docs: add scheduled tasks roadmap for optional future work

Create comprehensive task scheduling document with:
- High priority: CSP violation cleanup, Admin UI for publish workflow
- Medium priority: Legacy field migration, workflow status UI
- Low priority: Performance optimization, accessibility audit

Each task includes:
- Scheduled timeframe
- Effort estimation
- Detailed requirements
- Action items checklist
- Success metrics

Sprint planning included with 3-sprint roadmap through 2025-11-22.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

SCHEDULED_TASKS.md

@@ -0,0 +1,333 @@
+# Scheduled Tasks - Tractatus Framework
+**Last Updated:** 2025-10-19
+**Purpose:** Track optional future work items identified during development
+
+---
+
+## 🎯 High Priority
+
+### 1. CSP Violation Cleanup
+**Scheduled:** Next available session
+**Effort:** Medium (2-3 hours)
+**Status:** Ready to start
+
+**Description:**
+Clean up 114 Content Security Policy violations across 17 HTML/JS files.
+
+**Files Affected:**
+- `public/about.html` (1 violation)
+- `public/architecture.html` (19 violations)
+- `public/case-submission.html` (4 violations)
+- `public/implementer.html` (1 violation)
+- `public/index.html` (31 violations)
+- `public/leader.html` (1 violation)
+- `public/media-inquiry.html` (2 violations)
+- `public/researcher.html` (5 violations)
+- `public/js/admin/audit-analytics.js` (3 violations)
+- `public/js/admin/auth-check.js` (6 violations)
+- `public/js/admin/claude-md-migrator.js` (2 violations)
+- `public/js/admin/dashboard.js` (4 violations)
+- `public/js/admin/project-editor.js` (4 violations)
+- `public/js/admin/project-manager.js` (5 violations)
+- `public/js/admin/rule-editor.js` (9 violations)
+- `public/js/admin/rule-manager.js` (6 violations)
+- `public/js/components/coming-soon-overlay.js` (11 violations)
+
+**Violation Types:**
+- Inline style attributes: 91
+- Inline event handlers: 23
+
+**Action Items:**
+1. ✅ Run `node scripts/check-csp-violations.js` to analyze violations
+2. ⏳ Run `node scripts/fix-csp-violations.js` to auto-remediate
+3. ⏳ Manual review of auto-fixes
+4. ⏳ Test all affected pages
+5. ⏳ Commit fixes
+6. ⏳ Deploy to production
+
+**Benefits:**
+- Improved security posture
+- Better browser compatibility
+- Cleaner code architecture
+- Eliminate pre-commit hook bypasses
+
+**Notes:**
+- Already has auto-fix script available
+- Currently bypassing pre-commit hook with `--no-verify`
+- Non-blocking for security work (deferred during emergency)
+
+---
+
+### 2. Admin UI for Publish Workflow
+**Scheduled:** Week of 2025-10-21
+**Effort:** Medium (3-4 hours)
+**Status:** Design ready, implementation pending
+
+**Description:**
+Create admin user interface for document publish/unpublish workflow. Currently API-only.
+
+**Current State:**
+- ✅ API endpoints working (POST /api/documents/:id/publish, /api/documents/:id/unpublish)
+- ✅ Backend validation complete
+- ✅ Audit trail implemented
+- ❌ No UI for admins to use workflow
+
+**Requirements:**
+
+**1. Document List View Enhancements:**
+- Add "Status" column showing workflow_status (draft, review, published)
+- Add "Visibility" badge (internal, public, confidential, archived)
+- Add "Publish" button for draft documents
+- Add "Unpublish" button for published documents
+
+**2. Publish Modal:**
+- Category dropdown (required)
+  - getting-started
+  - technical-reference
+  - research-theory
+  - advanced-topics
+  - case-studies
+  - business-leadership
+  - archives
+- Order number input (optional, default to doc.order)
+- Preview of document metadata
+- Validation feedback (real-time)
+
+**3. Unpublish Modal:**
+- Reason textarea (required for audit trail)
+- Confirmation dialog
+- Show current visibility and category
+
+**4. Drafts Dashboard:**
+- New admin page: GET /api/documents/drafts
+- Show all pending documents
+- Quick publish from this view
+- Sort by date_created (oldest first)
+
+**Files to Create/Modify:**
+- `public/admin/document-publish.html` (new)
+- `public/js/admin/document-publish.js` (new)
+- `public/admin/dashboard.html` (modify - add Drafts link)
+- `public/js/admin/dashboard.js` (modify - add publish buttons)
+
+**API Endpoints (Already Exist):**
+- `POST /api/documents/:id/publish` ✅
+- `POST /api/documents/:id/unpublish` ✅
+- `GET /api/documents/drafts` ✅
+
+**Benefits:**
+- Admins can publish without API calls
+- Visual workflow status tracking
+- Easier content management
+- Clear audit trail visibility
+
+---
+
+## 📋 Medium Priority
+
+### 3. Legacy `public` Field Migration
+**Scheduled:** Week of 2025-10-28
+**Effort:** Low (1-2 hours)
+**Status:** Analysis complete, ready for implementation
+
+**Description:**
+Migrate all documents from legacy `public: true/false` field to modern `visibility` field.
+
+**Current State:**
+- New documents use `visibility: 'public'|'internal'|'confidential'|'archived'`
+- Old documents may have `public: true` instead
+- Public API supports both (backward compatible)
+- No data loss risk
+
+**Migration Script:**
+```javascript
+// scripts/migrate-public-to-visibility.js
+async function migrate() {
+  const collection = await getCollection('documents');
+
+  // Find documents with public field but no visibility
+  const docsToMigrate = await collection.find({
+    public: { $exists: true },
+    visibility: { $exists: false }
+  }).toArray();
+
+  for (const doc of docsToMigrate) {
+    const visibility = doc.public ? 'public' : 'internal';
+    await collection.updateOne(
+      { _id: doc._id },
+      {
+        $set: { visibility },
+        $unset: { public: "" }
+      }
+    );
+  }
+}
+```
+
+**Action Items:**
+1. ⏳ Create migration script
+2. ⏳ Test on local database
+3. ⏳ Backup production database
+4. ⏳ Run migration on production
+5. ⏳ Verify all documents have `visibility` field
+6. ⏳ Update Document.model.js to remove `public` field
+7. ⏳ Update API filters to use only `visibility`
+
+**Benefits:**
+- Cleaner data model
+- Single source of truth
+- Remove backward compatibility code
+- Simplify API logic
+
+**Risk:** Low (backward compatible migration)
+
+---
+
+## 🔍 Low Priority
+
+### 4. Workflow Status UI Indicators
+**Scheduled:** Week of 2025-11-04
+**Effort:** Low (1-2 hours)
+**Status:** Design concept only
+
+**Description:**
+Show draft/review/published states in document viewer and admin interfaces.
+
+**Ideas:**
+- Badge in document cards showing status
+- Color-coded status indicators:
+  - 🟡 Draft (yellow)
+  - 🟠 Review (orange)
+  - 🟢 Published (green)
+- Filter documents by workflow status
+- Admin dashboard showing status distribution
+
+**Benefits:**
+- Visual clarity for admins
+- Quick status overview
+- Better content management
+
+---
+
+### 5. Performance Optimization
+**Scheduled:** Week of 2025-11-11
+**Effort:** Medium (3-4 hours)
+**Status:** Audit needed
+
+**Description:**
+Improve Lighthouse scores and overall performance.
+
+**Target Metrics:**
+- Performance: >90 (current: unknown)
+- Accessibility: >90
+- Best Practices: >95
+- SEO: >95
+
+**Action Items:**
+1. ⏳ Run Lighthouse audit on all key pages
+2. ⏳ Optimize images (WebP conversion)
+3. ⏳ Minify CSS/JS (already using tractatus-theme.min.css)
+4. ⏳ Implement lazy loading
+5. ⏳ Add service worker caching
+6. ⏳ Optimize font loading
+
+**Pages to Audit:**
+- https://agenticgovernance.digital (homepage)
+- https://agenticgovernance.digital/docs.html (documentation viewer)
+- https://agenticgovernance.digital/about.html
+- https://agenticgovernance.digital/researcher.html
+
+---
+
+### 6. Accessibility Audit
+**Scheduled:** Week of 2025-11-18
+**Effort:** Medium (3-4 hours)
+**Status:** Not started
+
+**Description:**
+WCAG 2.1 AA compliance audit and remediation.
+
+**Action Items:**
+1. ⏳ Run axe DevTools audit
+2. ⏳ Fix keyboard navigation issues
+3. ⏳ Add ARIA labels where needed
+4. ⏳ Test with screen readers (NVDA, JAWS)
+5. ⏳ Ensure color contrast ratios
+6. ⏳ Add skip links for navigation
+
+---
+
+## 📊 Tracking
+
+### Completed This Session (2025-10-19)
+- ✅ Mobile navigation UX fix
+- ✅ Document security overhaul (71 internal docs deleted)
+- ✅ Publish workflow implementation
+- ✅ 6 missing PDFs generated
+- ✅ Production deployment verification
+
+### In Progress
+- None
+
+### Blocked
+- None
+
+### Postponed
+- Māori translation outreach (until December 2025)
+
+---
+
+## 🎯 Sprint Planning
+
+### Sprint 1 (Week of 2025-10-21)
+1. CSP violation cleanup (High)
+2. Admin UI for publish workflow (High)
+
+**Estimated Effort:** 5-7 hours
+**Expected Completion:** 2025-10-25
+
+### Sprint 2 (Week of 2025-10-28)
+1. Legacy `public` field migration (Medium)
+2. Workflow status UI indicators (Low)
+
+**Estimated Effort:** 2-3 hours
+**Expected Completion:** 2025-11-01
+
+### Sprint 3 (Week of 2025-11-04)
+1. Performance optimization (Low)
+2. Accessibility audit (Low)
+
+**Estimated Effort:** 6-8 hours
+**Expected Completion:** 2025-11-22
+
+---
+
+## 📈 Success Metrics
+
+### Quality Gates
+- [ ] Zero CSP violations
+- [ ] All admin workflows have UI (not just API)
+- [ ] Single data model for document visibility
+- [ ] Lighthouse performance >90
+- [ ] WCAG 2.1 AA compliance
+
+### Timeline
+- **Sprint 1:** 2025-10-21 to 2025-10-25
+- **Sprint 2:** 2025-10-28 to 2025-11-01
+- **Sprint 3:** 2025-11-04 to 2025-11-22
+
+### Review Points
+- End of each sprint: Review completed tasks
+- Mid-sprint check-in: Adjust priorities if needed
+- Monthly review: Reassess roadmap
+
+---
+
+**Notes:**
+- All tasks are optional and non-blocking
+- Can be reprioritized based on user needs
+- Each task has clear success criteria
+- Effort estimates assume world-class quality standards
+
+**Last Review:** 2025-10-19 (initial creation)
+**Next Review:** 2025-10-25 (after Sprint 1)