jason/pos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
65eb405cf1cee636279ff66b960362c7e79e4764
pos/ROADMAP.md
jason 2aa041d45e Milestone 4: payment abstraction, receipts, refunds, logging, hardened Docker 
- lib/payments.ts: provider-agnostic payment interface; cash (immediate) and
  card stub (swappable for Square/Stripe Terminal/Tyro)
- POST /transactions/:id/refund — manager+, server-authoritative, blocks double-refund
- GET /transactions/:id/receipt — structured receipt payload for print/email/SMS
- lib/logger.ts: minimal structured JSON logger respecting LOG_LEVEL env var
- middleware/requestLogger.ts: per-request method/path/status/ms logging
- errorHandler now uses structured logger instead of console.error
- Dockerfile: non-root user (appuser), HEALTHCHECK via /api/v1/health,
  npm cache cleared in runtime stage

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-21 06:57:33 -05:00

2.2 KiB
Raw Blame History

ROADMAP.md

Milestone 1 — Foundation

  • Node/TypeScript API skeleton with Express
  • Health check endpoint (GET /api/v1/health)
  • JWT auth: login, refresh, logout, /me
  • Prisma schema: vendors, users, roles, products, categories, taxes, transactions
  • SQLite for local dev; Postgres for production
  • React admin SPA (Vite + TypeScript)
  • Login page + protected routing
  • Dashboard shell with auth context
  • Multi-stage Dockerfile; docker-compose with Postgres
  • Seed script with demo data

Milestone 2 — Core Data & Admin

  • Full CRUD: vendors, users, categories, products, taxes
  • RBAC enforcement on all routes (owner / manager / cashier)
  • Vendor settings page in admin UI
  • User management UI (add, edit, delete, assign role)
  • Catalog management UI (products, categories, taxes — tabbed)
  • Input validation with Zod on all endpoints
  • Pagination on list endpoints

Milestone 3 — Android & Offline Sync (server-side)

  • GET /api/v1/catalog/sync?since=<ISO> — delta sync for products, categories, taxes
  • POST /api/v1/transactions/batch — idempotency-keyed batch upload (207 Multi-Status)
  • GET /api/v1/transactions — paginated list with date/status/payment filters
  • GET /api/v1/transactions/reports/summary — revenue, tax, top products, payment breakdown
  • Reports page: stat cards, payment method breakdown, top products, transaction table
  • Android Kotlin app: MVVM, Room, offline-first flows (separate deliverable)
  • Background sync worker (Android)
  • Conflict resolution: server-authoritative for payments (enforced via idempotency)

Milestone 4 — Payments & Hardening

  • Payment abstraction layer (lib/payments.ts) — cash + card stub; swap processCard() for real SDK
  • POST /api/v1/transactions/:id/refund — manager/owner only, server-authoritative
  • GET /api/v1/transactions/:id/receipt — structured receipt payload for print/email/SMS
  • Structured JSON request logging (lib/logger.ts, middleware/requestLogger.ts)
  • Dockerfile hardened: non-root user (appuser), HEALTHCHECK, npm cache cleared
  • Error handler uses structured logger instead of console.error
Reference in New Issue View Git Blame Copy Permalink