API - Current Development
This roadmap is aligned with the Next-Generation CMS Solution Draft Proposal (v0.2). Current overall API coverage: ~35-40% of v1.0 scope. For the full gap analysis, see
.context/global/proposal-coverage.md.Overview
Phases 0 and 1 are the current focus. They lay the security foundations and complete the core content model required before any later phase can begin.Phase 0 — Foundations & Security
IDOR Protection (UUIDs)
IDOR Protection (UUIDs)
Priority: CriticalReplace sequential numeric IDs in API responses with UUIDs. Internal IDs remain in the database; the API exposes only non-guessable identifiers.Proposal ref: Section 8.3 — “no consecutive numeric IDs exposed in APIs”Status: Done
Granular RBAC (4 roles, site-scoped)
Granular RBAC (4 roles, site-scoped)
Priority: CriticalAdd
ROLE_SITE_OWNER, ROLE_SITE_MANAGER, ROLE_PUBLISHER alongside existing EDITOR/ADMIN. Scope permissions per site with a new cms_user_site_roles table.Proposal ref: Section 5.2Status: Not startedPer-locale slugs
Per-locale slugs
Priority: HighAdd
slugs JSON field ({fr: "mon-article", en: "my-article"}) on Article and Page. Auto-generate 301 redirects on slug change.Proposal ref: Section 5.1Status: Not startedCDN Cache-Control headers
CDN Cache-Control headers
Priority: HighAdd
Cache-Control, Surrogate-Control, Surrogate-Key response headers on public endpoints for CDN edge caching.Proposal ref: Section 5.9.1Status: Not startedPhase 1 — Core Content Completion
Article subtypes & secondary categories
Article subtypes & secondary categories
Priority: HighAdd
type enum (news, announcement, publication) on Article. Transform Category relation to ManyToMany for secondary categories.Proposal ref: Sections 4.6.1, 4.6.2Status: Not startedAuto-generated landing pages
Auto-generated landing pages
Priority: HighNew public endpoints
GET /public/categories/{slug} and GET /public/tags/{slug} returning paginated articles with SEO metadata.Proposal ref: Section 4.6.4Status: Not startedPage types & content visibility
Page types & content visibility
Priority: HighAdd
page_type (contact, home, legal) and visibility (public, authenticated, members_only) fields on Page and Article.Proposal ref: Sections 4.5.1, 4.9.5Status: Not startedTimeline
This page is updated when phases progress. Last update: February 25, 2026.