xamxam/TODO.md

# TODO

## HTMX Toast Feedback for Settings Checkboxes (contenus.php)

- [x] Add `hx-target` response divs to the three fieldsets in contenus.php
- [x] Update settings.php to return HTML toast on HTMX requests

## Production Error Fixes (2026-05-11 remote logs)

- [x] **413 Request Entity Too Large** — bumped `client_max_body_size` to 256M, PHP post/upload to 256M, timeouts to 300s
- [x] **Missing `v_smtp_active` view** on server — made all `CREATE VIEW` statements idempotent with `IF NOT EXISTS` in schema.sql
- [x] **`bars.svg` 404** — created `app/public/assets/img/bars.svg` (animated SVG spinner)
- [x] **Nginx rate limiting too aggressive** — increased admin zone to 300r/m, burst=30 to handle ~11 concurrent HTMX fragment requests on contenus.php page load
- [ ] **Database readonly** — intermittent permission issue after deploy (added deploy-nginx recipe; permissions should be fixed by --chown + deploy-server.sh)

## SQLite Backup & Data Integrity (docs/backup-plan.md)

### Phase 1 — WAL Mode
- [x] WAL mode already active (`PRAGMA journal_mode` → `wal`) — set in Database constructor
- [ ] Verify `-wal` and `-shm` sidecar files exist after writes
- [ ] Verify nginx/PHP write access to sidecar files on server
- [x] Add deploy-verify-permissions recipe that checks ownership, directory perms, file perms, and writability after rsync
- [x] deploy recipe now uploads and runs deploy-server.sh to fix permissions, then verifies them
- [x] deploy recipe now runs migrations (scripts/migrate.sh) after ensuring DB exists
- [x] fix migrate.sh to detect server vs local layout (no app/ subdir on server)
- [x] regenerate schema.sql from local DB via generate-schema.py (includes v_smtp_active, all 28 migrations)
- [x] fix generate-schema.py to include v_smtp_active (was explicitly excluded)

### Phase 2 — Audit Log
- [x] `admin_audit_log` table already exists (migration 009), `AdminLogger` already writes to it
- [x] Create the `audit_log` table for data-level audit (before/after row snapshots)
- [x] Create `Audit.php` helper class
- [x] Instrument all DELETE, UPDATE, INSERT operations on core tables (theses, tags, languages, thesis_files)
- [ ] Verify by triggering a test delete and querying `SELECT * FROM audit_log ORDER BY id DESC LIMIT 5`

### Phase 3 — Soft Deletes
- [x] Add `deleted_at` columns to `languages`, `tags`, `theses`
- [x] Rebuild views `v_theses_full` and `v_theses_public` with `deleted_at IS NULL` filters
- [x] Update `schema.sql` for fresh installs
- [x] Replace all hard DELETEs with soft deletes (`DELETE` → `UPDATE ... SET deleted_at = ...`)
- [x] Add `deleted_at IS NULL` to all SELECT queries touching these tables
- [x] Add admin "Corbeille" view for soft-deleted theses with Restore and Hard Delete actions
- [ ] Test each htmx-driven element (language search, tag search, repertoire filters) to confirm deleted entries don't appear
- [ ] Admin: add soft-deleted tags/languages view with restore option

### Phase 4 — Hourly Snapshots via Cronjob
- [x] Create `scripts/backup-sqlite.sh` (hot backup via `sqlite3 .backup`, gzip, retention pruning)
- [x] Test locally — backup created, restores correctly
- [x] Add `just backup-snapshot` command for local ad-hoc backups
- [x] Deploy backup script to server (`/usr/local/bin/backup-sqlite.sh`) — `just deploy-backup-script`
- [x] Create `/var/backups/xamxam/` directory on server — part of `just deploy-backup-cron`
- [x] Add cron jobs (hourly 30d + daily 90d) — `just deploy-backup-cron`
- [x] Test restore from production backup — `just test-restore <remote-gz-path>`
- [x] Manual backup trigger — `just trigger-backup`
- [x] Check backup log — `just deploy-check-backup-log`
- [x] List remote backups — `just deploy-list-backups`
- [x] One-shot deploy — `just deploy-backup` (script + cron)

### Phase 5 — Remote Sync *(for later)*
- [ ] (Deferred)