Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e89c9820228a128d7ce026382ba293e837b2c31d
OSIT-AE-App-Svelte/documentation/TODO__Agents.md

12 KiB
Raw Blame History

Frontend Agent Task List

Doc Owner: Active frontend implementation team (human + agent) Review Trigger: Update when work starts, completes, changes priority, or moves to an archive. Use this file to track steps for complex features or bug fixes. Status: Stable — ongoing development. Scope: Active/open work only. Completed detail lives in archive files.

🔴 LCI October — Pres Mgmt Restoration (in progress 2026-06-12)

These features regressed over the last 6 months and must be working before the LCI conference. Reference commit for original working implementation: bb993a102.

Session POC (Champion/Moderator) — session_view.svelte

Root cause of visible bugs: The POC section is placed below the session hero card as a separate disconnected block. In the original it was part of a structured <ul> with the session name, code, datetime, location, and description all together. The current layout looks and feels wrong to users.

  • [Pres Mgmt] POC section — move inside session hero card (2026-06-12) Restructured hero card as a <ul> with datetime, room, and POC as rows inside the card. Session name and code are now always visible (not just in edit_mode — that was a bug).

  • [Pres Mgmt] POC assignment — "Select Person" flow broken (2026-06-12) Gated the select editor on person_options_loaded (Object.keys($slct.person_obj_kv).length > 0). "Select Person" button renders as "Reload Person" after list is loaded.

  • [Pres Mgmt] Email Session POC sign-in link — UI missing (2026-06-12) Restored email button in POC row with sending/sent/error state feedback. Shown when require__session_agree && show__email_access_link && poc_person_primary_email.

  • [Pres Mgmt] Copy Session POC access link — UI missing from session view (2026-06-12) Restored inline MyClipboard copy button in POC row for trusted staff. Shown when show__copy_access_link && trusted_access && poc_sign_in_url.

Presenter Sign-In

  • [Pres Mgmt] Presenter email sign-in link routes to wrong page email_sign_in__event_presenter() builds a URL to /presenter/[id]?person_id=...&person_pass=.... The URL param parser (sign_in_out.svelte) is only mounted on the session page menu, not the presenter page. A presenter clicking their email link lands on their page with no auth granted. Fix: mount Sign_in_out in presenter_page_menu.svelte (same way session menu does it), or change the email link to route to the session page (which already has the parser) and include the presenter/presentation IDs as params — which is how it worked originally.

  • [Pres Mgmt] Presenter agreement not enforced before file upload require__presenter_agree is stored and displayed but the upload components are gated on auth__kv.presenter[id] only, not on presenter.agree. A presenter who signs in but has not agreed can still upload. The original blocked the upload section until agree === true.

Session POC Sign-In

  • [Pres Mgmt] session_page_menu.svelte sign-in prop still wrong event_session_id prop passed to Sign_in_out was just changed from event_id to event_session_id — verify this is actually $lq__event_session_obj?.event_session_id (the real session ID string) not the URL param url_session_id. The sign-in component uses this value to set auth__kv.session[event_session_id].
  • [Launcher/Electron] Wallpaper reliability (post-CMSC)
    • Use timestamp/randomized temp filename so macOS always sees a new path.
    • Add resilient reconciliation loop or event-driven reapply on display topology changes.

🔴 Axonius DC — June 9 (Badge Printing)

Setup/Registration: June 8 | Show: June 9

  • [Badges] Epson C3500 fanfold badge layoutbadge_4x6_fanfold layout CSS created, wired, and documented. First live use: Axonius Adapt DC, June 9, 2026. (2026-05-15)

Badges follow-ups

  • [Badges] Implement review-link email delivery — current Email Link actions only show placeholder alerts. Send to event_badge.email, never the attendee-editable email_override.
  • [Badges] Unify review and kiosk edit permissions — remote review reads event.mod_badges_json.edit_permissions; print controls read template cfg_json.controls_cfg. Define precedence or consolidate them so both flows enforce one documented policy.
  • [Badges] Use template badge types in search filter — replace the hardcoded badge-type list in ae_comp__badge_search.svelte with the active template's badge_type_list.

🚧 V3 CRUD Migration (Surgical Cleanup)

Finalizing the 100% adoption of V3 Standard endpoints and retirement of legacy wrappers.

  • [Core] Legacy Utility Helpers — Refactor ae_core_functions.ts to use V3 helpers.
  • [Cleanup] Delete Legacy Wrappers — Once all callsites are migrated, remove src/lib/ae_api/api_get__crud_obj_id.ts and the legacy exports from api.ts.

🚧 High Priority Workstreams

[Security] Site Passcode JWT Migration

  • [Security] Verify /authenticate_passcode deployment — confirm explicit role priority, complete role flags, auth_type: 'passcode', per-role TTLs, and minimum length validation.
  • [Security] Replace local passcode comparison — migrate e_app_access_type.svelte to server verification, JWT storage, and pending/error UI.
  • [Security] Remove client-side passcode delivery/storage — stop caching access_code_kv_json, remove site_access_code_kv from auth state, and remove passcode logging.
  • [Security] Enforce passcode JWT expiry on restore — expired passcode sessions must return to anonymous without affecting user-login JWT handling.

Reference: documentation/PROJECT__AE_Site_Passcode_Security.md.

[Stores] Svelte 4 → Svelte 5 State Migration

The app uses svelte-persisted-store (coarse reactivity). Migration target: replace with Svelte 5 PersistedState (from runed) for fine-grained updates. See PROJECT__Stores_Svelte5_Migration.md.

  • Events module — COMPLETE (2026-06-11): events_loc fully retired. All 5 sub-stores (badges_loc, leads_loc, pres_mgmt_loc, launcher_loc, events_auth_loc) are on PersistedState. Unused fields also pruned from ae_stores.ts and ae_idaa_stores.ts.
  • idaa_loc → PersistedState — Highest remaining priority. Root cause of the IDAA "Access Denied" corruption bug (ae_loc bootstrap writes stomp on authenticated_access). Promote novi_* identity fields and archives/bb/recovery_meetings sub-objects.
  • ae_loc → PersistedState — Largest scope. Extract auth_loc sub-store first (the identity/permission fields are what get corrupted). Defer full migration until after idaa_loc.
  • Non-persisted writables (ae_sess, slct, etc.) — Low priority; no coarse-reactivity problem.

[Data Layer] IDB sorting + content version rollout

Sorting baseline is now build_tmp_sort (ASC chain, no .reverse() on tmp-sort lists).

⚠️ Exception: ae_events__event.ts and ae_events__event_session.ts use legacy encoding (priority ? 1 : 0, priority=true→'1'). Their sort comparators must remain descending until the modules are migrated to build_tmp_sort. ae_events__event_presentation.ts already uses build_tmp_sort (overrides generic encoding in its specific_processor). See CLIENT__IDAA_and_customized_mods.md → "Sort Encoding" for full table.

  • [IDB Sort] Migrate ae_events__event.ts to build_tmp_sort — requires bumping IDB_CONTENT_VERSIONS.events.event (currently v3) and switching all event sort comparators to ascending. Check all pages that sort events before doing this.
  • [IDB Sort] Roll out to ae_events__event_session after sort behavior review.
  • [IDB Sort] Roll out to ae_events__event_presenter after sort behavior review.
  • [IDB Sort] Roll out to ae_events__event_location after sort behavior review.
  • [IDB Sort] Roll out to ae_core__person + ae_core__account after sort behavior review.
  • [IDB Version] Roll out to db_events.ts (session, presenter, badge, etc.).
  • [IDB Version] Roll out to db_core.ts (site_domain, person, user).

[Journals] Journal Entry Config follow-ups

  • [Journals] Entry passcode secondary auth — implement passcode_hash comparison.
  • [Journals] Quick Add/import encryption behavior — both creation paths currently create plaintext entries; define the intended privacy UX and add encryption support before claiming that these paths honor entry E2EE.
  • [Journals] Remove decrypted-content console previewae_journals_decryption.ts logs the first 30 plaintext characters after successful decryption. Never log private journal content.
  • [Journals] Confirm outbound email-sharing requirement — the archived UI project listed this as unfinished, but no implementation exists. Confirm product/security requirements before creating an email workflow for private journal content.

🧪 Testing & Optimization

  • [IDAA] IDB fast-path contact search — parse contact_li_json in search__event().
  • [IDAA] Optimize Recovery Meetings SQL VIEW and indexes.
  • [IDAA / Events] Audit default_qry_str coverage in all other event search pages.
  • [Launcher/VLC] Linux playback investigation — fullscreen + pause-on-end flags.

⚙️ DevOps & Backend

  • [Cleanup] Remove unused legacy API wrapperscreate_ae_obj_crud(), get_ae_obj_id_crud(), and update_ae_obj_id_crud() are still exported from api.ts but no longer called anywhere in production code. V3 migration is 100% complete. Safe to delete: definitions in api.ts (lines 109-260), src/lib/ae_api/api_get__crud_obj_id.ts, unused wrapper in ae_core_functions.ts (get_site_domain_obj_from_fqdn, update_ae_obj_id_crud).
  • [Backend] event_file — add cfg_json column (post-CMSC) — The per-file display override currently uses a localStorage workaround (launcher_loc.current.file_display_overrides) because event_file has no JSON blob column. Proper fix: add cfg_json to the event_file DB table, expose it through the FastAPI model, then migrate the frontend back to reading/writing the backend field (restoring global/cross-device persistence). Frontend code is in launcher_file_cont.svelte — search for file_display_overrides.
  • [Backend] Re-add Access-Control-Allow-Private-Network: true CORS header.
  • [DevOps] Service worker skipWaiting + clients.claim — Root cause of "users see old code / can't reproduce in dev testing": the SW sat in waiting state until all tabs closed. IDAA members leave idaa.org open all day. Fixed 2026-06-03: both calls added to src/service-worker.js. See mistake #16 in BOOTSTRAP__AI_Agent_Quickstart.md.
  • [DevOps] Nginx proxy buffer tuning — Buffer settings copied from PHP guide; not optimal for Node.js. proxy_busy_buffers_size technically exceeds safe limit. Re-examine when enabling compression (now re-enabled) stabilizes.
  • [DevOps] Simplify Dockerfile env file selection — Use plain .env instead of BUILD_MODE.

Completed (archived)

See the full completed history in: documentation/archive/TODO__Agents__ARCHIVE_2026-03.md documentation/archive/TODO__Agents__ARCHIVE_2026-04.md documentation/archive/TODO__Agents__ARCHIVE_2026-05.md documentation/archive/TODO__Agents__ARCHIVE_2026-06.md

Reference in New Issue View Git Blame Copy Permalink