confirm actions

ROADMAP.md

@@ -17,7 +17,7 @@ MRP Codex is being built as a streamlined, modular manufacturing resource planni
 - React + Vite + Tailwind frontend shell
 - Express + TypeScript backend shell
 - Prisma + SQLite schema foundation with committed initial migration
-- Local authentication with JWT-based session flow
+- Local authentication with JWT-based session flow plus persisted session visibility and revocation
 - RBAC permission model and protected routes
 - Central Company Settings with runtime branding controls
 - Light and dark mode theme system
@@ -73,6 +73,7 @@ MRP Codex is being built as a streamlined, modular manufacturing resource planni
 - The dashboard is now live-data driven, but still needs richer KPI widgets, alerts, recent-activity queues, and exception reporting as more transactional depth is added
 - The new projects domain is foundational but still needs milestones, project rollups, and deeper inventory/purchasing/manufacturing tie-ins
 - The new manufacturing domain is foundational but still needs routings, labor capture, work-center views, and capacity-aware planning tie-ins
+- Auth sessions are now persisted and revocable, but the admin surface still needs richer filtering, history retention, and unusual-access review tooling
 
 ## Dashboard Plan
 
@@ -288,6 +289,9 @@ Foundation slice shipped:
 - Audit trail coverage across core write flows for settings, inventory, sales, purchasing, projects, and manufacturing
 - Admin diagnostics screen for runtime footprint, storage visibility, key record counts, and recent audit activity
 - Expanded role-management UI with account creation, activation, role assignment, and permission administration
+- Persisted auth-session tracking with admin visibility into active, expired, and revoked sign-ins
+- Server-side logout and admin session revocation for JWT-backed access
+- Shared destructive-action confirmation and recovery messaging for admin, inventory, manufacturing, and attachment workflows
 - CRM customer/vendor changes and shipping mutations covered by the shared audit trail
 - Startup validation during server boot with checks for storage paths, writable directories, database connectivity, client bundle readiness, Chromium availability, and risky production defaults
 - Backup/restore guidance, support-bundle exports, and support-log viewing surfaced through the admin diagnostics workflow
@@ -301,8 +305,8 @@ Foundation slice shipped:
 QOL subfeatures:
 
 - Admin diagnostics screen for permissions, migrations, storage, and PDF health
-- Safer destructive-action confirmations and recovery messaging
-- Better user/session visibility for operational admins
+- Better session filtering, review history, and unusual-access cues for operational admins
+- Extend destructive-action safety coverage across sales, purchasing, shipping, and project workflows
 - More explicit environment validation on startup
 - Support-log filtering, retention controls, and broader support-package polish
 - Backup verification checklist and restore drill guidance
@@ -325,5 +329,5 @@ QOL subfeatures:
 
 ## Near-term priority order
 
-1. Better user and session visibility for operational admins
-2. Safer destructive-action confirmations and recovery messaging
+1. Better session filtering, review history, and unusual-access cues for operational admins
+2. Extend destructive-action safety coverage across sales, purchasing, shipping, and project workflows