# Project Plans

## Current Phase
- Phase: pre-launch v2 hardening and rollout preparation
- Goal: replace the currently used v1 with a more reliable and operationally safer v2

## Known Direction
- Move the repository into GitLab and establish a repeatable CI/CD pipeline.
- Introduce HTTPS via reverse proxy so secure cookie-based authentication works without workarounds.
- Harden MongoDB and auth-related security paths for production rollout.
- Add basic operational observability without turning the project into an oversized platform effort.
- Keep UI and DX polish focused on proven user value.

## Near-Term Priorities
- `RHL-011` Production HTTPS and reverse proxy
- `RHL-031` Backend auth security hardening
- `RHL-010` CI/CD workflow
- `RHL-013` MongoDB hardening and production settings
- `RHL-014` Observability, logging, and basic monitoring
- If infrastructure work is blocked, fall back to `RHL-039`, `RHL-036`, `RHL-035`, `RHL-033`, `RHL-034`, and `RHL-040`

## Future Considerations
- `RHL-028` admin UX scaling only if real daily pain points appear.
- Password Reset Phase B if there is a real business need for a token/email-based reset flow.
- Any environment model beyond `main` and `production` should stay minimal and justified.