confirm actions

README.md

@@ -31,7 +31,8 @@ Current foundation scope includes:
 - pegged WO/PO supply tracking back to sales demand with preferred-vendor sourcing on inventory items
 - shared shortage and readiness rollups across dashboard, planning, projects, purchasing, and manufacturing
 - admin diagnostics with runtime footprint, record counts, and recent audit-trail visibility
-- admin user management with account creation, activation, role assignment, and role-permission editing
+- admin user management with account creation, activation, role assignment, role-permission editing, and session visibility/revocation
+- safer destructive-action confirmations and recovery messaging across admin, inventory, manufacturing, and attachment workflows
 - CRM and shipping audit coverage plus startup validation surfaced through the admin diagnostics page
 - backup/restore guidance, richer startup diagnostics, and exportable support bundles in the admin diagnostics workflow
 - backup verification checklist and restore-drill runbook surfaced in admin diagnostics
@@ -57,13 +58,13 @@ Current completed foundation areas:
 
 Near-term priorities:
 
-1. Better user and session visibility for operational admins
-2. Safer destructive-action confirmations and recovery messaging
+1. Deeper session history, filtering, and admin-side access review polish
+2. Extend destructive-action safety coverage across sales, purchasing, shipping, and project workflows
 
 Revisit / deferred items:
 
 - local Windows Prisma migration reliability
-- better user and session visibility for operational admins
+- deeper session history, filtering, and admin-side access review polish
 - safer destructive-action confirmations and recovery messaging
 
 Dashboard direction:
@@ -175,7 +176,11 @@ Command-line build notes:
 docker build --build-arg NODE_VERSION=22 -t mrp-codex .
 ```
 
-The container startup script runs `npx prisma migrate deploy` automatically before launching the server.
+The container startup script runs the server workspace Prisma binary directly:
+
+```bash
+/app/server/node_modules/.bin/prisma migrate deploy --schema /app/server/prisma/schema.prisma
+```
 
 This Docker path is currently the most reliable way to ensure the database schema matches the latest CRM and inventory migrations on Windows.
 
@@ -325,7 +330,7 @@ Logo uploads are stored through the authenticated file pipeline and are rendered
 - Apply committed migrations in production: `npm run prisma:deploy`
 - If Prisma migration commands fail on a local Node 24 Windows environment, use Node 22 or Docker for migration execution. The committed migration files in `server/prisma/migrations` remain the source of truth.
 
-As of March 14, 2026, the latest committed domain migrations include:
+As of March 15, 2026, the latest committed domain migrations include:
 
 - CRM status and list filters
 - CRM contact-history timeline
@@ -345,7 +350,11 @@ As of March 14, 2026, the latest committed domain migrations include:
 - shipping foundation
 - projects foundation
 - manufacturing foundation
-- planning foundation
+- manufacturing stations and operation templates
+- inventory transfers and reservations
+- audit trail and diagnostics foundation
+- auth-session visibility and revocation
+- supply pegging and preferred-vendor sourcing
 
 Recent roadmap-driving migrations should always be applied before validating new CRM, inventory, sales, shipping, or purchasing features in a running environment.
 
@@ -358,7 +367,7 @@ The current admin operations slice supports:
 - a sales-order demand-planning view with multi-level BOM netting and build/buy recommendations
 - prefilled work-order and purchase-order draft launch paths from sales-order demand-planning recommendations
 - shared shortage/readiness rollups across planning, project, purchasing, dashboard, and manufacturing views
-- a dedicated user-management page for account creation, activation, role assignment, password reset-style updates, and role-permission administration
+- a dedicated user-management page for account creation, activation, role assignment, password reset-style updates, role-permission administration, and session visibility/revocation
 - CRM customer/vendor changes and shipping mutations now flow into the shared audit trail
 - startup validation now checks storage paths, writable storage readiness, database connectivity, client bundle readiness, Chromium availability, and risky production defaults during server boot
 - backup and restore guidance now surfaces directly in diagnostics, along with exportable support bundles for support handoff
@@ -368,13 +377,13 @@ The current admin operations slice supports:
 
 Current follow-up direction:
 
-- better user and session visibility for operational admins
-- safer destructive-action confirmations and recovery messaging
+- deeper session history, filtering, and admin-side access review polish
+- extend destructive-action safety coverage across sales, purchasing, shipping, and project workflows
 
 ## UI Notes
 
 - Dark mode persistence is handled through the frontend theme provider and should remain stable across page navigation.
-- The shell layout is tuned for wider desktop use than the original foundation build, and now exposes Dashboard, CRM, inventory, sales, shipping, projects, manufacturing, settings, and planning modules from the same app shell.
+- The shell layout is tuned for wider desktop use than the original foundation build, and now exposes Dashboard, CRM, inventory, sales, purchasing, shipping, projects, manufacturing, settings, and planning modules from the same app shell.
 - The active module screens now follow a tighter density baseline for forms, tables, and detail cards.
 - The dashboard should continue evolving as a modular metric board for future purchasing, shipping, planning, and audit data.
 - The client now ships with route-level lazy loading and vendor chunking, so future frontend work should preserve that split instead of re-centralizing module imports in `main.tsx`.