OSIT-AE-App-Svelte/documentation/TODO__Agents.md

Frontend Agent Task List

Use this file to track steps for complex features or bug fixes. Status: <20> Stable — ongoing development.

🚧 Upcoming High Priority

[Stores] Refactor — ae_stores.ts and ae_events_stores.ts cleanup

Both files have grown organically and are messy. Refactor goals:

• Split into focused files per domain (core, user/auth, files, module-specific)
• Remove dead/commented-out code and stale ver/ver_idb constants from data structs (replaced by __version in store_versions.ts)
• Standardize field naming conventions
• Move sponsorships/stripe Stripe button IDs out of session store and into config
• Keep ae_stores.ts and ae_events_stores.ts as barrel re-exports for backwards compatibility Related: src/lib/stores/store_versions.ts is the new home for version constants.

[Backend] Join event_location_id onto event_presenter API view

The event_presenter object currently has event_session_id but not event_location_id. When navigating from the Presenter View to the Launcher, the frontend has to do a secondary session lookup to discover the location (magic redirect in launcher base +page.svelte). Joining event_session.event_location_id into the presenter view/response would let the frontend pass the location directly in the Launcher URL without the extra lookup.

• Backend: add event_location_id (and event_location_id_random) to the event_presenter view or API response
• Frontend: add event_location_id to ae_EventPresenter type and properties_to_save; pass as events__launcher_id in presenter_page_menu.svelte

[Launcher] Active features (identified 2026-03-06)

• Font size cycler (Launcher sidebar): Font size cycler and light/dark toggle added to new menu_launcher_controls.svelte component; wired into launcher_menu.svelte. Visibility toggles (All Files / All Sessions) moved to same component and restyled to preset-tonal-tertiary. (2026-03-11)

• Minor Svelte warning: slct_event_location_id in menu_location_list.svelte — prop already has $bindable(null); stale comment in file updated. (2026-03-11)

[Svelte] State reference warnings

• svelte-check fully clean — 0 errors, 0 warnings. All 42 state_referenced_locally warnings fixed (2026-03-11). CSS @apply/@reference warnings in ae_idaa_comp__event_obj_id_edit.svelte also resolved — Tailwind utilities inlined, <style> block removed. (2026-03-16)

[Badges] Remaining badge work before first live event

• Badge print controls UX polish: Scott has improvements in mind — TBD next session. File: ae_comp__badge_print_controls.svelte.

[Badges] Zebra ZC10L Hardware Testing — ~week of 2026-03-16

Scott is renting a Zebra ZC10L for one day to do real-world badge printing tests before Axonius (mid-April). See documentation/PROJECT__AE_Events_Zebra_Hardware_Test_Day.md for the full checklist and prep plan.

Pre-test work (do before printer arrives):

• Remove debug outlines from print/+page.svelte print CSS (lime/blue/red/orange/purple/cyan)
• Zebra ZC10L Linux driver — install CUPS driver package ahead of time; verify card prints before burning rental time on driver setup. Check Zebra's site for Linux/CUPS driver.
• Wire style_href via <svelte:head> in print/+page.svelte — needed so client-specific CSS loads from the template's style_href field. Currently tracked as pending in MODULE doc.
• Confirm duplex=0 hides badge back in print — duplex field not yet on backend; verify badge_back is suppressed for single-sided PVC. May need a manual print CSS rule until the backend field lands and properties_to_save is updated.
• Set up test event + PVC template in dev DB with layout: badge_3.5x5.5_pvc, a few badge records with varied name lengths, HTML in fields, different badge_type_codes.
• Test data set: include edge cases — very long name, HTML markup in name/affiliations, badge with no affiliations, badge with all ticket/option codes set.

[Leads] Exhibitor Lead Scanning — NEXT MAJOR FEATURE

QR code scan at exhibitor booth → capture attendee badge data. Gated by allow_tracking on the badge. Check if documentation/MODULE__AE_Events_Leads.md exists for full spec. Key questions before starting: which routes, does the Electron app scan, what does the lead record look like in the DB?

[DevOps] Remaining deployment items

• Wire AE_APP_REPLICAS: docker-compose.yml line 147 already has scale: ${AE_APP_REPLICAS:-1}. (verified 2026-03-11)
• Archive ae_env_node_app: Archived as tar.gz under ~/OSIT_dev/backups/; old history/docs moved to ~/OSIT_dev/for_reference_only/. (2026-03-11)
• Build Optimization: Current state finalized. Local Gitea instance stood up at git.dgrzone.com (Docker, home server) — future: migrate repos from Bitbucket, verify Backblaze/restic backups cover Gitea data. (2026-03-11)

[General]

• Temp Cleanup: cleanup_tmp_files wired in launcher_background_sync.svelte; called at launcher startup. Confirmed working. (2026-03-11)
• window.print() for badge print button: Wire the existing handle_print_badge() to trigger window.print(). Browser print works well across Chrome/Chromium/Firefox — no Electron needed.
• Input Field Audit: Several input fields are missing name/id attributes or data-testid. Known examples: badge override fields in ae_comp__badge_obj_view.svelte; template name input in ae_comp__badge_template_form.svelte. Matters for: accessibility, autofill, label associations, and test targeting. (For tests, use getByLabel() rather than input[value*=...] which only checks the HTML attribute, not the Svelte-bound DOM property.)

✅ Completed (2026-03)

• [UI] Style Review Phase 1 & 2 complete — all non-frozen, non-IDAA routes migrated: FA→Lucide (events, pres_mgmt, core, badges, leads, hosted_files), variant-*→preset-* (all modules), code_to_html badge dict refactored to Lucide component map, FA CDN scoped to IDAA layout, global svg.lucide { display: inline } CSS rule added to fix icon inline flow. See documentation/PROJECT__AE_Style_Review.md. (2026-03-16)
• [UI] Pres Mgmt Phase 3 — FA→Lucide icon migration across all 24 pres_mgmt files. (2026-03-16)
• [IDAA] ae_idaa_comp__event_obj_id_edit.svelte — inlined Tailwind utilities, removed <style> block; eliminated all 23 @apply/@reference svelte-check warnings. (2026-03-16)
• [Badges] Badge print page svelte-check fix: extracted print CSS to static/ae-print-badge.css; fixed unclosed <script> tag in print/+page.svelte. (2026-03-16)
• [Svelte/Tests] svelte-check cleanup: fixed select_ref_badge_type $state() declaration; two <svelte:component> deprecations in launcher components; page.evaluate() two-arg pattern in badge_print_layout.test.ts. (2026-03-16)
• [Launcher] Hosted file download button require_auth prop — added require_auth?: boolean (default true) to ae_comp__hosted_files_download_button.svelte; all existing consumers unchanged. Launcher launcher_file_cont.svelte passes require_auth={false} so unauthenticated kiosk users can open/download files without being blocked. (2026-03-16)
• [Security] PUBLIC_AE_API_SECRET_KEY audit complete. Key is PUBLIC_* by design (always in client bundle). Highest-risk anonymous path uses limited-permission PUBLIC_AE_BOOTSTRAP_KEY. Full server-side migration not justified given JWT + account_id auth layers. Current state acceptable. (2026-03-11)
• [UX] Session Expired banner — ae_auth_error store wired to API helpers; root layout sets flag_expired on 401/403; non-blocking dismissible banner rendered. (2026-03-12)
• [UX] Access Denied UI standardized — element_access_denied.svelte created; /core layout, /events/settings, and /events/badges/review updated to use it. (2026-03-12)
• [Build] Rollup/Vite circular dependency warnings eliminated — manualChunks in vite.config.ts colocates all svelte/* internals into a single svelte-vendor chunk, preventing runtime.js / index-client.js split (~35 warnings gone). (2026-03-11)
• [Refactor] try_cache audit + sponsorship/event_file/hosted_file SWR alignment — removed vestigial try_cache params from generate_qr_code, ae_core_functions wrappers; added SWR fast/slow path to sponsorship loaders; changed event_file and hosted_file single-object loader defaults from false → true for consistency. (2026-03-11)
• [DevOps] Frontend + Backend unified into single aether_container_env Docker Compose. ae_app service live with healthcheck, single exposed port (AE_APP_NODE_PORT), internal ae_api networking. Deploy scripts in package.json both target ../aether_container_env/docker-compose.yml. (2026-03-10)
• [DevOps] /health endpoint live at src/routes/health/+server.ts. Docker HEALTHCHECK uses it. (2026-03-10)
• [UI] Dark mode color-scheme fix — html.dark/light { color-scheme } in app.css; all native browser controls now sync to app dark mode. (2026-03-10)
• [Launcher] Location select → session auto-load bug fixed via $derived.by() liveQuery pattern. (2026-03-10)
• [Svelte] state_referenced_locally warning fixes — 10 warnings resolved in IDAA archives/BB. (2026-03-09)
• [TypeScript] Sign In/Out TS errors fixed — user_id / person_id typed as string | null. (2026-03-09)
• [Tests] All badge data integrity and attendee workflow Playwright tests passing. Root causes documented in tests/README.md. (2026-03)
• [Badges] Badge print controls panel, QR code, duplex wiring, review form, print button, multi-word fulltext search, data-testid attributes. (2026-03)
• [UI] Firefly Theme + Pres Mgmt Visual Redesign (5 files). (2026-03-06)
• [Docs] UI Style Guidelines + Component Patterns docs created. (2026-03-06)
• [API] V3 Lookup system integration; Event File V3 mapping; event_session search 400-error fix. (2026-02/03)
• [API] All CRUD helpers on V3 /v3/crud/... paths. (2026-02)
• [Security] Purged x-aether-api-token; fixed misplaced CORS headers; Account ID Scavenging. (2026-02)
• [Security] Playwright integration tests replace verify_jwt_logic.js simulation tests. (2026-03)
• [Framework] AE_Obj_Field_Editor_V3 with Svelte 5 Runes. CRUD v2 fully retired. (2026-03-05)
• [IDAA] Bulletin Board and Recovery Meetings functionality verified. (2026-02)