xamxam/TODO.md

TODO

HTMX Toast Feedback for Settings Checkboxes (contenus.php)

• Add hx-target response divs to the three fieldsets in contenus.php
• Update settings.php to return HTML toast on HTMX requests

Production Error Fixes (2026-05-11 remote logs)

• 413 Request Entity Too Large — bumped client_max_body_size to 256M, PHP post/upload to 256M, timeouts to 300s
• Missing v_smtp_active view on server — made all CREATE VIEW statements idempotent with IF NOT EXISTS in schema.sql
• bars.svg 404 — created app/public/assets/img/bars.svg (animated SVG spinner)
• Nginx rate limiting too aggressive — increased admin zone to 300r/m, burst=30 to handle ~11 concurrent HTMX fragment requests on contenus.php page load
• Migration idempotency — CREATE INDEX / CREATE TRIGGER / CREATE VIEW now use IF NOT EXISTS in schema.sql and generate-schema.py; migrate.sh no longer fails on re-run
• Database readonly — intermittent permission issue after deploy (added deploy-nginx recipe; permissions should be fixed by --chown + deploy-server.sh)

SQLite Backup & Data Integrity (docs/backup-plan.md)

Phase 1 — WAL Mode

• WAL mode already active (PRAGMA journal_mode → wal) — set in Database constructor
• Verify -wal and -shm sidecar files exist after writes
• Verify nginx/PHP write access to sidecar files on server
• Add deploy-verify-permissions recipe that checks ownership, directory perms, file perms, and writability after rsync
• deploy recipe now uploads and runs deploy-server.sh to fix permissions, then verifies them
• deploy recipe now runs migrations (scripts/migrate.sh) after ensuring DB exists
• fix migrate.sh to detect server vs local layout (no app/ subdir on server)
• regenerate schema.sql from local DB via generate-schema.py (includes v_smtp_active, all 28 migrations)
• fix generate-schema.py to include v_smtp_active (was explicitly excluded)

Phase 2 — Audit Log

• admin_audit_log table already exists (migration 009), AdminLogger already writes to it
• Create the audit_log table for data-level audit (before/after row snapshots)
• Create Audit.php helper class
• Instrument all DELETE, UPDATE, INSERT operations on core tables (theses, tags, languages, thesis_files)
• Verify by triggering a test delete and querying SELECT * FROM audit_log ORDER BY id DESC LIMIT 5

Phase 3 — Soft Deletes

• Add deleted_at columns to languages, tags, theses
• Rebuild views v_theses_full and v_theses_public with deleted_at IS NULL filters
• Update schema.sql for fresh installs
• Replace all hard DELETEs with soft deletes (DELETE → UPDATE ... SET deleted_at = ...)
• Add deleted_at IS NULL to all SELECT queries touching these tables
• Add admin "Corbeille" view for soft-deleted theses with Restore and Hard Delete actions
• Test each htmx-driven element (language search, tag search, repertoire filters) to confirm deleted entries don't appear
• Admin: add soft-deleted tags/languages view with restore option

Phase 4 — Hourly Snapshots via Cronjob

• Create scripts/backup-sqlite.sh (hot backup via sqlite3 .backup, gzip, retention pruning)
• Test locally — backup created, restores correctly
• Add just backup-snapshot command for local ad-hoc backups
• Deploy backup script to server (/usr/local/bin/backup-sqlite.sh) — just deploy-backup-script
• Create /var/backups/xamxam/ directory on server — part of just deploy-backup-cron
• Add cron jobs (hourly 30d + daily 90d) — just deploy-backup-cron
• Test restore from production backup — just test-restore <remote-gz-path>
• Manual backup trigger — just trigger-backup
• Check backup log — just deploy-check-backup-log
• List remote backups — just deploy-list-backups
• One-shot deploy — just deploy-backup (script + cron)

Phase 5 — Remote Sync (for later)

• (Deferred)