Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a34f70d3ddb92a70f8f01dab44a0a45a8c0a7965
OSIT-AE-App-Svelte/documentation/TODO__Agents.md
Scott Idem b479dea33e [Launcher] Add accessibility controls + doc comments to sidebar menu 
- New: menu_launcher_controls.svelte — bottom control bar for the launcher
  sidebar with font size cycler (A / A+ / A−) and light/dark mode toggle,
  always visible regardless of access level; visibility toggles (All Files /
  All Sessions) moved here from launcher_menu.svelte and restyled to
  preset-tonal-tertiary with descriptive title attributes
- launcher_menu.svelte — replace inline visibility-toggle block with
  <Menu_launcher_controls />; add full header doc-comment describing
  component structure and data flow
- menu_location_list.svelte — add header doc-comment covering purpose,
  visibility rules, data flow, and the intentional non-bindable prop pattern
- documentation/TODO__Agents.md — mark font size cycler task complete
2026-03-11 10:18:13 -04:00

6.4 KiB
Raw Blame History

Frontend Agent Task List

Use this file to track steps for complex features or bug fixes. Status: <20> Stable — ongoing development.

📋 Open: Security

  • PUBLIC_AE_API_SECRET_KEY Audit: Conduct full audit of usage. Determine if it can be moved to server-side only.

🚧 Upcoming High Priority

[Launcher] Active features (identified 2026-03-06)

  • Font size cycler (Launcher sidebar): Font size cycler and light/dark toggle added to new menu_launcher_controls.svelte component; wired into launcher_menu.svelte. Visibility toggles (All Files / All Sessions) moved to same component and restyled to preset-tonal-tertiary. (2026-03-11)

  • Minor Svelte warning: slct_event_location_id prop in menu_location_list.svelte is not $bindable() but bind:value={slct_event_location_id} is used. Functionally fine since onchange writes directly to $events_slct.event_location_id.

[Svelte] State reference warnings

  • 42 state_referenced_locally warnings remain in recovery_meetings/ae_idaa_comp__event_obj_id_edit.svelte and ..._v2.svelte. Same pattern as the 10 fixed on 2026-03-09 — move reactive reads into onMount.

[Badges] Remaining badge work before first live event

  • Badge print controls UX polish: Scott has improvements in mind — TBD next session. File: ae_comp__badge_print_controls.svelte.

[Leads] Exhibitor Lead Scanning — NEXT MAJOR FEATURE

QR code scan at exhibitor booth → capture attendee badge data. Gated by allow_tracking on the badge. Check if documentation/MODULE__AE_Events_Leads.md exists for full spec. Key questions before starting: which routes, does the Electron app scan, what does the lead record look like in the DB?

[DevOps] Remaining deployment items

  • Wire AE_APP_REPLICAS: docker-compose.yml line 147 already has scale: ${AE_APP_REPLICAS:-1}. (verified 2026-03-11)
  • Archive ae_env_node_app: Archived as tar.gz under ~/OSIT_dev/backups/; old history/docs moved to ~/OSIT_dev/for_reference_only/. (2026-03-11)
  • Build Optimization: Current state finalized. Local Gitea instance stood up at git.dgrzone.com (Docker, home server) — future: migrate repos from Bitbucket, verify Backblaze/restic backups cover Gitea data. (2026-03-11)

[General]

  • Temp Cleanup: Auto-removal of native .tmp files older than 24h.
  • window.print() for badge print button: Wire the existing handle_print_badge() to trigger window.print(). Browser print works well across Chrome/Chromium/Firefox — no Electron needed.
  • Input Field Audit: Several input fields are missing name/id attributes or data-testid. Known examples: badge override fields in ae_comp__badge_obj_view.svelte; template name input in ae_comp__badge_template_form.svelte. Matters for: accessibility, autofill, label associations, and test targeting. (For tests, use getByLabel() rather than input[value*=...] which only checks the HTML attribute, not the Svelte-bound DOM property.)

[UX] Session Expired & Access Denied (identified 2026-03-10)

Two related UX gaps to handle together:

1. Session Expired banner (API 401/403 mid-session):

  • flag_expired in root +layout.svelte is declared but never set — it was always intended for this
  • Add a small writable store or custom event (e.g., ae_auth_error in ae_stores) that API helpers (api_get_object.ts, api_post_object.ts, api_patch_object.ts) can fire when they get a 401 or 403
  • Root layout watches the store and sets flag_expired = true
  • Render a non-blocking dismissible banner (not full-screen): "Session expired. Please sign in again." with a link to the sign-in control
  • Especially relevant for Launcher (event staff on tablets may not notice silent failures)

2. Standardize Access Denied UI (non-IDAA routes only — IDAA layout is intentionally custom):

  • Currently inconsistent across the app:
    • Root layout: full-screen flag_denied (site access key gate — keep this, it's correct)
    • /core layout: silent redirect to home — should show a brief message instead
    • /events/[event_id]/settings: inline raw text string — should use a consistent banner component
    • /events/.../badges/.../review: inline <h3>Access Denied</h3> with no context or action
  • Create a reusable element_access_denied.svelte component (small: icon + message + optional action button)
  • Swap the ad-hoc patterns to use it consistently

Completed (2026-03)

  • [DevOps] Frontend + Backend unified into single aether_container_env Docker Compose. ae_app service live with healthcheck, single exposed port (AE_APP_NODE_PORT), internal ae_api networking. Deploy scripts in package.json both target ../aether_container_env/docker-compose.yml. (2026-03-10)
  • [DevOps] /health endpoint live at src/routes/health/+server.ts. Docker HEALTHCHECK uses it. (2026-03-10)
  • [UI] Dark mode color-scheme fix — html.dark/light { color-scheme } in app.css; all native browser controls now sync to app dark mode. (2026-03-10)
  • [Launcher] Location select → session auto-load bug fixed via $derived.by() liveQuery pattern. (2026-03-10)
  • [Svelte] state_referenced_locally warning fixes — 10 warnings resolved in IDAA archives/BB. (2026-03-09)
  • [TypeScript] Sign In/Out TS errors fixed — user_id / person_id typed as string | null. (2026-03-09)
  • [Tests] All badge data integrity and attendee workflow Playwright tests passing. Root causes documented in tests/README.md. (2026-03)
  • [Badges] Badge print controls panel, QR code, duplex wiring, review form, print button, multi-word fulltext search, data-testid attributes. (2026-03)
  • [UI] Firefly Theme + Pres Mgmt Visual Redesign (5 files). (2026-03-06)
  • [Docs] UI Style Guidelines + Component Patterns docs created. (2026-03-06)
  • [API] V3 Lookup system integration; Event File V3 mapping; event_session search 400-error fix. (2026-02/03)
  • [API] All CRUD helpers on V3 /v3/crud/... paths. (2026-02)
  • [Security] Purged x-aether-api-token; fixed misplaced CORS headers; Account ID Scavenging. (2026-02)
  • [Security] Playwright integration tests replace verify_jwt_logic.js simulation tests. (2026-03)
  • [Framework] AE_Obj_Field_Editor_V3 with Svelte 5 Runes. CRUD v2 fully retired. (2026-03-05)
  • [IDAA] Bulletin Board and Recovery Meetings functionality verified. (2026-02)
Reference in New Issue View Git Blame Copy Permalink