68 lines
9.4 KiB
Markdown
68 lines
9.4 KiB
Markdown
# Frontend Agent Task List
|
||
> Use this file to track steps for complex features or bug fixes.
|
||
> **Status:** 🔴 Sev-1 Security Incident Recovery / Stabilized.
|
||
|
||
## 📋 Active Task: Post-Incident Security Recovery
|
||
- [ ] **Step 1:** Conduct full audit of `PUBLIC_AE_API_SECRET_KEY` usage. Determine if it can be moved to server-side only.
|
||
- [x] **Step 2:** Replace simulation tests (`tests/verify_jwt_logic.js`) with real Playwright integration tests hitting the local dev API.
|
||
- [ ] **Step 3:** Implement formal error boundaries for 403/401 API responses to provide user-friendly "Session Expired" or "Access Denied" UI.
|
||
|
||
## 🚧 Upcoming High Priority
|
||
|
||
### [Launcher] Active bugs & features (identified 2026-03-06)
|
||
|
||
- **Location select → session auto-load bug:** Starting from bare `/events/[id]/launcher` (no location in URL), selecting a location in the menu doesn't reliably trigger session loading. Root cause: double-load race — `onchange` in `menu_location_list.svelte` calls `handle_load_ae_obj_li__event_session()` directly AND then `goto()` which fires `[event_location_id]/+page.ts` which also calls `load_ae_obj_li__event_session()`. Also: `slct_event_location_id` prop is **not** `$bindable()` but template uses `bind:value={slct_event_location_id}` (compiler warning). Fix: remove the direct `await handle_load_ae_obj_li__event_session()` call from `onchange` and rely solely on the `goto()` → `+page.ts` flow. Validate that `menu_session_list.svelte` liveQuery correctly watches `$events_slct.event_location_id`.
|
||
|
||
- **Font size cycler (Launcher sidebar):** Staff onsite may not have access to the system menu, so the launcher sidebar needs its own font size cycler. Add `font_size_step: number` to `$events_loc.launcher` store. Add a cycle button in `launcher_menu.svelte` alongside the "All Files"/"All Sessions" show/hide buttons. Three steps: compact (`text-xs`) → default (`text-sm`) → large (`text-base`). Apply the class to the launcher sidebar root container `<div>`.
|
||
|
||
- **Session Search button visible on search page:** The "Session Search" menu button remains visible even when already on the session search page — should be hidden to avoid confusion. Find the render location (likely a launcher layout nav), add a `page.route.id` or `page.url.pathname` check to suppress it on the search page.
|
||
|
||
### [UI] Dark mode fix (identified 2026-03-06)
|
||
|
||
- **Dark mode select option hover (Manage Files):** In dark mode, the Event File Purpose `<select>` in the Manage Files area shows light-on-light text on hover (`<option>` elements use browser-native styling that ignores Tailwind dark mode). Browser-native `<option>` cannot be reliably styled cross-platform with CSS. Options: (1) use `color-scheme: dark` on the `<select>` element when in dark mode, or (2) replace with a custom Flowbite/Skeleton select. File to find: search for `event_file_purpose` in event file management components.
|
||
|
||
### [Badges] Remaining badge work before first live event
|
||
- **QR code on badge front:** `ae_comp__badge_obj_view.svelte` — display QR on the printed
|
||
face when template has `show_qr` (or equivalent) toggled on. Use same QR generation as
|
||
review form (`core_func.js_generate_qr_code`). See TASK 4 in `PROJECT__AE_Events_Badges_Review_Print.md`.
|
||
- **Badge print controls UX polish:** Scott has improvements in mind — TBD next session.
|
||
File: `ae_comp__badge_print_controls.svelte`.
|
||
|
||
### [Leads] Exhibitor Lead Scanning — NEXT MAJOR FEATURE
|
||
QR code scan at exhibitor booth → capture attendee badge data. Gated by `allow_tracking` on
|
||
the badge. Check if `documentation/MODULE__AE_Events_Leads.md` exists for full spec.
|
||
Key questions before starting: which routes, does the Electron app scan, what does the
|
||
lead record look like in the DB?
|
||
|
||
### [General]
|
||
- ~~**CRUD v2 Refactor:** Finalize retirement of `Element_ae_crud_v2.svelte` in favor of V3 Editor.~~ ✅ Done (2026-03-05) — all non-IDAA usages migrated; IDAA had zero usages.
|
||
- **Temp Cleanup:** Auto-removal of native `.tmp` files older than 24h.
|
||
- **`window.print()` for badge print button:** Wire the existing `handle_print_badge()` to trigger `window.print()`. Browser print works well across Chrome/Chromium/Firefox — no Electron needed.
|
||
- **Input Field Audit:** Several input fields are missing `name`/`id` attributes or `data-testid`. Known examples: badge override fields in `ae_comp__badge_obj_view.svelte`; template name input in `ae_comp__badge_template_form.svelte`. Matters for: accessibility, autofill, label associations, and test targeting. (For tests, use `getByLabel()` rather than `input[value*=...]` which only checks the HTML attribute, not the Svelte-bound DOM property.)
|
||
|
||
## ✅ Completed Recently
|
||
- [x] **[UI]** **Firefly Theme:** Created `AE_Firefly` dark/light theme. Primary=teal (~184°), Secondary=amber (~90°), Tertiary=indigo (~277°), Surface=moonlit slate. Files: `src/ae-firefly.css`, `src/app.css`, `src/lib/elements/e_app_theme.svelte`, `src/lib/ae_core/ae_stores.ts`. Set as app default in stores. (2026-03-06, branch `ae_app_3x_llm`)
|
||
- [x] **[UI]** **Pres Mgmt Visual Redesign:** Full redesign of Events Presentation Management pages using Firefly theme tokens. Hero card layout, info chips (time=teal, room=indigo), skeleton loading states, dark-mode-safe colors throughout. 5 files: `session_view.svelte`, `ae_comp__event_session_obj_li.svelte`, `ae_comp__event_presentation_obj_li.svelte`, `pres_mgmt/+page.svelte`, `[session_id]/+page.svelte`. (2026-03-06, branch `ae_app_3x_llm`)
|
||
- [x] **[Docs]** **UI Design System Docs:** Created two cheatsheet/reference docs: `documentation/GUIDE__AE_UI_Style_Guidelines.md` (design philosophy, color token rules, forbidden classes, Skeleton v3→v4 migration table, transitions, dark mode rules, a11y checklist) and `documentation/AE__UI_Component_Patterns.md` (hero cards, content cards, table rows, list item cards, info chips, empty state panels, warning/error banners, file upload zones, section wrappers, modals, muted text, QR code pattern). (2026-03-06)
|
||
- [x] **[Badges]** **Badge Print Controls Panel:** New `ae_comp__badge_print_controls.svelte` — per-field accordion with inline edit forms, font size controls, access-level gating. Fixed-right-edge layout replaces collapsed `flex-1` panel. (2026-03-02, branch `ae_app_3x_llm`)
|
||
- [x] **[Badges]** **badge_type_override coupling:** Selecting badge type from dropdown now saves both `badge_type_code_override` AND `badge_type_override` in `ae_comp__badge_obj_view.svelte`, `ae_comp__badge_review_form.svelte`, and `ae_comp__badge_print_controls.svelte`.
|
||
- [x] **[Badges]** **Layout CSS system:** `data-layout` attribute, `@page` injection, `style_href` for per-template CSS files. Two templates: `badge_layout_epson_4x5_fanfold.css`, `badge_layout_zebra_zc10l_pvc.css`.
|
||
- [x] **[Badges]** **Duplex field wiring:** Badge back hidden for single-sided templates.
|
||
- [x] **[Badges]** **Badge Review Form:** Complete with QR code, field edits, access-level gating, accessibility toggle, help modal. (`ae_comp__badge_review_form.svelte`)
|
||
- [x] **[API]** **V3 Lookup System Integration:** Implemented standardized `/v3/lookup/` endpoints for Countries, Subdivisions, and Time Zones. Added support for `only_priority` filtering in IDAA editors.
|
||
- [x] **[UI]** **Events Launcher Location Fix:** Resolved room select list issues by ensuring all enabled/hidden locations are proactively loaded and synced.
|
||
- [x] **[API]** **Event File V3 Mapping:** Implemented `inc_hosted_file` support and mapped prefixed backend fields (`hosted_file_hash_sha256`, etc.) to flat properties.
|
||
- [x] **[UI]** **Badge Rendering Fix:** Refactored `badge_template` lookup to use V3 Triple ID pattern.
|
||
- [x] **[API]** **event_session Search Fix:** Resolved 400 error (`Unauthorized search field ‘account_id’`) via backend update.
|
||
- [x] **[Security]** Purged redundant `x-aether-api-token` from frontend and notified backend.
|
||
- [x] **[Security]** Fixed misplaced `Access-Control-Allow-Origin` request headers.
|
||
- [x] **[Security]** Implemented "Account ID Scavenging" to fix hydration race conditions.
|
||
- [x] **[API]** Unified all CRUD helpers to standard V3 `/v3/crud/...` paths.
|
||
- [x] **[Framework]** Implemented `AE_Obj_Field_Editor_V3` with Svelte 5 Runes.
|
||
- [x] **[IDAA]** Verify Bulletin Board and Recovery Meetings functionality.
|
||
- [x] **[Badges]** **Multi-word fulltext search fix:** Split query on whitespace, apply AND logic per word. `"scott idem"` now matches records containing both words. (dc0f3066)
|
||
- [x] **[Badges]** **Print button implemented:** `handle_print_badge()` increments `print_count`, records `print_first_datetime`/`print_last_datetime`. Button has loading/done/error states. (d1ded2d4)
|
||
- [x] **[Badges]** **`data-testid` attributes added** to badge view interactive elements (`badge-edit-btn`, `badge-save-btn`, `badge-cancel-btn`, `badge-print-btn`, `badge-professional-title-input`) for reliable test targeting.
|
||
- [x] **[Tests]** **Attendee badge workflow test passing:** `event_badge_attendee_workflow.test.ts` — navigate → edit professional title → save (verify PATCH body) → print (verify count/timestamps) → return to search. (d1ded2d4)
|
||
- [x] **[Tests]** **All badge data integrity tests fixed:** All 6 tests in `event_badge_data_integrity.test.ts` now pass. Root causes: (1) search mock used nested URL instead of flat `/v3/crud/event_badge/search`, (2) template list mock used nested URL instead of flat with `for_obj_id`, (3) missing `_random` ID fields in mock badge objects, (4) CSS `input[value*=...]` selector doesn’t work for Svelte-bound inputs — fixed to `getByLabel()`. (f5e98b8c)
|