for artwork renditions with configurable watermark asset/position/opacity - [ ] [P2] Advanced media transforms by type (video transcode profiles, gif optimization, banner safe-area presets) - [ ] [P2] Announcement targeting refinement (locale/segment targeting rules) - [ ] [P2] Customer lifecycle tooling (status stages, communication history, export) - [ ] [P1] Verify email pipeline and operational templates (welcome/verify/resend) - [ ] [P1] Forgot password/reset password pipeline and support tooling - [ ] [P2] GUI page to edit role-permission mappings with safety guardrails - [ ] [P2] Translation management UI for admin (language toggles, key coverage, missing translation markers) - [ ] [P2] Time-boxed support access keys generated by privileged admins; while active, disable direct support-user password login on the regular auth form - [ ] [P2] Keep permanent emergency support key fallback via env (`CMS_SUPPORT_LOGIN_KEY`) - [ ] [P2] Error boundaries and UX fallback states ### Public App - [ ] [P1] Revalidation strategy and cache tuning - [ ] [P2] Performance budget checks (Core Web Vitals) - [ ] [P1] 404/500 content-aware error pages - [ ] [P1] Accessibility review and fixes - [ ] [P2] Theme assistance from extracted artwork palettes (opt-in per page/section) ### Platform - [x] [P1] Bun workspace + Biome + Turbo baseline - [x] [P1] Prisma + PostgreSQL baseline - [ ] [P1] Monitoring and alerting baseline - [ ] [P1] Backup and migration rollback playbook - [ ] [P2] Release/versioning checklist per environment ### Testing - [ ] [P2] Visual regression workflow for critical templates - [ ] [P2] Load/perf tests for key public routes - [ ] [P2] Flake tracking and quarantine policy for e2e - [ ] [P1] Coverage thresholds and enforcement policy - [ ] [P1] Locale matrix regression suite for critical user journeys ## Discovery Log - [2026-02-10] Prisma client must be generated before app/e2e startup to avoid runtime module errors. - [2026-02-10] `bun test` conflicts with Playwright-style test files; keep e2e files on `*.pw.ts` and run e2e via Playwright. - [2026-02-10] Linux Playwright runtime depends on host packages; browser setup may require `playwright install --with-deps`. - [2026-02-10] Next.js 16 deprecates `middleware.ts` convention in favor of `proxy.ts`; admin route guard now lives at `apps/admin/src/proxy.ts`. - [2026-02-10] `server-only` imports break Bun CLI scripts; shared auth bootstrap code used by scripts must avoid Next-only runtime markers. - [2026-02-10] Auth delete-account endpoints now block protected users (support + canonical owner); admin user-management delete/demote guards remain to be implemented. - [2026-02-10] Public app i18n baseline now uses `next-intl` with a Zustand-backed language switcher and path-stable routes. - [2026-02-10] Public baseline locales are now `de`, `en`, `es`, `fr`; locale enable/disable policy will move to admin settings later. - [2026-02-10] Shared CRUD base (`@cms/crud`) is live with validation, not-found errors, and audit hook contracts; only posts are migrated so far. - [2026-02-10] Admin dashboard includes a temporary posts CRUD sandbox (create/update/delete) to validate the shared CRUD base through the real app UI. - [2026-02-10] Admin i18n baseline now resolves locale from cookie and loads runtime message dictionaries in root layout; admin locale switcher is active on auth and dashboard views. - [2026-02-10] Admin self-registration policy is now managed via `/settings` and persisted in `system_setting`; env var is fallback/default only. - [2026-02-10] E2E now runs with deterministic preparation (`test:e2e:prepare`: generate + migrate deploy + seed) before Playwright execution. - [2026-02-10] CI quality workflow `.gitea/workflows/ci.yml` enforces `check`, `typecheck`, `test`, and `test:e2e` against a PostgreSQL service. - [2026-02-10] Admin app now uses a shared shell with permission-aware navigation and dedicated IA routes (`/pages`, `/media`, `/users`, `/commissions`). - [2026-02-10] Public app now has a shared site layout (`banner/header/footer`), DB-backed header banner config, and SEO defaults (`metadata`, `robots`, `sitemap`). - [2026-02-10] Testing baseline now includes explicit RBAC regression checks, locale-resolution unit tests (admin/web), CRUD service contract tests, and i18n smoke e2e routes. - [2026-02-10] i18n conventions are now documented as an engineering standard (`docs/product-engineering/i18n-conventions.md`). - [2026-02-10] Docs now include a domain glossary, public API glossary, and ADR baseline with initial accepted decision (`ADR 0001`). - [2026-02-10] Delivery and release governance now include branch/PR policy checks, deploy/release workflows, and explicit versioning policy (`VERSIONING.md`). - [2026-02-11] Release workflow now publishes changelog-derived notes to Gitea releases and supports executable production rollback via SSH + compose tag switch. - [2026-02-11] Branch protection verification checklist is now documented; final UI-level verification remains environment-specific. - [2026-02-11] Added a staging deployment execution checklist and deployment-record template to capture first real-host rollout evidence. - [2026-02-11] Artist-focused feature map refined: MVP1 covers portfolio media/domain CRUD + announcements + customer/commission linking; MVP2 covers advanced automation (watermark, palette extraction, media transform pipelines). - [2026-02-11] `gaertan` inspiration to reuse: S3 object strategy with signed delivery, commission type/options/extras/custom-input modeling, request-status kanban mapping, and gallery rendition/color extraction patterns. - [2026-02-11] MVP1 media foundation started: portfolio domain models (`MediaAsset`, `Artwork`, galleries/albums/categories/tags, rendition links) plus initial admin `/media` and `/portfolio` data views. - [2026-02-11] `prisma migrate dev --name media_foundation` can fail when DB endpoint is unreachable; apply this named migration once `DATABASE_URL` host is reachable again. - [2026-02-11] MVP1 media foundation now includes baseline create/link workflows in admin (`/media`, `/portfolio`), seeded sample portfolio entities, and schema/service test coverage. - [2026-02-12] MVP1 media upload pipeline started: admin `/api/media/upload` accepts metadata + file upload with permission checks, stores files via local adapter (`.data/media`), and persists upload metadata to `MediaAsset`. - [2026-02-12] Upload storage is now provider-based (`local` + `s3`) via `CMS_MEDIA_STORAGE_PROVIDER`; admin-side GUI toggle remains a later MVP item. ## How We Use This File - Mark completed items by switching `[ ]` to `[x]`. - Mark ongoing work by switching `[ ]` to `[~]`. - Prefix each task with `[P1]`, `[P2]`, or `[P3]`. - Add new findings to Discovery Log with date. - Keep MVP scope changes in this file first, then implement.