Front-Office Coverage Analysis This document compares the requirements defined in the Next-Generation CMS — Technical Architecture specification (V0.1, October 2025) against the actual state of the Front-Office codebase (cms-fo v0.12.6).
It serves as a living reference for tracking progress toward production readiness (v1.0).
Last updated: February 2026. Based on spec sections 3–6 and the technical roadmap (section 10).
1. Technology Stack Reference: spec sections 4.2, 4.6.
Requirement Status Details Nuxt 4 / Vue 3 Covered Nuxt 4.2.2, Vue 3.5.22 TypeScript Covered TypeScript 5.9.3 SSR + Static Generation (hybrid) Covered SSG enabled, ISR configured in nuxt.config.ts Node.js >= 18 Covered Enforced in package.json engines Stateless container Covered No local state; horizontal scaling ready Tailwind CSS Covered Tailwind CSS v4.1.16 via Vite
Verdict: 100% covered. 2. Roadmap Milestones (FO Track) Reference: spec section 10.1.
Version Scope Status Notes v0.1 Project bootstrap, static content render Done Nuxt skeleton, base components, Helm-ready v0.3 Pages + articles SSR, i18n, CDN delivery test Done SSR pages, articles, 3 locales (EN/FR/NL), cache headers v0.5 Preview tokens (X-Preview-Token) + Redis cache Partial Preview composables exist (usePreview, useIsPreviewMode, server middleware). Redis not connected — server stores data in local JSON v0.7 Dashboard metrics, Unlayer integration, Matomo stub Partial Unlayer parser integrated, cache-metrics page exists. Matomo not integrated v0.9 Dynamic blocks (token-driven) + theme customization Done 95+ blocks, 4 design templates, full design-token architecture v1.0 Hardening, perf audits (k6 + Lighthouse), accessibility AA Partial Performance optimizations in place. k6, Lighthouse CI, and formal a11y audit missing
3. Content & Routing Reference: spec sections 4.2, 10.1 (v0.3–v0.8).
Requirement Status Implementation Static pages (SSR) Covered pages/[slug].vue, pages/index.vueArticles / blog Covered pages/articles/index.vue, pages/articles/[slug].vue, useArticles composableCategories Covered pages/categories/, useCategories composableTags Covered pages/tags/, useTags composableSearch Covered pages/search.vue, useSearch composableArchive by date Covered pages/archive/[year]/[month].vueGallery Covered pages/gallery/[slug].vueEvents Covered pages/events/[slug].vueBreadcrumbs / navigation Covered useBreadcrumbs, useMenu, Header/Footer componentsi18n (multilingual) Covered @nuxtjs/i18n with 3 locales, useLocaleFallback, localized slugsSitemap Covered server/routes/sitemap.xml.get.ts
Verdict: 100% covered. 4. Shared Services Integration Reference: spec sections 3.2, 5.2.
Service Spec requirement FO status Gap CMS API (Symfony)FO consumes public REST endpoints Covered useApiConfig, per-composable fetching, configurable base URLKeycloak (OIDC)Auth for preview / private areas Partial Keycloak env vars present (KEYCLOAK_*). FO is public-facing; auth limited to builder/preview context CDN (EU, Surrogate-Key purge)Edge delivery of SSR + assets Not covered Cache headers configured (s-maxage, stale-while-revalidate). No CDN integration, no surrogate-key purge mechanism S3 (media storage)Serve media via CDN URLs Covered NUXT_PUBLIC_MEDIA_BASE_URL configured; images served from S3-compatible originRedis (cache, preview tokens)Cache JWKS, preview tokens, rate-limits Not covered Server uses local JSON storage. No Redis client in FO Elasticsearch / OpenSearch Full-text search Not covered useSearch composable exists but queries the CMS API — no direct search-engine connectionMatomo (analytics + CMP)GDPR-compliant analytics Not covered No Matomo script, no CMP integration OpenTelemetry Traces, metrics, logs Partial useWebVitals tracks Core Web Vitals client-side. No OpenTelemetry SDK, no server-side instrumentationn8n (webhooks)Event-driven automation N/A Events are emitted by the API, not the FO
5. Non-Functional Requirements Reference: spec sections 4.8, 5.3, 5.4.
SLO Target FO status Gap Lighthouse score >= 90 (Perf / SEO / A11y)Not verified No Lighthouse CI in pipeline. Optimizations in place (code splitting, lazy loading, nuxt-vitalizer, nuxt-delay-hydration) TTFB (EU) <= 600 msNot measured No CDN analytics, no RUM Cache hit ratio (public routes) >= 85%Not measured No CDN integrated Error rate <= 1% over 5 minNot measured No Prometheus / alerting integration
5.2 Security Requirement Status Details CSP (hash-only) Covered server/plugins/csp-hash.ts generates SHA-256 hashes at build timeTrusted Types (report-only v1) Not covered Not implemented TLS 1.3 N/A (FO) Handled by Ingress Controller EU data residency Covered No data stored in FO; all data from API / S3 HTML sanitization Covered utils/sanitizeInlineHtml.tsSecurity utils Covered utils/security.ts
5.3 Accessibility Requirement Status Details RGAA / WCAG 2.1 AA baseline Partial useA11y composable, utils/a11y.ts utilities. No formal audit or automated scoring in CI
5.4 Observability Requirement Status Details OpenTelemetry traces Not covered No OTel SDK Prometheus metrics Not covered No metrics endpoint Centralized logs Not covered No structured log export Web Vitals (RUM) Partial useWebVitals in app.vue — client-side only, not forwarded to OTel collector
6. Design System & Theming Reference: spec section 6.2 (“Areas Extending the Platform”).
Requirement Status Details Design-token system Covered Full architecture: baseColors → palette (50–950) → semantic tokens → CSS variables Multi-template rendering Covered 4 templates: Default, AuroraPulse, CanvasMosaic, NordicLedger Token-driven dynamic blocks Covered 95+ blocks with per-template variants; BlockTemplateWrapper, useBlockVariant, variantResolver Token generation script Covered scripts/generate-design-tokens.mjsTemplate-specific CSS Covered assets/styles/templates-*.css, tokens.*.generated.css
Verdict: 100% covered. 7. CI/CD & Quality Gates Reference: spec sections 5.6, 10.1 (v1.0).
Requirement Status Gap k6 load testing Not covered No k6 scripts or CI integration Lighthouse CI audits (>= 90) Not covered No Lighthouse CI step Automated security scans (Trivy / Grype) Not covered No container image scanning in FO repo Helm charts Not covered No Helm chart in FO repo (may live elsewhere) Dockerfile Not covered No Dockerfile in FO repo
8. Summary Scorecard Category Coverage Score Technology Stack Full 100% Content Management (pages, articles, categories, tags, search) Full 100% i18n / Multilingual Full 100% Design Tokens & Theming Full 100% Dynamic Blocks Full 100% Preview Mode Composables OK, no Redis ~70% API Integration Working, homepage still on temp JSON ~80% CDN / Surrogate-key Purge Not started 0% Search Engine (ES / OpenSearch) Not connected 0% Analytics (Matomo + CMP) Not started 0% Observability (OpenTelemetry) Web Vitals only ~20% Performance CI (k6 + Lighthouse) Not integrated 0% Accessibility (formal audit) Utils OK, no CI gate ~40% Security (CSP + Trusted Types) CSP OK, Trusted Types missing ~60% Containerization (Dockerfile + Helm) Not in FO repo 0%
Overall estimated coverage: ~65–70% 9. Gap Prioritization (Path to v1.0) Ordered by impact and dependency chain:
Priority Gap Rationale P0 CDN integration + surrogate-key purge Core delivery model described in spec 4.2. Blocks all cache-hit-ratio SLOs P0 Dockerfile + Helm chart Required for Kubernetes deployment (spec 4.5) P1 Redis integration (preview tokens) Replaces temporary JSON storage. Required for multi-instance preview (spec v0.5) P1 OpenTelemetry SDK Required for platform observability alignment (spec 5.5) P1 Matomo + CMP Required for GDPR-compliant analytics (spec 5.2, v0.7) P2 Lighthouse CI Quality gate for merge-to-main (spec 5.6.2) P2 k6 load testing SLO verification in CI (spec 5.6.2) P2 Search engine connection Full-text search via ES/OpenSearch (spec v0.8) P2 Trusted Types (report-only) Additional XSS mitigation layer (spec 5.3.3) P3 Formal accessibility audit RGAA / WCAG 2.1 AA certification (spec 4.8) P3 Homepage blocks: migrate from JSON to API Remove temporary storage, use real API endpoint
Further Reading
Architecture Overview Full system architecture and design patterns
Technical Roadmap Current development roadmap
API Contracts API endpoint specifications
Multi-Tenancy Tenant isolation and multi-site model
