# Project Task List ## Scope This is the single working todo list for implementation tasks across quality, security, docs, and runtime standards. ## How To Use This File 1. Add new work items here first. 2. Keep status current as work progresses. 3. Keep this file aligned with roadmap and sign-off docs. ## Status Legend 1. `todo`: not started 2. `in-progress`: currently being worked 3. `blocked`: waiting on dependency/decision 4. `done`: completed and verified ## P1 - Immediate - [x] `done` Fix malformed Font Awesome link in `templ.php`. - [x] `done` Add runtime debug switch (`APP_DEBUG`) and wire PHP runtime behavior. - [x] `done` Implement server-side error/exception logging destination and format. - [x] `done` Fix `DashboardA` label inconsistency in sidebar. ## P2 - Near Term - [x] `done` Move route map out of `templ.php` into dedicated route config. - [x] `done` Add fullscreen icon sync on `fullscreenchange` events. - [x] `done` Update `readme` to match current feature set. - [x] `done` Reduce inline scripts by moving reusable code to `assets/app.js`. ## P3 - Quality And Scale - [ ] `todo` Add static checks for PHP and JavaScript. - [ ] `todo` Add smoke tests for route and AJAX navigation flows. - [ ] `todo` Add accessibility audit checklist and remediation tasks. - [ ] `todo` Define log retention/rotation and operational ownership. - [x] `done` Define and finish system/application server defaults and user localStorage preferences wiring. - [x] `done` Implement topbar search instead of toast stub. - [x] `done` Implement notifications dropdown instead of toast stub. - [x] `done` Implement messages inbox dropdown instead of toast stub. - [x] `done` Implement profile menu instead of toast stub. - [x] `done` Persist and document the theme toggle behavior. ## Open Questions - [ ] `todo` Decide preferred route config format (`routes.php` map vs module). - [ ] `todo` Decide log target (file path and rotation policy). - [ ] `todo` Decide whether to keep Chart.js CDN or local asset fallback. ## Current Status Snapshot (2026-05-26) ### Completed - [x] `done` Fixed AJAX fragment script execution so page-local handlers load reliably after navigation. - [x] `done` Resolved admin tools action runtime gap (`adminViewAuditReport` path now available after AJAX loads). - [x] `done` Converted runtime log view to report-table UX with search/filter/sort and compact details. - [x] `done` Added debug-on quick log shortcuts in header and footer. - [x] `done` Added local Font Awesome asset wiring with cache-busting. - [x] `done` Expanded sidebar categories/routes and added requested system/UI/examples pages. - [x] `done` Reworked wizard top timeline UX and made it interactive (clickable steps, dynamic panels, progress). - [x] `done` Updated wizard completion model: opens at 0%, increments to 25% on first save/continue. - [x] `done` Added client-side table UX interactions (search/state filtering + visible row counters) on table pages. - [x] `done` Executed static syntax checks: PHP (`php -l` across top-level files) and JavaScript (`node --check assets/app.js`) with no failures. - [x] `done` Executed route smoke checks for all allow-listed routes (`direct` + `ajax`) and all returned HTTP 200. - [x] `done` Executed browser back/forward smoke check for AJAX navigation flow. ### Open - [ ] `todo` Align remaining auth example flows to production-like interactions (validation, reveal toggles, submission readiness). - [ ] `todo` Decide and implement formal log rotation/retention policy. - [ ] `todo` Add automated quality gates for PHP/JS checks. - [ ] `todo` Decide unknown-route behavior: explicit not-found page vs current fallback to dashboard (`templ.php?page=notARealRoute` currently renders dashboard). - [ ] `todo` Re-evaluate whether an Admin Tools "Quick Actions" area is needed after split IA; if needed, define strict scope and placement. ### Need To Test - [ ] `todo` Responsive route smoke test across desktop and mobile breakpoints. - [ ] `todo` Wizard flow persistence behavior on refresh/back-forward and unsaved-state edge cases. - [ ] `todo` Cross-browser check for dynamic page bindings (Safari/Chrome/Firefox). - [ ] `todo` Accessibility pass: keyboard traversal, focus visibility, and ARIA labels on wizard/table controls. ### Next Steps 1. Add repeatable scripted smoke command wrapper and save output to docs artifact. 2. Finalize unknown-route behavior and implement chosen handling contract. 3. Complete auth example interaction polish for parity with wizard/table UX. 4. Finalize and document operational log policy (rotation ownership + retention schedule). ## Source Docs 1. [docs/IMPROVEMENT_RECOMMENDATIONS.md](IMPROVEMENT_RECOMMENDATIONS.md) 2. [docs/REQUIREMENTS.md](REQUIREMENTS.md) 3. [../SECURITY.md](../SECURITY.md) 4. [docs/TESTING_RULES.md](TESTING_RULES.md) 5. [docs/RUNTIME_ERROR_AND_DEBUG_POLICY.md](RUNTIME_ERROR_AND_DEBUG_POLICY.md)