# Agent Insights & Improvement Roadmap

## Security
- Remove hard‑coded admin password (`admin123`).
- Add role‑based middleware (`requireRole`) for all protected routes.

## Database
- Migrate to versioned Supabase migrations (`supabase/migrate.sh`).
- Add soft‑delete columns (`deleted_at`) for loads/payments.

## CI/CD
- GitHub Actions workflow to build Docker image and trigger Coolify deployment via its API.
- Run lint, prettier, and unit tests on each PR.

## Observability
- Integrate Pino logger and Prometheus metrics (`/metrics`).
- Nightly `pg_dump` cron job to S3/MinIO for backups.

## Testing
- Scaffold Jest unit tests for Load CRUD and Shipper totals.
- Add integration smoke test that starts the server and hits `/health`.

## Front‑end UX
- Debounced search + status filter on Loads list page.
- Internationalisation via `locales/*.json`.
- Cache‑busting asset versioning.

## Documentation
- Complete `README.md` with setup, migrations, testing, and deployment steps.

## Next Steps (commits to be made)
1. **Security Fix** – remove default admin password, add `requireRole` middleware.
2. **CI/CD Workflow** – create `.github/workflows/deploy.yml`.
3. **Backup Cron** – add script `scripts/pg_backup.sh` and cron job.
4. **Test Suite** – add `tests/unit/loads.test.js` and npm script.
5. **UI Polish** – add search bar and i18n support.