Skip to content

Backlog

This page contains planned work, follow-up issues, and feature requests for the Nexus project.

Working backlog

User security, tenant security, projects, and assets

StatusUrgencyImpactCreated

Outcome: keep Nexus focused first on secure user access, secure tenant boundaries, project organization, and tenant/project-owned asset operations.

Scope:

  • Treat user security and tenant security as the highest-priority platform work.
  • Keep Projects and Assets as the next operational priorities.
  • Ensure projects are tenant-owned through projects.tenant_id.
  • Ensure assets are tenant-owned through assets.tenant_id and can optionally belong to a project through assets.project_id.
  • Validate project-scoped asset writes so a tenant asset cannot silently point at a project outside the tenant or shared root scope.

SIS ingestion, MOSIS extracts, and grade-card marts

StatusUrgencyImpactCreated

Outcome: make Nexus an operational data platform for daily SIS ingestion, MOSIS file generation, exception reporting, and DESE-style education analytics.

Scope:

  • Ingest Infinite Campus and other SIS extracts into auditable staging tables before mapping records into Nexus canonical education objects.
  • Add school-year-versioned MOSIS layout metadata, extract builders, validation results, and export run history.
  • Create datamarts for SIS source quality, MOSIS extract readiness, post-submission corrections, and district/school grade-card style indicators.
  • Track implementation details in MOSIS operational data platform.

Directory and productivity suite integrations

StatusUrgencyImpactCreated

Outcome: integrate workforce identity and collaboration context from Google Workspace, Microsoft Active Directory, and Microsoft 365 into Nexus for operational workflows.

Scope:

  • Add connectors and ingestion pipelines for Google Workspace directory data.
  • Add connectors and ingestion pipelines for Microsoft Active Directory user, group, and organizational unit data.
  • Add connectors and ingestion pipelines for Microsoft 365 identity and collaboration metadata needed for Nexus use cases.
  • Track source-system sync runs, deltas, mapping rules, and reconciliation errors for each connector.
  • Keep imported records tenant-scoped, auditable, and replayable without mutating canonical records until validations pass.

Frontend endpoint workflow completion

StatusUrgencyImpactCreated

Outcome: turn broad API client coverage into real operator workflows.

Scope:

  • Add UI for issue comments, attachments, links, history, activity, watchers, and issue catalog objects.
  • Add UI for configuration relationships, person identity contacts, contact ordering, school lifecycle actions, asset assignment close, and group memberships.
  • Keep create, update, archive, restore, and related-record actions consistent across object workspaces.

Object detail and inspector experiences

StatusUrgencyImpactCreated

Outcome: make master/detail pages feel complete instead of list-only.

Scope:

  • Add related-record panes, lifecycle action buttons, archive/restore visibility, empty states, and edit/create modes.
  • Finish inspector/edit sheets for remaining object workspaces.
  • Review keyboard flow through object cards, detail panes, and sheet controls.

Package landing pages

StatusUrgencyImpactCreated

Outcome: give each package a useful first screen for navigation and triage.

Scope:

  • Finish landing pages for System, Projects, Education, Assets, Census, Configurations, and Locations.
  • Include counts, recent activity, and direct create actions.
  • Keep package navigation aligned with the current module taxonomy.

Search implementation

StatusUrgencyImpactCreated

Outcome: make global and workspace search return useful, context-aware results.

Scope:

  • Wire the global top-bar search to filtered or query-backed results.
  • Wire master-view search to object-specific filtering.
  • Respect tenant, project, school, and calendar context when searching.

Release validation expansion

StatusUrgencyImpactCreated

Outcome: provide one repeatable pre-release command that catches common regressions.

Scope:

  • Add backend route/import tests and application router coverage.
  • Add migration graph smoke tests.
  • Add frontend production build checks.
  • Add docs build validation to the release script.

Frontend regression coverage

StatusUrgencyImpactCreated

Outcome: protect high-traffic UI flows from release-to-release drift.

Scope:

  • Cover package navigation, context controls, asset model/detail splits, auth expiry behavior, and package landing pages.
  • Add accessibility checks for popover menus, drawers, object cards, detail panes, and sheet controls.
  • Keep Playwright or equivalent browser coverage runnable from release validation.

API ownership and REST consistency audit

StatusUrgencyImpactCreated

Outcome: make route ownership, tags, verbs, and related-resource shapes predictable.

Scope:

  • Verify related-object endpoints are owned by the intended secondary object's package.
  • Ensure route tags follow the <Package>: <Object> convention.
  • Normalize PUT versus PATCH, lifecycle actions, list/read/create/update/delete shapes, and related-resource delete URLs.

Tenancy and access-control hardening

StatusUrgencyImpactCreated

Outcome: verify scoped access stays correct as modules expand.

Scope:

  • Add focused tests for tenant scope headers and Global tenant visibility.
  • Cover current/default tenant, project, and school preferences.
  • Cover admin-only writes and group membership boundaries.

Dependency version pinning

StatusUrgencyImpactCreated

Outcome: improve dependency stability and supply-chain reviewability.

Scope:

  • Replace floating dependency versions in frontend/package.json with explicit version pins.
  • Confirm lockfiles capture the intended resolved versions.
  • Keep dependency updates intentional and reviewable through release validation.

Browser security headers

StatusUrgencyImpactCreated

Outcome: harden browser behavior for deployed frontend and docs surfaces.

Scope:

  • Add or enforce headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options.
  • Document local, staging, and production header expectations.
  • Verify headers through deployment or release validation checks.

Dependency vulnerability audits

StatusUrgencyImpactCreated

Outcome: keep backend and frontend dependency risk visible.

Scope:

  • Run vulnerability audits for Python and frontend packages.
  • Track actionable findings in this backlog or the issue tracker.
  • Add repeatable audit commands to release validation when they are stable enough for CI.

Documentation taxonomy refresh

StatusUrgencyImpactCreated

Outcome: keep README and developer docs aligned with current Nexus modules.

Scope:

  • Use System, Projects, Education, Assets, Census, Configurations, and Locations language consistently.
  • Remove stale Census Edu, Users-only, Service-module, Directory, Access, Workspace, and API Suite language where it no longer matches the product.
  • Keep schema and package boundary docs synchronized with route ownership.

Frontend module taxonomy cleanup

StatusUrgencyImpactCreated

Outcome: make in-app labels match the current package taxonomy.

Scope:

  • Replace stale Service module and Census Edu module labels with Projects and Education language.
  • Move issue catalog support pages out of the legacy Service grouping and into the Projects package navigation.
  • Normalize /me package labels so schools and calendars consistently appear under Education.

Frontend route and collection registry

StatusUrgencyImpactCreated

Outcome: reduce manual route, menu, record-store, and collection-view drift as objects are added.

Scope:

  • Introduce a shared object registry for package, path, record key, label, lifecycle, and supported actions.
  • Generate package navigation, protected-route checks, add-sheet routing, and collection-view selection from the registry where practical.
  • Keep specialized asset and issue workflows extensible without hiding domain-specific behavior.

Seed and demo data refresh

StatusUrgencyImpactCreated

Outcome: make the UI reviewable without manual setup.

Scope:

  • Add realistic tenants, projects, schools, calendars, people, assets, issues, and relationships.
  • Include groups, locations, and configuration items.
  • Ensure demo paths exercise July package navigation and object detail workflows.

/me portal workflow completion

StatusUrgencyImpactCreated

Outcome: make user-facing account and context controls dependable.

Scope:

  • Complete default context preference workflows.
  • Add active session visibility.
  • Finish account settings flows exposed through the user portal.

Dashboard operational summary

StatusUrgencyImpactCreated

Outcome: make the signed-in dashboard useful for daily triage instead of only navigation.

Scope:

  • Show tenant-aware counts for open issues, active assets, current enrollments, current employments, and recent configuration changes.
  • Surface stale or high-priority records that need action.
  • Link each dashboard signal to the filtered object view that explains it.

API contract examples and fixtures

StatusUrgencyImpactCreated

Outcome: make route behavior easier to verify and consume from frontend and future clients.

Scope:

  • Add minimal request and response examples for core object routes and related-resource endpoints.
  • Keep fixtures aligned with seeded demo data and tenant scope behavior.
  • Use examples as inputs for API contract or smoke tests where the release validation script can exercise them.

Workspace cleanup and generated file hygiene

StatusUrgencyImpactCreated

Outcome: keep the repository clean after tests, docs builds, and frontend builds.

Scope:

  • Confirm __pycache__, .pytest_cache, frontend/docs build output, and local dependency folders are ignored.
  • Keep generated files out of release commits unless they are intentional lockfiles or fixtures.

Apple client path decision

StatusUrgencyImpactCreated

Outcome: clarify whether the Apple app is an active client or a deliberately minimal project artifact.

Scope:

  • Define a short Apple client roadmap if the app remains active.
  • Document the minimal/supporting role if it is not on the near-term roadmap.

Nexus platform expansion

StatusUrgencyImpactCreated

Outcome: continue the foundational work needed to support the expanded Nexus feature set across core domains.

Scope:

  • Keep shared platform patterns stable as modules mature.
  • Fold completed expansion work into narrower follow-up issues when it becomes actionable.

Documentation and deployment updates

StatusUrgencyImpactCreated

Outcome: keep project documentation and deployment references current.

Scope:

  • Refresh deploy guidance when infrastructure or module boundaries change.
  • Link release validation expectations from developer docs.

Completed backlog

Default secrets hardening

StatusUrgencyImpactCreated

Outcome: replaced insecure default handling for POSTGRES_PASSWORD and JWT_SECRET_KEY with explicit secret configuration practices.

Production secret handling

StatusUrgencyImpactCreated

Outcome: production deployments no longer depend on repo-managed defaults and are documented around external secret storage.

Token storage security

StatusUrgencyImpactCreated

Outcome: authentication token storage was moved to a more secure session approach so frontend state can respond cleanly to token expiry and revocation.

Backend API refinement

StatusUrgencyImpactCreated

Outcome: split backend route adapters, application services, domain schemas, tenancy and auth helpers, and infrastructure row mappers into focused modules with stable import surfaces.

Expired token session-state handling

StatusUrgencyImpactCreated

Outcome: invalid or expired tokens clear local auth state, redirect users to sign-in, and show a clear session-expired message.

Asset domain first-class object migration

StatusUrgencyImpactCreated

Outcome: replaced legacy asset transactions with first-class Asset Circulation and Asset Repair objects across frontend workflows, backend APIs, and database schema.

Users module group and membership management

StatusUrgencyImpactCreated

Outcome: added first-class User Groups and User Group Membership management across database schema, backend APIs, and frontend workflows.

Tenant-scoped write consistency and schema documentation

StatusUrgencyImpactCreated

Outcome: ensured school-domain create flows honor selected tenant scope, corrected tenant assignment drift for seeded records, and published comprehensive per-table schema documentation.

Responsive shell and object workspace navigation

StatusUrgencyImpactCreated

Outcome: added switchable sidebar/top-bar navigation, tenant and user menu placement, card-first master views, inline detail panes, and related-object shortcuts.

Object editor sheets and frontend clean architecture

StatusUrgencyImpactCreated

Outcome: added sheet-based object editing for assets and asset models, generalized split master/detail object views, introduced URL-focused object selection routes, and split frontend helpers into shared, infrastructure, application, feature, and component layers.

Issue parent model

StatusUrgencyImpactCreated

Outcome: introduced a parent Issue model with service request, known problem, incident, post-incident analysis, change, and repair subtypes.

Projects module

StatusUrgencyImpactCreated

Outcome: added Projects as the core organizing object for issues and seeded Technology Service and Maintenance Service as shared service projects.

Education module API expansion

StatusUrgencyImpactCreated

Outcome: moved school-related route adapters into the education API package, expanded education LCRUD and lifecycle endpoints, added school grade levels and employment assignment types, and documented the package boundary.

System API and frontend navigation consolidation

StatusUrgencyImpactCreated

Outcome: folded users, groups, tenants, sessions, preferences, and health into the system API package; added key-backed school context objects; expanded /me context endpoints; and reworked the frontend shell around package navigation pages, categorized popovers, context filters, and compact master/detail workspaces.

Nexus by McGuire Technology