gitadmin/ArchiTools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d6a5852e5462b7e228553462ac67d7939cc72cf9
ArchiTools/ROADMAP.md
Marius Tarau d6a5852e54 docs: add ROADMAP.md with detailed future task plan 
7 phases, 23 tasks with model recommendations, complexity ratings,
file references, infrastructure requirements, and dependency chains.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 11:40:14 +02:00

586 lines
19 KiB
Markdown
Raw Blame History

# ArchiTools — Roadmap & Future Tasks
> Detailed task list for continuing ArchiTools development. Each phase is ordered by priority and dependency. Tasks include recommended AI model, estimated complexity, and file references.
---
## How to Use This File
1. **Pick a phase** — phases are ordered by priority (Phase 1 first)
2. **Pick a task** — tasks within a phase are ordered by dependency (earlier tasks unblock later ones)
3. **Check the recommended model** — use the right tool for the job
4. **Read the referenced files** before starting — understand what exists
5. **Run `npx next build`** before committing — must pass with zero errors
6. **Push to `main`** — Portainer auto-deploys via Gitea webhook
### Model Legend
| Tag | Model | Best For |
|---|---|---|
| `[OPUS]` | Claude Opus 4.6 | Complex multi-file features, business logic, architecture decisions |
| `[SONNET]` | Claude Sonnet 4.5 | Refactoring, UI work, moderate features, documentation |
| `[HAIKU]` | Claude Haiku 4.5 | Quick fixes, small edits, build debugging, simple tasks |
---
## Phase 1 — Quality & Stability (do first)
> Zero tests exist. No CI. Docs are stale. Fix the foundation before adding features.
### 1.1 `[SONNET]` Install Testing Framework
**Complexity:** Low
**Files to create:** `vitest.config.ts`, `src/test-setup.ts`
**Files to modify:** `package.json`
Install and configure:
```bash
npm install -D vitest @testing-library/react @testing-library/jest-dom @testing-library/user-event jsdom
```
Create `vitest.config.ts` with:
- `environment: 'jsdom'`
- `setupFiles: ['./src/test-setup.ts']`
- Path aliases matching `tsconfig.json` (`@/``src/`)
- Coverage with `@vitest/coverage-v8`
Add scripts to `package.json`:
```json
"test": "vitest run",
"test:watch": "vitest",
"test:coverage": "vitest run --coverage"
```
**Acceptance:** `npm test` runs without errors (0 tests found is OK at this point).
---
### 1.2 `[SONNET]` Unit Tests — Core Services
**Complexity:** Medium
**Depends on:** 1.1
**Files to create:**
- `src/core/storage/adapters/__tests__/local-storage.test.ts`
- `src/core/feature-flags/__tests__/feature-flags.test.ts`
- `src/core/tagging/__tests__/tag-service.test.ts`
- `src/modules/registratura/services/__tests__/working-days.test.ts`
- `src/modules/registratura/services/__tests__/deadline-service.test.ts`
- `src/modules/registratura/services/__tests__/registry-service.test.ts`
**Priority tests:**
1. `working-days.test.ts` — Critical: verify Orthodox Easter dates for 2024-2030, verify `addWorkingDays()` skips holidays/weekends, verify backward calculation for `prelungire-ac`
2. `deadline-service.test.ts` — Verify `createTrackedDeadline()` computes correct due dates, tacit approval detection, chain resolution
3. `local-storage.test.ts` — CRUD operations, namespace isolation, list filtering
4. `feature-flags.test.ts` — Default values, env overrides, flag evaluation
5. `registry-service.test.ts` — Registry number generation (`B-0001/2026`), overdue calculation
**Coverage target:** 90%+ for services.
---
### 1.3 `[SONNET]` Unit Tests — Module Services
**Complexity:** Medium
**Depends on:** 1.1
**Files to create:**
- `src/modules/email-signature/services/__tests__/signature-service.test.ts`
- `src/modules/word-xml/services/__tests__/xml-service.test.ts`
- `src/modules/prompt-generator/services/__tests__/prompt-service.test.ts`
Test the pure business logic functions in each module's `services/` directory.
---
### 1.4 `[HAIKU]` Update Stale Documentation
**Complexity:** Low
**Files to modify:**
- `docs/architecture/SYSTEM-ARCHITECTURE.md` — Appendix B module catalog: change all 13 modules from "Planned" to "Implemented" with current feature summary
- `docs/DATA-MODEL.md` — Add `TrackedDeadline` and `DeadlineTypeDef` schemas (from `src/modules/registratura/types.ts`)
- `docs/REPO-STRUCTURE.md` — Add new registratura files (deadline services, components, hooks)
---
### 1.5 `[HAIKU]` Wire External Tool URLs to Environment Variables
**Complexity:** Low
**Files to modify:** `src/config/external-tools.ts`
**Reference:** `src/config/external-tools.ts` currently has hardcoded `http://10.10.10.166:PORT` URLs
Change each tool URL to read from `process.env.NEXT_PUBLIC_*_URL` with fallback to current hardcoded values:
```typescript
url: process.env.NEXT_PUBLIC_GITEA_URL ?? 'http://10.10.10.166:3002'
```
The env vars are already defined in `.env.example` — just need to wire them up.
---
### 1.6 `[SONNET]` Add Data Export/Import for All Modules
**Complexity:** Medium
**Files to create:** `src/shared/hooks/use-data-export.ts`, `src/shared/components/common/data-export-button.tsx`
**Files to modify:** Each module's main component (add export/import buttons)
Currently there is no way to back up localStorage data. Create a shared utility that:
1. Exports all data for a module namespace as a JSON file download
2. Imports a JSON file and merges/replaces module data
3. Exports ALL module data as a single JSON backup
This is critical before any storage migration — users need to export their data first.
---
## Phase 2 — Authentication & Multi-User (Authentik SSO)
> Currently everyone is a stub admin. This phase adds real identity.
### 2.1 `[OPUS]` Authentik OIDC Integration
**Complexity:** High
**Files to modify:**
- `src/core/auth/auth-provider.tsx` — Replace stub user with real OIDC token resolution
- `src/core/auth/types.ts` — Add OIDC token types
**Files to create:**
- `src/core/auth/authentik-client.ts` — OIDC client configuration
- `src/app/api/auth/[...nextauth]/route.ts` — NextAuth.js route handler (or Auth.js v5)
**Dependencies to install:** `next-auth` (or `@auth/core`)
**Setup required on server:**
1. Create an OAuth2/OIDC application in Authentik (http://10.10.10.166:9100)
2. Set redirect URI to `http://10.10.10.166:3000/api/auth/callback/authentik`
3. Note the Client ID and Client Secret
4. Set env vars: `AUTHENTIK_URL`, `AUTHENTIK_CLIENT_ID`, `AUTHENTIK_CLIENT_SECRET`, `NEXTAUTH_SECRET`
**Behavior:**
- Unauthenticated users redirect to Authentik login
- On successful auth, resolve user profile (name, email, role, company)
- Store session in cookie (not localStorage)
- `useAuth()` hook returns real user instead of stub
**Authentik is already running** at `http://10.10.10.166:9100`. You need:
- Admin credentials for Authentik (ask the admin)
- A generated `NEXTAUTH_SECRET` (run `openssl rand -base64 32`)
---
### 2.2 `[SONNET]` Module-Level Access Control
**Complexity:** Medium
**Depends on:** 2.1
**Files to modify:**
- `src/core/auth/auth-provider.tsx` — Implement `canAccessModule()` with role-based rules
- `src/core/feature-flags/index.ts` — Combine feature flags with auth permissions
**Behavior:**
- Admins can access all modules
- Regular users see only modules assigned to their role/company
- `FeatureGate` component checks both flag AND permission
---
### 2.3 `[SONNET]` Data Visibility Enforcement
**Complexity:** Medium
**Depends on:** 2.1
**Files to modify:**
- `src/core/storage/adapters/local-storage.ts` — Filter results by `visibility` and `createdBy`
- Each module's hook (e.g., `use-registry.ts`) — Pass current user context to storage queries
**Reference:** `docs/architecture/SECURITY-AND-ROLES.md` describes the 4 visibility levels: `all`, `company`, `admin`, `private`.
Currently stored on every entity but never enforced.
---
### 2.4 `[HAIKU]` Audit Logging Stub
**Complexity:** Low
**Depends on:** 2.1
**Files to create:** `src/core/audit/audit-service.ts`
Create a simple audit service that logs actions (create, update, delete) with user ID and timestamp. Initially log to console; later pipe to storage/N8N.
---
## Phase 3 — Storage Migration (localStorage → Backend)
> Move from browser-only storage to a shared backend. All users see the same data.
### 3.1 `[OPUS]` API Storage Adapter
**Complexity:** High
**Files to create:**
- `src/core/storage/adapters/api-storage.ts``ApiStorageAdapter` implementing `StorageService`
- Backend API (separate project or Next.js API routes)
**Files to modify:**
- `src/core/storage/storage-provider.tsx` — Uncomment env-var-driven adapter selection
**Reference:** Full spec in `docs/architecture/STORAGE-LAYER.md` lines 100-126.
**Decision needed:** Build the API as:
- (a) Next.js API routes within ArchiTools (simpler, same repo)
- (b) Separate Express/Fastify service (decoupled, but more infra)
- (c) Direct PostgreSQL via Prisma from Next.js server components
**Recommendation:** Option (c) with Prisma — simplest path, no separate service, works with the existing Next.js app.
**Dependencies to install:** `prisma`, `@prisma/client`
---
### 3.2 `[OPUS]` Database Schema & Migrations
**Complexity:** High
**Depends on:** 3.1
**Files to create:**
- `prisma/schema.prisma` — All entity models (RegistryEntry, Contact, Equipment, etc.)
- `prisma/migrations/` — Generated migration files
**Reference:** `docs/DATA-MODEL.md` has all entity schemas.
**Infrastructure:** PostgreSQL container on `10.10.10.166`. Add to `docker-compose.yml`:
```yaml
postgres:
image: postgres:16-alpine
environment:
POSTGRES_DB: architools
POSTGRES_USER: architools
POSTGRES_PASSWORD: <generate-secure-password>
volumes:
- postgres-data:/var/lib/postgresql/data
networks:
- proxy-network
```
---
### 3.3 `[SONNET]` Data Migration Tool (localStorage → DB)
**Complexity:** Medium
**Depends on:** 3.2
**Files to create:** `src/app/api/migrate/route.ts` or a CLI script
One-time migration: export all localStorage data as JSON, POST to the API, which inserts into PostgreSQL. Must handle:
- ID preservation (don't regenerate UUIDs)
- Timestamp preservation
- Attachment data (base64 → MinIO in Phase 3.4)
---
### 3.4 `[OPUS]` MinIO Storage Adapter
**Complexity:** Medium
**Depends on:** 3.1
**Files to create:** `src/core/storage/adapters/minio-storage.ts`
**Dependencies to install:** `minio` (Node.js SDK)
**Reference:** `docs/architecture/STORAGE-LAYER.md` lines 117-126.
**MinIO is already running** at `http://10.10.10.166:9003`. You need:
- Access key and secret key (ask the admin or check Portainer env vars)
- Create a bucket named `architools`
**Modules that will use MinIO for files:**
- Registratura — entry attachments (currently base64 in localStorage)
- Digital Signatures — signature/stamp images
- Word Templates — template file references
---
## Phase 4 — AI Chat Integration
> The AI Chat module has full UI but no real API calls. Enable it.
### 4.1 `[OPUS]` AI Chat API Integration
**Complexity:** High
**Files to modify:**
- `src/modules/ai-chat/components/ai-chat-module.tsx` — Replace demo response with real API call
- `src/modules/ai-chat/services/` — Create `ai-service.ts` with provider abstraction
**Files to create:**
- `src/modules/ai-chat/services/ai-service.ts` — Provider interface + implementations
- `src/modules/ai-chat/services/providers/anthropic.ts`
- `src/modules/ai-chat/services/providers/openai.ts`
- `src/modules/ai-chat/services/providers/ollama.ts`
- `src/app/api/ai/chat/route.ts` — Server-side proxy (API keys must not be exposed to browser)
**Architecture:**
- Browser sends message to Next.js API route (`/api/ai/chat`)
- API route forwards to selected provider (Claude, GPT, Ollama)
- Response streamed back to browser via ReadableStream
- API keys stored in server-side env vars (never `NEXT_PUBLIC_`)
**Env vars to add:**
```
ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=sk-...
OLLAMA_BASE_URL=http://10.10.10.166:11434 # if running Ollama
AI_DEFAULT_PROVIDER=anthropic
AI_DEFAULT_MODEL=claude-sonnet-4-5-20250929
```
**No API keys exist yet.** User will need to obtain them when ready.
---
### 4.2 `[SONNET]` AI Chat — System Prompts & Context
**Complexity:** Medium
**Depends on:** 4.1
**Files to create:** `src/modules/ai-chat/services/system-prompts.ts`
Create domain-specific system prompts for architecture office use:
- Romanian construction law assistant
- Technical specification writer
- Urban planning regulation lookup
- Document drafting assistant
Allow users to select a "mode" that sets the system prompt.
---
### 4.3 `[HAIKU]` Enable AI Chat Feature Flag
**Complexity:** Trivial
**Depends on:** 4.1
**Files to modify:** `src/config/flags.ts` — Set `module.ai-chat` to `enabled: true`
Also enable in production `.env` on Portainer.
---
## Phase 5 — New Features & Modules
> Expand the platform with new capabilities.
### 5.1 `[OPUS]` Project Entity & Cross-Module Linking
**Complexity:** High
**Files to create:**
- `src/modules/projects/` — Full module (types, config, components, hooks, services)
- `src/config/modules.ts` — Register the module
- `src/config/navigation.ts` — Add sidebar entry
- `src/app/(modules)/projects/page.tsx` — Route page
**Reference:** `docs/DATA-MODEL.md` lines 566-582 describe the `Project` interface.
A Project is the central entity that ties together:
- Registratura entries (documents for this project)
- Tags (project-scoped tags)
- Address Book contacts (client for this project)
- Word Templates (documents generated for this project)
**This is the most impactful new module** — it connects all existing modules into a coherent workflow.
**Legacy reference:** `legacy/manicprojects/current manic time Tags.txt` contains real project numbers and names to use as seed data.
---
### 5.2 `[SONNET]` Global Search
**Complexity:** Medium
**Files to create:**
- `src/shared/components/common/global-search.tsx`
- `src/shared/hooks/use-global-search.ts`
Search across all modules: registry entries, contacts, equipment, templates, passwords, tags. Each module registers a search provider with a common interface.
Add to the header bar (Cmd+K keyboard shortcut).
---
### 5.3 `[SONNET]` Notification System
**Complexity:** Medium
**Files to create:**
- `src/core/notifications/notification-service.ts`
- `src/core/notifications/notification-provider.tsx`
- `src/shared/components/common/notification-bell.tsx`
In-app notifications for:
- Deadline approaching (from Registratura termene legale)
- Deadline overdue
- Tacit approval triggered
- AC expiry warning (backward deadline)
Show a bell icon in the header with unread count. Store notifications in localStorage (later in DB).
---
### 5.4 `[SONNET]` Registratura — Print/PDF Export
**Complexity:** Medium
**Files to create:**
- `src/modules/registratura/components/registry-print-view.tsx`
- `src/modules/registratura/services/pdf-export.ts`
Export the registry as a formatted PDF for printing. Options:
- Full registry for a date range
- Single entry detail sheet
- Deadline summary report
- Filter by company
Use browser `print()` with a styled print layout, or integrate with Stirling PDF (http://10.10.10.166:8087) API.
---
### 5.5 `[OPUS]` N8N Webhook Integration
**Complexity:** Medium
**Files to create:**
- `src/core/webhooks/webhook-service.ts`
- `src/app/api/webhooks/n8n/route.ts`
Fire webhooks to N8N (http://10.10.10.166:5678) on events:
- New registry entry created
- Deadline approaching (daily check)
- Entry status changed (deschis → inchis)
N8N can then trigger: email notifications, Slack messages, Google Calendar events, etc.
---
### 5.6 `[HAIKU]` Enable Remaining Module Feature Flags
**Complexity:** Trivial
**Files to modify:** `src/config/flags.ts`
Currently disabled by default: `digital-signatures`, `password-vault`, `it-inventory`, `address-book`, `word-templates`, `mini-utilities`, `ai-chat`.
Decide which modules should be enabled in production. Update both `flags.ts` defaults and the Portainer `.env`.
---
### 5.7 `[SONNET]` Mobile Responsiveness Audit
**Complexity:** Medium
**Files to modify:** Various module components
Test all 13 modules on mobile viewports (375px, 768px). Fix:
- Tables that overflow
- Forms that are too wide
- Sidebar behavior on mobile
- Touch targets too small
---
## Phase 6 — External Access & Security Hardening
> Open the app beyond the internal network.
### 6.1 `[OPUS]` Guest/External Access Role
**Complexity:** High
**Depends on:** 2.1 (Authentik)
**Reference:** `docs/architecture/SECURITY-AND-ROLES.md` — Phase 4
Add a `guest` role with:
- Read-only access to specific modules
- No access to Password Vault, IT Inventory
- Time-limited share links for specific entries
- No edit/delete capabilities
---
### 6.2 `[SONNET]` CrowdSec Integration
**Complexity:** Medium
**Reference:** `docs/architecture/SECURITY-AND-ROLES.md` — CrowdSec listed as planned
CrowdSec is already running at `http://10.10.10.166:8088`. Configure:
- Nginx Proxy Manager log parsing
- Automatic IP ban for brute force / scanning
- ArchiTools-specific scenarios (rate limiting API routes)
---
### 6.3 `[HAIKU]` SSL/TLS via Let's Encrypt
**Complexity:** Low
When a public domain is configured (e.g., `tools.beletage.ro`):
1. Point DNS to server IP
2. Configure Let's Encrypt in Nginx Proxy Manager
3. Update `NEXT_PUBLIC_APP_URL` to `https://tools.beletage.ro`
4. Force HTTPS redirect
---
## Phase 7 — CI/CD Pipeline
> Automate quality checks on every push.
### 7.1 `[SONNET]` Gitea Actions CI Pipeline
**Complexity:** Medium
**Depends on:** 1.1, 1.2 (tests exist)
**Files to create:** `.gitea/workflows/ci.yml`
Gitea supports GitHub Actions-compatible workflows. Create a pipeline that runs on push to `main`:
```yaml
steps:
- npm ci
- npm run lint
- npx tsc --noEmit # type check
- npm test # vitest
- npx next build # build check
```
**Note:** Check if Gitea Actions runner is installed on the server. If not, install one:
```bash
docker run -d --name gitea-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitea/act_runner:latest
```
---
### 7.2 `[SONNET]` E2E Tests with Playwright
**Complexity:** High
**Depends on:** 1.1
**Files to create:**
- `playwright.config.ts`
- `e2e/registratura.spec.ts`
- `e2e/email-signature.spec.ts`
- `e2e/navigation.spec.ts`
**Reference:** `docs/guides/TESTING-STRATEGY.md` describes 6 critical E2E flows.
Install: `npm install -D @playwright/test`
---
## Appendix: Infrastructure Credentials Needed
| Service | What's Needed | Who Has It |
|---|---|---|
| **Authentik** | Admin login to create OAuth app | Server admin |
| **MinIO** | Access key + secret key | Server admin / Portainer env |
| **Anthropic API** | API key (`sk-ant-...`) | Purchase at console.anthropic.com |
| **OpenAI API** | API key (`sk-...`) | Purchase at platform.openai.com |
| **Gitea Actions** | Runner registration token | Gitea admin → Site Admin → Runners |
| **PostgreSQL** | New container + credentials | Create via docker-compose.yml |
---
## Appendix: Quick Task Picker
**I have 15 minutes:**
- 1.5 (wire external tool URLs) `[HAIKU]`
- 1.4 (update stale docs) `[HAIKU]`
- 5.6 (enable feature flags) `[HAIKU]`
**I have 1 hour:**
- 1.1 + 1.2 (install tests + write core tests) `[SONNET]`
- 1.6 (data export/import) `[SONNET]`
- 5.2 (global search) `[SONNET]`
**I have a full session:**
- 2.1 (Authentik SSO) `[OPUS]`
- 3.1 + 3.2 (API + database) `[OPUS]`
- 4.1 (AI Chat API) `[OPUS]`
- 5.1 (Project entity) `[OPUS]`
Reference in New Issue View Git Blame Copy Permalink