# Plan: Phase 3 Frontend + Roadmap Status Correction
**Date:** 2026-07-07
**Scope:** Correct the stale roadmap status table, then complete the two frontend-only Phase 3 items that need no server approval.
## Part A — Roadmap Status Correction (no code changes)
The roadmap status table (lines ~2100-2141) is stale. Several items marked "NOT DONE — needs approval" are actually installed and running on the server. Update the table to reflect verified reality:
| # | Current status line | Corrected status | Evidence |
|---|--------------------|-----------------|----------|
| 1.2 | "⚠️ PARTIAL — frontend done, server pending approval" | "✅ DONE" | `/opt/spq/ai-proxy/validate.js` exists, `spq-ai-validator.service` enabled+active, `spq-deepseek.conf` + `deepseek-key.conf` in nginx, `/deepseek/` location in shopproquote site |
| 1.3 | "❌ NOT DONE — needs PB migration + approval" | "✅ DONE" | `pb_migrations/1740000000020_users_create_role_guard.js` exists, applied in PB container (`migrate up` → "No new migrations to apply") |
| 1.4 | "⚠️ PARTIAL — frontend cleanup done, nginx pending" | "✅ DONE" | `/etc/nginx/snippets/spq-security.conf` exists with CSP + all headers, included via shopproquote site |
| 3.3 | "❓ UNKNOWN — server-side" | "✅ DONE" | `/etc/nginx/sites-enabled/shopproquote` serves dist/ on :443 with TLS + SPA fallback |
| 3.4 | "❓ UNKNOWN — server-side" | "✅ DONE" | `/pb/` and `/api/` reverse-proxy locations in shopproquote site; SSE (Upgrade/Connection headers) configured |
**Action:** Update the status table in `roadmap_5.2.md` lines ~2105-2134 to mark these 5 items as ✅ DONE with evidence. No code changes.
## Part B — Phase 3 Frontend-Only Items (no approval needed)
### B1: 3.6 Offline Banner
**Why first:** Pure frontend, zero approval, ~15 lines.
**Files:**
- New: `src/components/OfflineBanner.tsx` (per roadmap spec — `navigator.onLine` + `online`/`offline` event listeners, sticky amber banner when offline)
- Edit: `src/App.tsx` — import and render `` inside ``, above the route content
**Steps:**
1. Create `src/components/OfflineBanner.tsx` per the roadmap's existing code spec (lines 1767-1785)
2. Add `` to App.tsx just inside ``, above the layout/routes
3. Build + lint + test
**Verify:**
```
npm run build → passes
npm run lint → no new warnings
npm run test → 86 tests still pass
# Manual: toggle network off in DevTools → amber banner appears; on → disappears
```
### B2: 3.7 Dependency Audit
**Why:** `npm audit` already clean (0 vulnerabilities). Only minor version bumps remain — safe to apply.
**Current outdated (from `npm outdated`):**
| Package | Current | Latest | Risk |
|---------|--------|--------|------|
| @tailwindcss/vite | 4.3.1 | 4.3.2 | patch — safe |
| @types/node | 24.13.2 | 26.1.0 | major — SKIP (type-only, bleeding edge) |
| lucide-react | 1.21.0 | 1.23.0 | minor — safe |
| oxlint | 1.71.0 | 1.73.0 | minor — safe |
| react-router-dom | 7.18.0 | 7.18.1 | patch — safe |
| tailwindcss | 4.3.1 | 4.3.2 | patch — safe |
| vite | 8.1.0 | 8.1.3 | patch — safe |
| vitest | 4.1.9 | 4.1.10 | patch — safe |
**Steps:**
1. Run `npm audit` — confirm 0 vulnerabilities (already verified)
2. Apply safe minor/patch bumps: `npm update` (respects semver ranges in package.json — bumps to "Wanted" column, not to "Latest" for @types/node)
3. Skip `@types/node` 24→26 (major, type-only, no runtime impact)
4. Build + lint + test all green
5. Record the audit result in the roadmap memo
**Verify:**
```
npm run build → passes
npm run lint → no new warnings
npm run test → 86 tests still pass
npm audit → 0 vulnerabilities
```
## Part C — Items requiring your approval (NOT in this plan, listed for visibility)
These are the only remaining roadmap items. ALL need your explicit go-ahead before I touch PocketBase or server config:
| # | Item | What it touches | Approval needed for |
|---|------|----------------|---------------------|
| 2.7 | Logo uploads to PB file records | PB `settings` collection | New PB migration (adds `logo` file field) |
| 3.1 | GlitchTip error tracking | New Docker container + `@sentry/react` dep | Server install + npm dep |
| 3.2 | PB production hardening | PB env vars, SMTP, backup cron | SMTP creds, cron job |
| 3.5 | Structured logging | nginx log_format, docker logging | nginx config change |
| 4.1-4.10 | Phase 4 features | Various PB + frontend | Per-feature approval |
## Execution Order
1. **Part A** — update roadmap status table (5 lines corrected, evidence cited)
2. **Part B1** — create OfflineBanner.tsx, wire into App.tsx
3. **Part B2** — `npm update` for safe bumps, verify
4. **Final verify** — build + lint + test all green
5. **Memo** — append Execution Memo to roadmap_5.2.md covering Parts A + B
**Total new files:** 1 (`OfflineBanner.tsx`)
**Total edited files:** 2 (`App.tsx`, `roadmap_5.2.md`)
**Risk:** Low — offline banner is self-contained, dep bumps are patch/minor only
**No PocketBase changes. No nginx changes. No new secrets.**