Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions docs/ux-overhaul/backend-gap-register.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,12 @@ Date: 2026-07-13
| Admin | Audit high-impact actions | Confirmation only | No audit log/event contract | Destructive/privilege changes lack accountability | No, but operational risk | Administrative audit events | High |
| Admin | Badge lifecycle | Create/read only | No edit/archive/delete/criteria relation | Credential meaning cannot be governed | Partial | Badge lifecycle and criteria contract | Medium |
| Admin/super admin | Consistent privilege model | Role-accurate limitation state | Exact checks conflict with presumed super-admin inheritance | Name can cause unsafe assumptions | Partial | Explicit platform permission policy replacing name inference | High |
| Content admin | Manage complete course curriculum | Canonical Studio shows course wrappers and readiness context only | Course list/detail and unit/lesson/activity CRUD exclude `content_admin`; isolated authoring/version endpoints do not form a scoped complete editor | Joining incompatible endpoints could expose or mutate another organization’s course | Yes for full course authoring | Organization-scoped curriculum authoring contract with ownership checks | Critical |
| Content admin | Manage programs and course order | Program/path wrappers are read/governance only | Program create is admin/teacher-only; no program update, membership-edit, reorder, archive, or delete API | Unscoped program reads and guessed ordering risk cross-org disclosure or corruption | Yes | Scoped program and learning-path authoring contract | High |
| Content admin | Edit and preview lessons safely | Content drafts preview without runtime calls | Lesson CRUD excludes content admin; no author preview endpoint isolated from learner progress/session behavior | Reusing learner runtime could create progress or reveal unpublished/teacher-only content | Yes | Content-admin lesson editor and stateless preview contract | Critical |
| Content admin | Author activities and assessments | No unsupported authoring controls | Activity/assessment mutations exclude content admin; activity content schema and assessment edit/delete are incomplete | Incorrect answer exposure and inconsistent scoring/publishing | Yes | Versioned activity and assessment authoring contracts | High |
| Content admin | Maintain bibliographic and rights metadata | Source wrappers support title/type/reference/citation only | No author/publisher/date/classification/rights/license/edit/delete/usage lookup | Missing attribution and rights context; cannot prove unused state | Partial | Source bibliography, rights, association, and usage contract | High |
| Content admin | Manage learner-facing assets | No asset/upload navigation | Uploads exclude content admin and have no library, type/size policy, alt text, rights, usage, replace, or delete APIs | Unsafe files, inaccessible images, unclear rights, destructive dependency risk | Yes | Scoped asset library and governed upload contract | Critical |
| Content admin | Review with accountability | Confirmed wrapper state changes; no comments/history claims | No reviewer assignment, comments, decision rationale, role separation, or audit events | Approval cannot be attributed or reconstructed | Partial | Content review assignments, rationale, and audit events | High |
| Content admin | Safely unpublish or roll back | Public publishing only; no unpublish control | Product publish has no unpublish/rollback/dependency validation endpoint | Public visibility may not be reversibly corrected through Studio | Yes for emergency correction | Reversible publishing lifecycle with dependency validation | Critical |
| Content admin | Collaborate and recover versions | No collaborative/version-history UI | No content ownership, locking, autosave, merge, or broadly usable version-history contract | Lost updates and unclear accountability | Yes for collaboration, not current wrapper work | Content ownership and version-history proposal | Medium |
16 changes: 14 additions & 2 deletions docs/ux-overhaul/production-route-migration.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Production Route Migration

Phase 1 preserves route compatibility and establishes canonical role destinations without deleting deep links. Phase 2 begins the student `/learn` migration while keeping legacy student deep links available. Phase 3 adds canonical teacher `/teach` routes while preserving `/home` and workspace cohort deep links. Phase 4 adds the guarded `/admin` family and retains legacy Admin deep links.
Phase 1 preserves route compatibility and establishes canonical role destinations without deleting deep links. Phase 2 begins the student `/learn` migration while keeping legacy student deep links available. Phase 3 adds canonical teacher `/teach` routes while preserving `/home` and workspace cohort deep links. Phase 4 adds the guarded `/admin` family and retains legacy Admin deep links. Phase 5 adds the guarded `/studio` family over the supported V2 content-operations APIs while retaining all `/workspace/**` routes.

| Current route | Canonical route | Role | Redirect behavior | Guard behavior | Migration phase | Removal criteria | Deep-link risk |
| --- | --- | --- | --- | --- | --- | --- | --- |
Expand All @@ -20,6 +20,15 @@ Phase 1 preserves route compatibility and establishes canonical role destination
| `/learn/resources` | `/learn/resources` | student | No redirect | `HomeSessionGuard`; no API | Phase 2 partial | Remove only if a supported resources surface is not planned | Low |
| `/learn/lesson/:id` | `/learn/lesson/:id` | student | No redirect; `:id` remains a student unit progress id | `HomeSessionGuard`; governed segment restore unchanged | Phase 2 | None planned | Low |
| `/workspace` | `/workspace` | content_admin | No redirect | `HomeSessionGuard` plus existing role guards | Phase 1 | None planned | Medium |
| `/workspace` | `/studio` | content_admin | No redirect; login and canonical navigation now use `/studio` | `HomeSessionGuard` plus `RoleGuard` content-admin-only on canonical route | Phase 5 | Keep legacy until bookmarks and broad creator-role use are migrated | Medium |
| `/workspace/projects` and `/:projectId` | `/studio/projects` and `/:projectId` | content_admin | Legacy routes remain; canonical links use `/studio` | Canonical routes are content-admin-only; V2 backend enforces workspace scope | Phase 5 | Add redirects only after non-Studio creator usage is separated | Medium |
| `/workspace/product-studio` | `/studio/create` | content_admin | Legacy route remains | Canonical route excludes unsupported runtime course selector and uses V2 create APIs | Phase 5 | Legacy Product Studio remains for compatibility | High |
| `/workspace/products` and `/:productId` | `/studio/content` and `/:productId` | content_admin | Legacy routes remain | Canonical routes are content-admin-only; V2 backend scope remains authoritative | Phase 5 | Remove only after all creator roles have appropriate destinations | Medium |
| `/workspace/knowledge-sources` | `/studio/sources` | content_admin | Legacy route remains | Canonical read is content-admin-only; creation remains project-scoped | Phase 5 | Keep until legacy navigation usage is retired | Low |
| `/workspace/artifacts` and `/:artifactId` | `/studio/drafts` and `/:artifactId` | content_admin | Legacy route remains | Canonical route uses content-draft terminology and V2 organization scope | Phase 5 | Keep until legacy technical deep links are migrated | Medium |
| `/workspace/review-center` | `/studio/review` | content_admin | Legacy route remains | Canonical route confirms mutations and waits for API success | Phase 5 | Keep until broad creator-role review ownership is resolved | Medium |
| `/workspace/products` | `/studio/publishing` | content_admin | No redirect; this is a filtered state view | Public publish mutation remains on canonical content detail | Phase 5 | None planned | Low |
| `/workspace/product-studio/courses` | No canonical route | content_admin/org_admin legacy guard | Legacy broken screen retained | Backend course list/create dependencies reject these roles | Phase 5 audited | Remove only after a complete authorized course authoring API and replacement exist | High |
| `/workspace/learners` | `/workspace/learners` | org_admin | No redirect | Existing creator-role guard | Phase 1 | Replace only if organization home becomes a dedicated route | Medium |
| `/workspace/commercial` | `/workspace/commercial` with visible label `Community` | admin/content_admin/org_admin/teacher/instructor via existing creator role set | No redirect | Existing creator-role guard | Phase 1 | Add alias and deprecation only after community surface is redesigned | Medium |
| `/home/admin/users` and `/workspace/learners/users` | `/admin/users` | admin | Legacy routes remain; canonical navigation uses `/admin/users` | `HomeSessionGuard` plus `RoleGuard` admin-only | Phase 4 | Add explicit redirects after bookmark/usage validation | Medium |
Expand All @@ -42,7 +51,7 @@ Phase 1 preserves route compatibility and establishes canonical role destination
- `student`: `/learn`
- `teacher`: `/teach`
- `instructor`: `/teach`
- `content_admin`: `/workspace`
- `content_admin`: `/studio`
- `org_admin`: `/workspace/learners`
- `admin`: `/admin`
- `super_admin`: `/admin` with partial compatibility state
Expand All @@ -59,3 +68,6 @@ Phase 1 preserves route compatibility and establishes canonical role destination
- Teacher course preview intentionally avoids `/api/start-course`; it uses `/api/courses/{id}` only.
- Phase 4 does not add moderation or platform-settings routes because no safely authorized capability exists.
- `super_admin` is not treated as inherited `admin`; unsupported child routes stay guarded and hidden.
- Phase 5 keeps `/workspace/**` intact because those routes are shared by several creator roles and demo tooling.
- Canonical Studio intentionally omits lesson, assessment, asset, upload, and curriculum-ordering routes because the current content-admin APIs do not safely support those workflows.
- Studio draft preview reads only V2 artifact content and does not call learner runtime, enrollment, lesson-session, or progress APIs.
10 changes: 10 additions & 0 deletions docs/ux-overhaul/shared-component-status.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,3 +65,13 @@
- Organization invite revocation.
- Access grant revoke flows.
- Product publish/review transitions.
## Phase 5 Studio adoption

- `EchoLoadingStateComponent`: Studio overview, libraries, creation, project, content, and draft detail.
- `EchoStatePanelComponent`: Studio empty, partial/error, retry, and missing-record states.
- `EchoConfirmationDialogComponent`: wrapper publishing and all review-state decisions with focus trapping/restoration.
- Shared shell/navigation: canonical `/studio` destination and content-admin-only Studio section.
- Shared semantic tokens: Studio production layout, forms, records, status text, focus, and mobile targets.
- Existing Admin responsive table styles were not reused as a separate Studio system; Studio uses content-oriented responsive records and forms.

Studio does not add an asset picker, reorder control, block editor, tab system, or upload-progress component because no verified content-admin API requires those controls.
25 changes: 25 additions & 0 deletions docs/ux-overhaul/studio-accessibility-review.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Studio Accessibility Review

Date: 2026-07-13

## Implemented

- One page `h1` with logical section headings on canonical Studio screens.
- Labeled search, select, text, textarea, and file-independent forms with native required semantics.
- Minimum 44px controls and visible tokenized focus rings.
- Result counts, creation success, review success, and errors use live status/alert semantics.
- Shared loading, empty, error, and confirmation components provide consistent announcements.
- Publish and review dialogs trap focus, start on Cancel, support Escape, lock while saving, and restore focus.
- Status meaning is written in text and not conveyed by color alone.
- Responsive records preserve the same information and actions without a pointer-only table.
- Preview is a normal document flow with pre-wrapped text and no inaccessible authoring canvas.
- No drag-only reorder interaction is present.
- Reduced-motion behavior comes from the shared shell and production component foundations.

## Review results

Unit coverage verifies confirmation-before-mutation, failure preservation, visible empty/error states, labeled filters, and role-guarded routes. The seeded smoke includes keyboard focus and a 390px overflow assertion when executable.

## Remaining manual work

Screen-reader announcement timing, browser zoom at 200%, contrast under user overrides, long real citations, and mobile virtual-keyboard behavior require browser/manual validation. Upload progress, image alt-text forms, and accessible reordering are deferred because no supported Studio APIs exist for those controls.
16 changes: 16 additions & 0 deletions docs/ux-overhaul/studio-action-risk-matrix.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Studio Action Risk Matrix

Date: 2026-07-13

| Action | Object | Backend behavior | Risk | Reversible | Confirmation | Permission and recovery |
| --- | --- | --- | --- | --- | --- | --- |
| Create project | Project | Inserts organization-scoped project | Consequential | No delete API | No; explicit submit | Manage visible workspace; preserve form on failure |
| Create learning offering | Product wrapper | Inserts draft wrapper | Consequential | No delete API | No; form explains wrapper-only scope | Manage visible workspace; preserve form on failure |
| Add source record | KnowledgeSource | Inserts project-scoped metadata | Consequential | No edit/delete API | No; explicit submit | Project must belong to workspace; preserve form on failure |
| Create content draft | Artifact | Inserts reviewable wrapper, optionally linked to source/product | Consequential | No delete API | No; explicit submit | Same-project relationships; preserve form on failure |
| Change review state | Artifact or Product | Replaces `status` and `review_state` | Privilege/content-governance changing | Can set another supported state, but no audit | Yes for every state | Manage visible workspace; dialog remains with error after failure |
| Reject draft | Artifact | Sets rejected state; does not delete | Consequential | Another state can be set | Danger confirmation | Explain content and sources remain |
| Archive offering | Product | Sets archived state via review endpoint | Consequential | No dedicated restore semantics | Danger confirmation | Explain audit/restore gap |
| Publish publicly | Product | Sets published/public wrapper state and timestamps | High impact | No unpublish endpoint | Publish confirmation | Explain public visibility and unchanged lesson/access rules |

No V2 project, product, source, or artifact delete endpoint exists. Studio displays no delete buttons and does not imply archive is deletion.
23 changes: 23 additions & 0 deletions docs/ux-overhaul/studio-activity-authoring-matrix.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Studio Activity Authoring Matrix

Date: 2026-07-13

The legacy draft model names these activity identifiers. Current CRUD is restricted to admin/teacher, so canonical Studio exposes none as editable controls.

| Type | Stored authoring fields | Learner rendering evidence | Validation/scoring | Preview | Accessibility concern |
| --- | --- | --- | --- | --- | --- |
| `text`, `story` | title, content, order | Text presentation | Non-empty content is not centrally validated | Student renderer exists | Heading/list semantics and readable line length |
| `video`, `audio` | title, content URL/reference, order | Media presentation varies | No verified rights/caption/transcript validation | Partial | Captions, transcript, controls, autoplay |
| `storybook` | title, content, ordered image pages | Storybook pages | Page/image validation is limited | Partial | Image alternative text is not modeled |
| `coloring` | title, uploaded/reference content | Image activity | Upload accepts file without documented type/size validation | Partial | Alt text and non-pointer alternative absent |
| `quiz` | title, serialized content, order | Lesson viewer validates answers before advance | Separate assessment system also exists; no stable Studio authoring schema verified | Learner renderer only | Labels, errors, answer exposure |
| `reflection`, `discussion` | title, content, order | Instruction/prompt presentation | No persistence contract verified | Presentation only | Clear instructions; do not imply saved responses |
| `checkpoint` | title, content, order | Runtime-dependent | No verified authoring/scoring contract | Unsupported in Studio | State announcement |

## Assessment model

Assessments expose title, description, scope relationships, assessment/availability/delivery states, passing score, maximum attempts, policy/lifecycle metadata, and ordered questions. Questions expose prompt, type, choices, explanation, points, and order. Creation is admin/teacher-only; no edit/delete authoring endpoints are present.

## Decision

Studio does not invent rubrics, manual grading, partial credit, retries, answer configuration, or activity editors. Content drafts may use artifact types `assessment_seed` or `lesson_draft`, but those records are not described as executable assessments or activities.
21 changes: 21 additions & 0 deletions docs/ux-overhaul/studio-asset-data-contract.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Studio Asset and Upload Data Contract

Date: 2026-07-13

## Current uploads

| Endpoint | Purpose | Authorized roles | Response |
| --- | --- | --- | --- |
| `POST /api/upload/coloring` | Coloring image | admin, teacher | Public `file_path` |
| `POST /api/upload/storybook` | Storybook page image | admin, teacher | Public `file_path` |
| `POST /api/upload/badge` | Badge image | admin | Public `file_path` |

The endpoints generate UUID filenames and copy bytes to configured directories. They do not expose a content-admin asset library, search, metadata, alt text, caption, rights/license, usage lookup, replacement, deletion, documented accepted types, documented size limits, or upload progress.

## Studio decision

Canonical Studio has no Assets navigation or upload control. A `KnowledgeSource` may record `source_type: upload`, but this is metadata only and does not upload a file.

## Required future contract

A future asset capability must define MIME allowlists, size limits, malware/content handling, organization scope, alt text, rights notes, usage relationships, safe replacement/deletion semantics, and response errors before learner-facing uploads can be exposed to content administrators.
25 changes: 25 additions & 0 deletions docs/ux-overhaul/studio-content-governance-review.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Studio Content Governance Review

Date: 2026-07-13

## Stewardship decisions

- Source titles, citations, and references remain visible in content context; missing bibliographic fields are not fabricated.
- Source records receive no trust, reliability, cultural-appropriateness, or historical-accuracy score.
- Draft content remains organization-scoped and is clearly separated from learner-visible lessons.
- Public wrapper publishing states that lesson governance, enrollment, and access remain unchanged.
- Learner and class analytics are omitted from canonical Studio navigation because they are not required for content stewardship.
- Raw workspace, project, source, product, and artifact identifiers are not used as primary visible labels.
- Generation prompts/errors remain on legacy technical screens and are not promoted into Studio.

## Rights and media

Current source and asset models do not include rights/license, creator attribution, alt text, caption, sensitive-imagery warning, or usage lookup. Studio cannot make legal or rights-clearance claims. Asset upload is withheld from content administrators until those controls and file-policy contracts exist.

## Historical and cultural integrity

Reviewers should be able to inspect source identity and citation before approving a draft wrapper. The UI encourages source association but does not automate historical interpretation. Community contribution attribution, culturally sensitive review, age-appropriateness review, and teacher-only note separation require future explicit data contracts.

## Privacy

V2 records remain scoped by backend organization membership. Lists minimize unpublished body content; full draft content appears only on detail. Source URI/citation and draft bodies may contain sensitive information and are not included in errors or client logging added by this phase.
Loading
Loading