Front-Office Coverage Analysis
This document compares the requirements defined in the Next-Generation CMS — Technical Architecture specification (V0.1, October 2025) against the actual state of the Front-Office codebase (cms-fo v0.12.6).
It serves as a living reference for tracking progress toward production readiness (v1.0).
Last updated: February 2026. Based on spec sections 3–6 and the technical roadmap (section 10).
1. Technology Stack
Reference: spec sections 4.2, 4.6.
| Requirement | Status | Details |
|---|
| Nuxt 4 / Vue 3 | Covered | Nuxt 4.2.2, Vue 3.5.22 |
| TypeScript | Covered | TypeScript 5.9.3 |
| SSR + Static Generation (hybrid) | Covered | SSG enabled, ISR configured in nuxt.config.ts |
Node.js >= 18 | Covered | Enforced in package.json engines |
| Stateless container | Covered | No local state; horizontal scaling ready |
| Tailwind CSS | Covered | Tailwind CSS v4.1.16 via Vite |
2. Roadmap Milestones (FO Track)
Reference: spec section 10.1.
| Version | Scope | Status | Notes |
|---|
| v0.1 | Project bootstrap, static content render | Done | Nuxt skeleton, base components, Helm-ready |
| v0.3 | Pages + articles SSR, i18n, CDN delivery test | Done | SSR pages, articles, 3 locales (EN/FR/NL), cache headers |
| v0.5 | Preview tokens (X-Preview-Token) + Redis cache | Partial | Preview composables exist (usePreview, useIsPreviewMode, server middleware). Redis not connected — server stores data in local JSON |
| v0.7 | Dashboard metrics, Unlayer integration, Matomo stub | Partial | Unlayer parser integrated, cache-metrics page exists. Matomo not integrated |
| v0.9 | Dynamic blocks (token-driven) + theme customization | Done | 95+ blocks, 4 design templates, full design-token architecture |
| v1.0 | Hardening, perf audits (k6 + Lighthouse), accessibility AA | Partial | Performance optimizations in place. k6, Lighthouse CI, and formal a11y audit missing |
3. Content & Routing
Reference: spec sections 4.2, 10.1 (v0.3–v0.8).
| Requirement | Status | Implementation |
|---|
| Static pages (SSR) | Covered | pages/[slug].vue, pages/index.vue |
| Articles / blog | Covered | pages/articles/index.vue, pages/articles/[slug].vue, useArticles composable |
| Categories | Covered | pages/categories/, useCategories composable |
| Tags | Covered | pages/tags/, useTags composable |
| Search | Covered | pages/search.vue, useSearch composable |
| Archive by date | Covered | pages/archive/[year]/[month].vue |
| Gallery | Covered | pages/gallery/[slug].vue |
| Events | Covered | pages/events/[slug].vue |
| Breadcrumbs / navigation | Covered | useBreadcrumbs, useMenu, Header/Footer components |
| i18n (multilingual) | Covered | @nuxtjs/i18n with 3 locales, useLocaleFallback, localized slugs |
| Sitemap | Covered | server/routes/sitemap.xml.get.ts |
4. Shared Services Integration
Reference: spec sections 3.2, 5.2.
| Service | Spec requirement | FO status | Gap |
|---|
| CMS API (Symfony) | FO consumes public REST endpoints | Covered | useApiConfig, per-composable fetching, configurable base URL |
| Keycloak (OIDC) | Auth for preview / private areas | Partial | Keycloak env vars present (KEYCLOAK_*). FO is public-facing; auth limited to builder/preview context |
| CDN (EU, Surrogate-Key purge) | Edge delivery of SSR + assets | Not covered | Cache headers configured (s-maxage, stale-while-revalidate). No CDN integration, no surrogate-key purge mechanism |
| S3 (media storage) | Serve media via CDN URLs | Covered | NUXT_PUBLIC_MEDIA_BASE_URL configured; images served from S3-compatible origin |
| Redis (cache, preview tokens) | Cache JWKS, preview tokens, rate-limits | Not covered | Server uses local JSON storage. No Redis client in FO |
| Elasticsearch / OpenSearch | Full-text search | Not covered | useSearch composable exists but queries the CMS API — no direct search-engine connection |
| Matomo (analytics + CMP) | GDPR-compliant analytics | Not covered | No Matomo script, no CMP integration |
| OpenTelemetry | Traces, metrics, logs | Partial | useWebVitals tracks Core Web Vitals client-side. No OpenTelemetry SDK, no server-side instrumentation |
| n8n (webhooks) | Event-driven automation | N/A | Events are emitted by the API, not the FO |
5. Non-Functional Requirements
Reference: spec sections 4.8, 5.3, 5.4.
| SLO | Target | FO status | Gap |
|---|
| Lighthouse score | >= 90 (Perf / SEO / A11y) | Not verified | No Lighthouse CI in pipeline. Optimizations in place (code splitting, lazy loading, nuxt-vitalizer, nuxt-delay-hydration) |
| TTFB (EU) | <= 600 ms | Not measured | No CDN analytics, no RUM |
| Cache hit ratio (public routes) | >= 85% | Not measured | No CDN integrated |
| Error rate | <= 1% over 5 min | Not measured | No Prometheus / alerting integration |
5.2 Security
| Requirement | Status | Details |
|---|
| CSP (hash-only) | Covered | server/plugins/csp-hash.ts generates SHA-256 hashes at build time |
| Trusted Types (report-only v1) | Not covered | Not implemented |
| TLS 1.3 | N/A (FO) | Handled by Ingress Controller |
| EU data residency | Covered | No data stored in FO; all data from API / S3 |
| HTML sanitization | Covered | utils/sanitizeInlineHtml.ts |
| Security utils | Covered | utils/security.ts |
5.3 Accessibility
| Requirement | Status | Details |
|---|
| RGAA / WCAG 2.1 AA baseline | Partial | useA11y composable, utils/a11y.ts utilities. No formal audit or automated scoring in CI |
5.4 Observability
| Requirement | Status | Details |
|---|
| OpenTelemetry traces | Not covered | No OTel SDK |
| Prometheus metrics | Not covered | No metrics endpoint |
| Centralized logs | Not covered | No structured log export |
| Web Vitals (RUM) | Partial | useWebVitals in app.vue — client-side only, not forwarded to OTel collector |
6. Design System & Theming
Reference: spec section 6.2 (“Areas Extending the Platform”).
| Requirement | Status | Details |
|---|
| Design-token system | Covered | Full architecture: baseColors → palette (50–950) → semantic tokens → CSS variables |
| Multi-template rendering | Covered | 4 templates: Default, AuroraPulse, CanvasMosaic, NordicLedger |
| Token-driven dynamic blocks | Covered | 95+ blocks with per-template variants; BlockTemplateWrapper, useBlockVariant, variantResolver |
| Token generation script | Covered | scripts/generate-design-tokens.mjs |
| Template-specific CSS | Covered | assets/styles/templates-*.css, tokens.*.generated.css |
7. CI/CD & Quality Gates
Reference: spec sections 5.6, 10.1 (v1.0).
| Requirement | Status | Gap |
|---|
| k6 load testing | Not covered | No k6 scripts or CI integration |
Lighthouse CI audits (>= 90) | Not covered | No Lighthouse CI step |
| Automated security scans (Trivy / Grype) | Not covered | No container image scanning in FO repo |
| Helm charts | Not covered | No Helm chart in FO repo (may live elsewhere) |
| Dockerfile | Not covered | No Dockerfile in FO repo |
8. Summary Scorecard
| Category | Coverage | Score |
|---|
| Technology Stack | Full | 100% |
| Content Management (pages, articles, categories, tags, search) | Full | 100% |
| i18n / Multilingual | Full | 100% |
| Design Tokens & Theming | Full | 100% |
| Dynamic Blocks | Full | 100% |
| Preview Mode | Composables OK, no Redis | ~70% |
| API Integration | Working, homepage still on temp JSON | ~80% |
| CDN / Surrogate-key Purge | Not started | 0% |
| Search Engine (ES / OpenSearch) | Not connected | 0% |
| Analytics (Matomo + CMP) | Not started | 0% |
| Observability (OpenTelemetry) | Web Vitals only | ~20% |
| Performance CI (k6 + Lighthouse) | Not integrated | 0% |
| Accessibility (formal audit) | Utils OK, no CI gate | ~40% |
| Security (CSP + Trusted Types) | CSP OK, Trusted Types missing | ~60% |
| Containerization (Dockerfile + Helm) | Not in FO repo | 0% |
Overall estimated coverage: ~65–70%
9. Gap Prioritization (Path to v1.0)
Ordered by impact and dependency chain:
| Priority | Gap | Rationale |
|---|
| P0 | CDN integration + surrogate-key purge | Core delivery model described in spec 4.2. Blocks all cache-hit-ratio SLOs |
| P0 | Dockerfile + Helm chart | Required for Kubernetes deployment (spec 4.5) |
| P1 | Redis integration (preview tokens) | Replaces temporary JSON storage. Required for multi-instance preview (spec v0.5) |
| P1 | OpenTelemetry SDK | Required for platform observability alignment (spec 5.5) |
| P1 | Matomo + CMP | Required for GDPR-compliant analytics (spec 5.2, v0.7) |
| P2 | Lighthouse CI | Quality gate for merge-to-main (spec 5.6.2) |
| P2 | k6 load testing | SLO verification in CI (spec 5.6.2) |
| P2 | Search engine connection | Full-text search via ES/OpenSearch (spec v0.8) |
| P2 | Trusted Types (report-only) | Additional XSS mitigation layer (spec 5.3.3) |
| P3 | Formal accessibility audit | RGAA / WCAG 2.1 AA certification (spec 4.8) |
| P3 | Homepage blocks: migrate from JSON to API | Remove temporary storage, use real API endpoint |
Further Reading
