# Plan: Phase 3 Frontend + Roadmap Status Correction **Date:** 2026-07-07 **Scope:** Correct the stale roadmap status table, then complete the two frontend-only Phase 3 items that need no server approval. ## Part A — Roadmap Status Correction (no code changes) The roadmap status table (lines ~2100-2141) is stale. Several items marked "NOT DONE — needs approval" are actually installed and running on the server. Update the table to reflect verified reality: | # | Current status line | Corrected status | Evidence | |---|--------------------|-----------------|----------| | 1.2 | "⚠️ PARTIAL — frontend done, server pending approval" | "✅ DONE" | `/opt/spq/ai-proxy/validate.js` exists, `spq-ai-validator.service` enabled+active, `spq-deepseek.conf` + `deepseek-key.conf` in nginx, `/deepseek/` location in shopproquote site | | 1.3 | "❌ NOT DONE — needs PB migration + approval" | "✅ DONE" | `pb_migrations/1740000000020_users_create_role_guard.js` exists, applied in PB container (`migrate up` → "No new migrations to apply") | | 1.4 | "⚠️ PARTIAL — frontend cleanup done, nginx pending" | "✅ DONE" | `/etc/nginx/snippets/spq-security.conf` exists with CSP + all headers, included via shopproquote site | | 3.3 | "❓ UNKNOWN — server-side" | "✅ DONE" | `/etc/nginx/sites-enabled/shopproquote` serves dist/ on :443 with TLS + SPA fallback | | 3.4 | "❓ UNKNOWN — server-side" | "✅ DONE" | `/pb/` and `/api/` reverse-proxy locations in shopproquote site; SSE (Upgrade/Connection headers) configured | **Action:** Update the status table in `roadmap_5.2.md` lines ~2105-2134 to mark these 5 items as ✅ DONE with evidence. No code changes. ## Part B — Phase 3 Frontend-Only Items (no approval needed) ### B1: 3.6 Offline Banner **Why first:** Pure frontend, zero approval, ~15 lines. **Files:** - New: `src/components/OfflineBanner.tsx` (per roadmap spec — `navigator.onLine` + `online`/`offline` event listeners, sticky amber banner when offline) - Edit: `src/App.tsx` — import and render `` inside ``, above the route content **Steps:** 1. Create `src/components/OfflineBanner.tsx` per the roadmap's existing code spec (lines 1767-1785) 2. Add `` to App.tsx just inside ``, above the layout/routes 3. Build + lint + test **Verify:** ``` npm run build → passes npm run lint → no new warnings npm run test → 86 tests still pass # Manual: toggle network off in DevTools → amber banner appears; on → disappears ``` ### B2: 3.7 Dependency Audit **Why:** `npm audit` already clean (0 vulnerabilities). Only minor version bumps remain — safe to apply. **Current outdated (from `npm outdated`):** | Package | Current | Latest | Risk | |---------|--------|--------|------| | @tailwindcss/vite | 4.3.1 | 4.3.2 | patch — safe | | @types/node | 24.13.2 | 26.1.0 | major — SKIP (type-only, bleeding edge) | | lucide-react | 1.21.0 | 1.23.0 | minor — safe | | oxlint | 1.71.0 | 1.73.0 | minor — safe | | react-router-dom | 7.18.0 | 7.18.1 | patch — safe | | tailwindcss | 4.3.1 | 4.3.2 | patch — safe | | vite | 8.1.0 | 8.1.3 | patch — safe | | vitest | 4.1.9 | 4.1.10 | patch — safe | **Steps:** 1. Run `npm audit` — confirm 0 vulnerabilities (already verified) 2. Apply safe minor/patch bumps: `npm update` (respects semver ranges in package.json — bumps to "Wanted" column, not to "Latest" for @types/node) 3. Skip `@types/node` 24→26 (major, type-only, no runtime impact) 4. Build + lint + test all green 5. Record the audit result in the roadmap memo **Verify:** ``` npm run build → passes npm run lint → no new warnings npm run test → 86 tests still pass npm audit → 0 vulnerabilities ``` ## Part C — Items requiring your approval (NOT in this plan, listed for visibility) These are the only remaining roadmap items. ALL need your explicit go-ahead before I touch PocketBase or server config: | # | Item | What it touches | Approval needed for | |---|------|----------------|---------------------| | 2.7 | Logo uploads to PB file records | PB `settings` collection | New PB migration (adds `logo` file field) | | 3.1 | GlitchTip error tracking | New Docker container + `@sentry/react` dep | Server install + npm dep | | 3.2 | PB production hardening | PB env vars, SMTP, backup cron | SMTP creds, cron job | | 3.5 | Structured logging | nginx log_format, docker logging | nginx config change | | 4.1-4.10 | Phase 4 features | Various PB + frontend | Per-feature approval | ## Execution Order 1. **Part A** — update roadmap status table (5 lines corrected, evidence cited) 2. **Part B1** — create OfflineBanner.tsx, wire into App.tsx 3. **Part B2** — `npm update` for safe bumps, verify 4. **Final verify** — build + lint + test all green 5. **Memo** — append Execution Memo to roadmap_5.2.md covering Parts A + B **Total new files:** 1 (`OfflineBanner.tsx`) **Total edited files:** 2 (`App.tsx`, `roadmap_5.2.md`) **Risk:** Low — offline banner is self-contained, dep bumps are patch/minor only **No PocketBase changes. No nginx changes. No new secrets.**