Skip to content

TODO.md

Latest commit

 

History

History
207 lines (151 loc) · 7.85 KB

TODO.md

File metadata and controls

207 lines (151 loc) · 7.85 KB

TODO.md — Prioritized Backlog

Project: Interact — Employee Engagement & Gamification Platform Scoring: WSJF (Weighted Shortest Job First) = (Business Value + Time Criticality + Risk Reduction) / Job Size Last Updated: 2026-03-16

WSJF Scoring Key

Score Priority Action
8–10 🔴 Critical Fix before any new features
5–7 🟠 High Current sprint
3–4 🟡 Medium This quarter (Q2 2026)
1–2 🟢 Low Backlog

Backlog Table

Priority Item Category BV TC RR Size WSJF Status Source
1 [SEC-01] Resolve 9 npm security vulnerabilities Security 3 3 3 1 9.0 ready npm audit
2 [TST-01] Fix 31 skipped tests (require live Base44 env) Testing 2 2 3 1 7.0 blocked functions/tests/
3 [QA-01] Fix 2 React Hooks violations (conditional hooks) Bug 3 3 3 1.5 6.0 ready eslint react-hooks/rules-of-hooks
4 [TST-02] Increase test coverage from ~8% to 30% Testing 3 2 2 2 3.5 in-progress Audit report
5 [QA-02] Resolve 358 ESLint warnings (unused vars/imports) Code Quality 2 1 1 1 4.0 ready npm run lint
6 [SEC-02] Implement Sentry error tracking Security 2 2 2 1.5 4.0 ready src/components/lib/errors.jsx:269
7 [FEAT-01] Add missing team membership check (Recognition) Feature 2 1 2 1 5.0 ready CLAUDE.md known issues
8 [FEAT-02] Add team_id field to Recognition entity Feature 2 1 1 1 4.0 ready CLAUDE.md known issues
9 [TS-01] TypeScript migration — Phase 1 (types + strict config) Tech Debt 3 2 2 3 2.3 planned ADR-004 (Q2 2026)
10 [FEAT-03] Implement PWA (service worker, offline, install prompt) Feature 3 2 1 2.5 2.4 planned Roadmap Q2 2026
11 [DOC-01] Fix inline viewer (TODO in Dashboard.jsx:203) Documentation 1 1 1 1 3.0 ready src/pages/Dashboard.jsx:203
12 [DEP-01] Remove moment — replace all usages with date-fns Tech Debt 1 1 1 1 3.0 ready package.json (moment is installed but deprecated)
13 [PERF-01] Lazy-load heavy components (Quill editor, Three.js) Performance 2 1 1 1.5 2.7 backlog Bundle analysis
14 [SEC-03] Add missing security headers (CSP, HSTS, CORP/COOP) Security 2 2 3 2 3.5 ready docs/SECURITY.md
15 [FEAT-04] Enterprise SSO integration Feature 3 2 1 3 2.0 planned Roadmap Q1 2026
16 [INFRA-01] Add CI lint error gate (remove continue-on-error) DevOps 1 1 2 1 4.0 ready .github/workflows/ci.yml
17 [FEAT-05] Advanced analytics dashboard Feature 3 1 1 3 1.7 planned Roadmap Q3 2026
18 [FEAT-06] AI-powered activity recommendations (ML) Feature 3 1 1 3 1.7 planned Roadmap Q2 2026
19 [DOC-02] Stale backup file removal (src/pages.config.js.backup) Documentation 1 1 1 0.5 6.0 ready docs/DEAD-CODE-TRIAGE.md
20 [TST-03] E2E tests with Playwright Testing 2 1 2 2.5 2.0 backlog Roadmap

Detail: Security (Category: SEC)

SEC-01 — Resolve 9 npm Security Vulnerabilities

WSJF: 9.0 | Status: ready | Source: npm audit

Packages to fix:

Package Severity Fix
jspdf <=4.1.0 HIGH npm install jspdf@latest
quill 2.0.3 HIGH Upgrade or sanitize HTML export
axios 1.0.0–1.13.4 HIGH npm install axios@latest
rollup 4.0.0–4.58.0 HIGH Upgrade Vite (picks up safe rollup)
flatted <3.4.0 HIGH npm audit fix
minimatch <=3.1.3 HIGH npm audit fix
dompurify 3.1.3–3.3.1 Moderate npm install dompurify@latest
ajv <6.14.0 Moderate npm audit fix 
npm audit fix
npm install jspdf@latest axios@latest dompurify@latest
npm audit  # Verify 0 high/critical remaining

SEC-02 — Sentry Error Tracking

WSJF: 4.0 | Status: ready | Source: src/components/lib/errors.jsx:269

// TODO comment in src/components/lib/errors.jsx:269:
// TODO: Implement Sentry integration for production error tracking

Install @sentry/react, configure in src/main.jsx, replace console.error in ErrorBoundary.

SEC-03 — Security Headers

WSJF: 3.5 | Status: ready | Source: docs/SECURITY.md

Missing: Content-Security-Policy, HSTS, Cross-Origin-Resource-Policy, Cross-Origin-Opener-Policy. Add to vercel.jsonheaders section.

Detail: Testing (Category: TST)

TST-01 — Fix 31 Skipped Tests

WSJF: 7.0 | Status: blocked | Source: functions/tests/

functions/tests/surveyAnonymization.test.ts  (9 skipped)
functions/tests/stripeWebhook.test.ts         (9 skipped)
functions/tests/eventOwnership.test.ts       (13 skipped)

These require a live Base44 environment. Options:

  1. Mock the Base44 client in tests
  2. Add integration test environment to CI

TST-02 — Test Coverage 8% → 30%

WSJF: 3.5 | Status: in-progress

Current: 114 tests passing (8% coverage). Target: 30% by Q2 2026 (per ADR-005).

Priority order: hooks → utilities → shared components → page components.

Detail: Code Quality (Category: QA)

QA-01 — React Hooks Violations

WSJF: 6.0 | Status: ready

2 conditional hook calls violating react-hooks/rules-of-hooks. Find and fix:

npm run lint 2>&1 | grep "react-hooks/rules-of-hooks"

Fix: move hook calls above any conditional or early return.

QA-02 — ESLint Warnings

WSJF: 4.0 | Status: ready

358 warnings, mostly unused imports and variables.

npm run lint:fix   # Auto-fixes most unused imports
npm run lint       # Verify count reduced

Detail: Features (Category: FEAT)

FEAT-01 — Team Membership Check

WSJF: 5.0 | Status: ready

Team-only activities require a check that the requesting user is a member of the team. This is a TODO in the Recognition system. See CLAUDE.md Known Issues section.

FEAT-02 — team_id on Recognition Entity

WSJF: 4.0 | Status: ready

Add team_id field to the Recognition entity in Base44 schema to enable team-scoped recognition.

Detail: Tech Debt (Category: TS, DEP, PERF)

TS-01 — TypeScript Migration

WSJF: 2.3 | Status: planned | ADR: ADR-004

Phase 1 (Q2 2026):

  1. Enable strict mode in tsconfig.json
  2. Rename utility files to .ts
  3. Add interfaces for API entities
  4. Gradually migrate hooks and utilities

DEP-01 — Remove moment.js

WSJF: 3.0 | Status: ready

moment is installed (see package.json) but deprecated and large. All new code uses date-fns. Find and replace any legacy moment usages:

grep -r "import moment\|from 'moment'" src/ --include="*.js" --include="*.jsx"
npm uninstall moment

Detail: Infrastructure (Category: INFRA)

INFRA-01 — CI Lint Gate

WSJF: 4.0 | Status: ready | Source: .github/workflows/ci.yml

The CI quality job runs npm run lint but currently does not enforce zero errors. Once QA-02 is resolved:

  1. Remove continue-on-error: true from the ESLint step in ci.yml
  2. Lint failures should block the build

Categories Legend

Code Category
SEC Security
TST Testing
QA Code Quality
FEAT Features
TS TypeScript Migration
DEP Dependencies
PERF Performance
DOC Documentation
INFRA Infrastructure

Generated from: npm audit, ESLint output, codebase TODO scan, docs/AUDIT-REPORT.md, docs/ROADMAP.md Next refresh: Run npm audit and npm run lint to get updated counts, then update SEC-01 and QA-02 rows.