resolutionflow/CURRENT-STATE.md

# Current State

> **Purpose:** Quick-reference file showing exactly where the project stands.
> **For Claude Code:** Read this first to understand what's done and what's next.
> **Last Updated:** February 14, 2026

---

## Active Phase: Phase 2.5 - Step Library Foundation (In Progress)

---

## What's Complete

### Backend (100%)
- FastAPI project structure with 25+ API endpoints
- PostgreSQL database with Docker, 30+ Alembic migrations
- User authentication (JWT, register, login, refresh, logout, invite codes)
- Refresh token rotation with JTI-based revocation
- Trees CRUD with full-text search (FTS index)
- Sessions tracking with decisions, outcomes, and variables
- Export API (Markdown, Text, HTML)
- Role-based access control (super_admin, team_admin, engineer, viewer)
- Production-ready logging with correlation IDs
- 100+ integration tests
- Rate limiting on auth endpoints (disabled in DEBUG)
- Audit log table with JSONB details
- Soft delete for trees with cascade cleanup

### Frontend (Phase 2 Complete)
- React 19 + Vite + TypeScript + Tailwind setup
- Authentication UI (login, register)
- Tree library/browsing page with grid/list/table views
- Tree navigation interface (session player)
- Session management with history and detail pages
- Export functionality (download)
- **Tree Editor** — Form-based with visual preview, Zustand + immer + zundo (undo/redo)
- **Markdown rendering** in session player and node editor
- **Monochrome Design System** — Dark-only, glass-morphism cards, Inter font, theme toggle removed
- **Tree Organization** — Categories, tags (autocomplete), user folders (3-level hierarchy), filters
- **RBAC & Permissions** — `usePermissions` hook, ProtectedRoute with role guards, permission-based UI hiding
- **Session Scratchpad** — Floating overlay (Ctrl+/), auto-save, markdown preview
- **Admin Panel** — 8 pages (dashboard, users, invite codes, audit logs, plan limits, feature flags, settings, categories)
- **Session Quick Wins** (Issues #51-#55):
  - Session timer (`useSessionTimer` hook, MM:SS / HH:MM:SS)
  - Keyboard hints (Tab focuses notes)
  - Repeat Last Session (prefills metadata from localStorage)
  - Session auto-recovery (resume incomplete sessions)
  - Copy step to clipboard
  - Delete tree button in all view modes
- **Session Outcomes** — Outcome modal on session completion, step timing tracking
- **Settings page** at `/settings` — Default export format preference
- **Session Sharing** — ShareSessionModal, SharedSessionPage (`/shared/sessions/:token`), MySharesPage (`/my-shares`), share link copy/manage from navigation page
- **Procedural Editor UX** — Section headers as first-class step type, "More Options" collapsible for advanced fields, URL intake field type, improved tag input (comma/semicolon/Tab delimiters)
- **Type-aware Routing** — Centralized `getTreeNavigatePath` helper, procedural sessions route to `/flows/:id/navigate`, resume support in procedural navigator, safety redirect in troubleshooting navigator

### Security Hardening (Phases A-D Complete)
- Registration role hardcoded to `engineer`
- HTML export XSS fix (html.escape)
- Secret key validator (rejects default when DEBUG=False)
- Role CHECK constraint on users table
- Tree access check on session start
- Centralized permissions in `permissions.py`
- `is_active` field on User model, enforced in auth
- Admin user management endpoints (6 endpoints)
- Refresh token rotation with JTI-based revocation
- Password complexity validation (uppercase, lowercase, digit, min 10 chars)
- Soft delete cascade cleanup (folder/tag junctions)
- SQL wildcard escaping in tag search

### Backend Schema Features (Not Yet in Frontend)
- **Tree Forking** (migration 022) — `parent_tree_id`, `root_tree_id`, `fork_depth`, `fork_reason`
- **Tree Sharing** (migration 024) — tree share links
- **Enhanced Invite Codes** (migration 030) — email, assigned_plan, trial_duration_days

### Documentation
- CLAUDE.md (project context for Claude Code)
- CLAUDE.md includes consolidated lessons learned (formerly LESSONS-LEARNED.md)
- Design system guide, component examples
- Feature specifications through Phase 4
- Rebrand implementation guide

---

## What's In Progress

| Task | Status | Notes |
|------|--------|-------|
| Step Library Frontend | In Progress | Backend complete, frontend UI pending |
| Procedural Flows Lifecycle | In Progress | Resume support done, full run chooser/reuse pending |
| Tree Forking UI | Planning | Backend schema complete (migration 022) |

---

## What's Next (Priority Order)

### Immediate (Phase 2.5 Completion)
1. Step Library Frontend UI (browse, search, rate/review)
2. Procedural Flows run lifecycle (RunChooserModal, intake reuse/prefill)
3. Tree Forking UI and workflow

### Soon (Phase 3)
- File attachments for sessions
- Offline capability
- Client context system
- Advanced analytics dashboard

### Later (Phase 4)
- PSA integrations (ConnectWise, Kaseya)
- PowerShell automation framework
- Enterprise features (SSO, white-label)

---

## Environment Quick Reference

### Start Development
```powershell
docker start patherly_postgres
cd backend && .\venv\Scripts\activate && uvicorn app.main:app --reload
cd frontend && npm run dev
```

### URLs
- Frontend: http://localhost:5173
- Backend API: http://localhost:8000
- API Docs: http://localhost:8000/api/docs

### Run Tests
```powershell
cd backend && pytest --override-ini="addopts="
```

---

## Blockers / Known Issues

| Issue | Workaround | Status |
|-------|------------|--------|
| pytest-asyncio version conflict | Use 0.24.0 | Documented |
| No local psql on Windows | Use `docker exec` | Documented |