# Dashy Project Refactor: Progress Report **Objective:** Transition Dashy from a browser-based SQLite (local storage) application to a Client-Server architecture using a Python FastAPI backend with a persistent database. --- ## ✅ Completed Tasks ### 1. Backend Infrastructure Setup - Created `backend/` directory structure. - Configured `requirements.txt` with essential libraries (`fastapi`, `sqlalchemy`, `pydantic`, `jose`, etc.). - **Fix:** Pinned `bcrypt==4.0.1` to resolve compatibility issues with `passlib`. ### 2. Database Modeling - **Schema Design:** Translated the original `db.js` schema into SQLAlchemy models in `models.py`. - **Relationships:** Established Many-to-Many relationships for Task Tags and One-to-Many for User Tasks and Notes. - **Audit Logging:** Implemented a robust Audit Log system to track all user actions. ### 3. API Development - **Main App (`main.py`):** Set up FastAPI with CORS middleware enabled for frontend communication. - **Authentication:** Built JWT-based login flow in `auth.py`. - **Endpoints:** Created initial endpoints for: - User retrieval - Task CRUD (Create, Read, Update) - Audit log retrieval/creation ### 4. Data Migration & Environment Handling - **Seeding:** Created `seed.py` to migrate initial prototype data into the new database. - **CIFS/NAS Fix:** - Implemented `DASHY_DB_PATH` environment variable support to allow the database file to reside on a local disk while code stays on the NAS. - Added a 30-second connection timeout to mitigate network latency. --- ## 🚧 Current Status - **Backend:** Feature-complete for the first phase. - **Database:** Schema is stabilized, seeding logic is verified, and database is active. - **Frontend:** Integrated with FastAPI backend via `api.js`. Legacy WASM SQLite files archived. --- ## ⏭️ Upcoming Steps ### Phase 2: Frontend Refactor & Workflow Polish (✅ Completed) 1. **API Integration:** Created `api.js` to handle network requests, swapped `DashyDB` for async API calls in `app.jsx`, and updated Login to use JWT tokens. 2. **Legacy Cleanup:** Archived `db.js` and `data.jsx` to `Dashy-v1/scraps/` and removed `sql.js` WASM dependency from `Dashy.html`. 3. **API Base URL Fix:** Updated `api.js` to dynamically use the browser's hostname to resolve "Connection Refused" errors. 4. **Audit Rendering Crash Fix:** Resolved the `TASK_AUDIT` ReferenceError by passing live API audit logs into the `TaskDetail` modal. 5. **UI State Refresh Fix:** Modified the `useApiData` hook to fetch subsequent updates silently without unmounting the app (fixing the drag-and-drop refresh bug). 6. **Task Completion:** Added a "Mark as completed" button, removed closed tasks from the main Overview board, and set up audit logging. 7. **User Views Update:** Updated `UserScreen` to accurately display open task counts and render a dedicated, faded "Completed" section for closed tasks. 8. **Task Reopening:** Added a "Reopen task" button to restore accidentally closed tasks back to the queue. 9. **User Management (Settings):** Built backend API endpoints (`POST`, `PATCH`, `DELETE` for `/users`) and wired up the `WorkspaceTab` allowing Admins to manage the team from the UI. 10. **Task Editing:** Implemented inline editing for task descriptions using an active text box state with "Save/Cancel" actions. 11. **UI Cleanup:** Removed hardcoded, prototype placeholder notes from the `TaskDetail` modal to prepare for future dynamic notes integration. 12. **Permanent Deletion:** Added a "Delete task permanently" button to the `TaskDetail` sidebar with a confirmation dialog, backed by a new `DELETE /tasks/{id}` API endpoint. 13. **Permanent Deletion Wiring Fix:** Resolved a three-layer bug where the delete button was non-functional: - Added the missing `onDeleteTask` prop to the `TaskDetail` component signature in `screens.jsx`. - Added the missing `deleteTask` handler in `app.jsx` (calls `api.deleteTask`, writes an audit entry, and closes the modal). - Restarted the FastAPI backend so the previously-added `DELETE /tasks/{id}` route was loaded into the running process (was returning 405 prior to restart). 14. **Password Management:** Made the "Change password" flow real (previously a placeholder UI). - **Backend:** Added `PasswordChange` schema and a new `POST /users/{user_id}/password` endpoint that verifies the current password (401 on mismatch) before re-hashing and saving the new one. - **API client:** Added `api.changePassword(id, oldPwd, newPwd)` that surfaces the backend's `detail` message inline rather than just the HTTP status text. - **Frontend:** Wired the previously-inert "Update password" button in `SettingsScreen` — submits via `onChangePassword`, shows inline error / success states, disables while in flight, clears the fields on success, and writes a `password_changed` audit entry. - **Defaults confirmed:** Seeded users (`seed.py`) and admin-created users (`app.jsx`) both default to `password123`. 15. **Real Login Authentication:** Fixed a security bug where the login screen accepted any password. - The password input on `LoginScreen` was a decorative `defaultValue` field — the button submitted with no password, and `onLogin` had a fallback default of `"password123"` which matched every seeded account. - Bound the input to component state, send the actual typed password to `api.login`, and let backend `401`s propagate so the screen can render an inline "Incorrect password" message instead of silently letting anyone in. - Enter key now submits, and the button disables while the request is in flight. ### Phase 3: Advanced Features - **Real-time Notifications:** Explore WebSockets for task assignments. - **iMessage Integration:** Develop the "Molty" bridge for phone-to-task creation. - **File Uploads:** Support for attaching photos/documents to tasks. --- **Last Updated:** Monday, May 11, 2026 **Status:** Phase 2 Complete / Ready for Phase 3