Architecture — Frontend Route Map LumisCare Frontend — Complete Route Map Generated: 2026-04-04 Source of truth: frontend/web/src/routes/index.ts + src/components/navigation/sidebar/Sidebar.tsx Mobile source: mobile/app/src/app/ (Expo Router v4, file-based) Total registered web routes: 97 (including aliases and redirects) Portals covered: Back Office, Family Portal, Admin Panel, Mobile App Back Office Routes Route Component Lines Status RBAC Guard Notes / (index) DashboardPage 568 Functional All backoffice roles Full metrics + rota section /clients ClientsPage 131 Functional Most backoffice roles Tabbed navigation, delegates to content components /clients/:id ClientPage — Functional Most backoffice roles Client detail page /assessments AssessmentsPage — Functional Clinical + admin roles Assessments overview /clients/:clientId/assessment/live LiveAssessmentPage — Functional None (no ProtectedRoute) Live assessment flow with client context /clients/assessment/live LiveAssessmentPage — Functional None Live assessment flow without client context /clients/assessment/transcript AssessmentTranscriptPage — Functional None Assessment transcript view /clients/:clientId/body-map BodyMapPage — Functional None Body observations with client context /clients/body-map BodyMapPage — Functional None Body observations without client context /clients/:clientId/assessment/complete AssessmentCompletionPage — Functional None Consent + attendees with client context /clients/assessment/complete AssessmentCompletionPage — Functional None Consent + attendees without client context /clients/assessment/questions/:sectionId QuestionsPage — Functional None Section questions view /clients/assessment/question-management QuestionManagementPage — Functional Clinical + admin roles Drag-and-drop reorder /clients/:clientId/assessment/question-management QuestionManagementPage — Functional Clinical + admin roles Drag-and-drop reorder with client context /clients/assessment/risk-assessment-risks RAQuestionsPage — Functional None Risk assessment questions /clients/assessment/risk-assessment-risks/:sectionId RAQuestionsPage — Functional None Risk assessment questions by section /clients/assessment/section/:sectionId PersonalInformationPage — Functional None Section detail view /clients/assessment/medication/:medicationId/edit EditMedicationPage — Functional Clinical + admin roles Edit medication (QA excluded) /clients/:clientId/assessment/medications/add AddMedicationPage — Functional Clinical + admin + carer Add medication with client context /clients/assessment/medications/add AddMedicationPage — Functional Clinical + admin + carer Add medication without client context /clients/:clientId/assessment/medications/:medicationId MedicationDetailsPage — Functional None Medication details (read-only for QA) /clients/:clientId/assessment/medications/:medicationId/edit EditMedicationPage — Functional Clinical + admin roles Edit medication with client context /employees EmployeePage 753 Functional None (no ProtectedRoute) Full employee list /employees/new CreateEmployeePage — Functional Manager roles only Create employee (QA excluded) /employees/:id EmployeeDetailsPage — Functional None Employee detail page /employees/find-by-skills FindCarersBySkillsPage — Functional None Search carers by qualifications /leaves LeavesOverviewPage 563 Functional None Leave management overview /leaves/approval LeaveRequestApprovalPage — Functional Manager + shift-leader roles Leave request approval (Feature #252) /hr/training-matrix TrainingMatrixPage 636 Functional (1 TODO) HR + manager + admin roles Training compliance matrix /hr/dbs DBSDashboardPage 393 Functional (1 TODO) HR + manager + admin roles DBS certificate status /hr/bradford BradfordDashboardPage 372 Functional (1 TODO) HR + manager + admin roles Bradford Factor scoring /hr/supervisions SupervisionSchedulePage 487 Functional (1 TODO) HR + manager + admin roles Supervision scheduling /hr/care-certificate CareCertificateTrackerPage 450 Functional (1 TODO) HR + manager + admin roles Care Certificate tracker /hr/cqc-pack CQCInspectionPackPage 554 Functional HR + manager + admin roles CQC inspection pack /visits VisitPage — Functional None Visit list and management /visits/activity-log ActivityLogPage — Functional None Visit activity log /visits/gps-checkin GPSCheckInSimulationPage 548 Functional None GPS geofence test tool (Feature #275) /visits/evv EVVPage 111 Functional None Electronic Visit Verification / QR check-in (Feature #277) /visits/live-tracking LiveTrackingDashboard — Functional None Real-time carer location (Feature #287) /visits/completed-events CompletedEventsPage — Functional None Completed visit review before invoicing /visits/handoff ShiftHandoffPage — Functional None SBAR shift handoff notes /backoffice/scheduling SchedulingPage 799 Functional (1 TODO) Coordinator + manager + admin Full calendar/roster grid /backoffice/incidents (index) IncidentsListPage 759 Functional (1 TODO) None Incident list /backoffice/incidents/:id IncidentDetailPage 2487 Functional None Incident detail (investigation tab RBAC-gated inline) /backoffice/incidents/safeguarding SafeguardingPage 59 Functional None RBAC wrapper — delegates to ClientsSafeguardContent /care-plans CarePlansPage 599 Functional (1 TODO) None Care plans list /care-plans/:id CarePlanReviewPage 864 Functional Manager + clinical + admin Care plan approval workflow /care-plans/:id/edit CarePlanEditorPage 1768 Partial (53 TODOs) Manager + clinical + admin 10-section editor — incomplete fields /care-plans/:id/task-linking CarePlanTaskLinkingPage — Functional Manager + coordinator + clinical Task-to-visit-type linking /care-plans/reviews-due CarePlansReviewDuePage 480 Functional Manager + clinical + QA NICE QS123 compliance reviews /ai/care-plan-generator AICarePlanGeneratorPage 582 Functional Clinical + manager + admin AI-powered care plan generation /finance FinancePage 82 Functional ModuleProtectedRoute: finance Tabbed finance hub /finance/audit-log InvoicesAuditLogPage — Functional ModuleProtectedRoute: finance Invoice audit trail /finance/billing InsuranceBillingPage — Functional ModuleProtectedRoute: finance Medicaid/Medicare claim management /billing BillingPage 26 Redirect None Redirects to /finance/billing /intake AddClientPage — Functional Clinical + manager (QA excluded) New client intake /smart-upload SmartUploadPage — Functional Clinical + manager (QA excluded) AI PDF document extraction /reports ReportsPage 283 Functional None Report generation UI /cqc-readiness CQCReadinessPage 277 Functional Manager + clinical + QA + regional KLOE evidence + compliance scoring /training/compliance TrainingCompliancePage 306 Functional Manager + HR + QA + regional Staff training gap analysis /profile ProfilePage — Functional None User profile (all authenticated users) /notifications NotificationsInboxPage — Functional None Notification feed (all authenticated users) /settings/notifications NotificationPreferencesPage — Functional None Channel preferences (Feature #322) Back Office Alias / Redirect Routes Route Destination Type Notes /dashboard / Navigate redirect Legacy path compatibility /compliance /admin/compliance Navigate redirect BUG: wrong destination for backoffice users /incidents /backoffice/incidents Navigate redirect Legacy path compatibility /schedule SchedulingPage (rendered directly) Alias Renders same component as /backoffice/scheduling /training-compliance TrainingCompliancePage (rendered directly) Alias Renders same component as /training/compliance /care-notes familyCareNotesPage (rendered directly) Alias Family portal alias /care-plan familyCarePlanPage (rendered directly) Alias Family portal alias /invoices familyInvoicesPage (rendered directly) Alias Family portal alias Family Portal Routes Route Component Lines Status RBAC Guard Notes /family-portal-dashboard familyDashboardPage 522 Functional (1 TODO) family-member + admin roles Family dashboard /family-portal-carenotes CareNotesPage 1272 Functional family-member + admin roles Full read view of visit notes /family-portal-careplan CarePlanPage 797 Functional (2 TODOs) family-member + admin roles Care plan view /family-portal-invoices InvoicesPage 2479 Functional (2 TODOs) family-member + admin roles Invoices and billing Alias routes (workaround patches): Alias Route Resolves To Notes /care-notes familyCareNotesPage Shortcut alias /care-plan familyCarePlanPage Shortcut alias /invoices familyInvoicesPage Shortcut alias Missing family portal features: No messaging/communication between family and carers. No visit scheduling from family side. No emergency contacts view. Admin Panel Routes Core Admin Routes Route Component Lines Status RBAC Guard Notes /admin/organizations OrganizationsPage 511 Functional (5 TODOs) system-admin + provider-admin Organization management /admin/users UsersPage 991 Functional (7 TODOs) system-admin only User management /admin/roles RolesPage 387 Functional (1 TODO) system-admin only Roles and permissions /admin/settings SettingsPage 524 Functional system-admin only System settings /admin/audit-logs AuditLogsPage 514 Functional (1 TODO) system-admin only Audit trail /admin/compliance ComplianceDashboardPage 555 Functional system-admin only HIPAA compliance dashboard /admin/dscr DSCRCompliancePage 386 Functional system-admin + provider-admin NHS DSCR compliance /admin/data-import DataImportPage — Functional system-admin only CSV/JSON data import /admin/data-export DataExportPage — Functional system-admin only CSV/JSON data export /admin/multi-tenancy MultiTenancyTestPage — Functional system-admin only Organization isolation test /admin/module-subscriptions ModuleSubscriptionsPage — Functional system-admin only Per-org module access (Feature #360) /admin/questions QuestionManagementPage — Functional system-admin + provider-admin Assessment question management (Feature #233) Admin Test / Diagnostic Pages These 18 routes are permanent in the router but function as feature verification tools. They should be gated by a dev/debug feature flag in production builds. Route Component Feature # RBAC Guard Purpose /admin/encryption-compliance EncryptionCompliancePage #362 system-admin Encryption at rest verification /admin/tls-security TLSSecurityTestPage #363 system-admin TLS 1.3/1.2 enforcement /admin/data-residency DataResidencyPage #365 system-admin US data sovereignty /admin/openapi-validation OpenAPIValidationPage #366 system-admin API spec conformance /admin/token-enrichment TokenEnrichmentTestPage #16 system-admin JWT token enrichment /admin/api-auth-test ApiAuthTestPage #17 system-admin Bearer token validation /admin/api-versioning APIVersioningTestPage #367 system-admin /api/v1/ prefix verification /admin/api-sort-test APISortTestPage #369 system-admin Sort parameter verification /admin/request-validation RequestValidationTestPage #371 system-admin Input validation /admin/cors-test CORSTestPage #373 system-admin CORS header verification /admin/fk-constraints ForeignKeyConstraintsTestPage #374 system-admin Referential integrity /admin/check-constraints CheckConstraintsTestPage #376 system-admin Data validation constraints /admin/push-notification-test PushNotificationTestPage #317 system-admin + provider-admin Azure Notification Hub push /admin/sms-notification-test SmsNotificationTestPage #319 system-admin + provider-admin Azure Communication Services SMS /admin/quiet-hours-test QuietHoursTestPage #321 system-admin + provider-admin Critical notification bypass /admin/channel-routing-test ChannelRoutingTestPage #323 system-admin + provider-admin Channel preference routing /admin/device-registration-test DeviceRegistrationTestPage #325 system-admin + provider-admin Mobile device token storage /admin/notification-template-test NotificationTemplateTestPage #324 system-admin + provider-admin Template variable substitution /admin/delivery-tracking-test DeliveryTrackingTestPage #327 system-admin + provider-admin Notification delivery logging /admin/notification-retry-test NotificationRetryTestPage #328 system-admin + provider-admin Failed notification retry /admin/in-app-read-tracking-test InAppReadTrackingTestPage #329 system-admin + provider-admin Read status tracking /admin/notification-analytics NotificationAnalyticsPage #329 system-admin + provider-admin Delivery statistics dashboard Admin Sidebar Navigation (from Sidebar.tsx) The admin sidebar exposes 7 items — only a subset of all admin routes. Test/diagnostic pages are not listed in the sidebar. Sidebar Label Route Allowed Roles Organizations /admin/organizations system-admin + provider-admin Users /admin/users system-admin + provider-admin Roles & Permissions /admin/roles system-admin only Settings /admin/settings system-admin + provider-admin Audit Logs /admin/audit-logs system-admin only HIPAA Compliance /admin/compliance system-admin only NHS DSCR /admin/dscr system-admin + provider-admin Mobile Screens (Expo Router v4) File-based routing at mobile/app/src/app/ . Routes correspond to the filesystem path under (app)/ . Screen / File Lines Status Notes (app)/index.tsx — Home/Schedule 1624 Functional Large comprehensive carer dashboard (app)/schedule.tsx 671 Functional Carer schedule view (app)/visit/[visitId]/index.tsx 490 Functional Visit detail hub (app)/visit/[visitId]/care-note.tsx 46 Functional Thin wrapper, delegates to CareNoteForm (app)/visit/[visitId]/emar.tsx 1182 Functional (2 TODOs) Electronic MAR administration (app)/visit/[visitId]/vitals.tsx 1087 Needs review (19 TODOs) Critical: clinically sensitive vitals screen — highest TODO density in codebase (app)/visit/[visitId]/medications.tsx 122 Functional Medication list for visit (app)/visit/[visitId]/task-validation.tsx 295 Functional (1 TODO) Task validation flow (app)/visit/[visitId]/signature.tsx 308 Functional (2 TODOs) Signature capture (app)/visit/[visitId]/check-out.tsx 5 Functional Thin delegator to CheckOutView (app)/visit/[visitId]/client-details.tsx 264 Functional Client info within visit (app)/visit/[visitId]/structured-note.tsx — Present Structured clinical note entry (app)/visit/[visitId]/observation.tsx — Present Clinical observations (app)/visit/[visitId]/pictures.tsx — Present Camera/media capture (app)/visit/[visitId]/online-assistance.tsx — Present Remote assistance feature (app)/visit/[visitId]/manual-checkout.tsx — Present Manual override checkout (app)/visit/[visitId]/upload-progress.tsx — Present Upload status indicator (app)/assessment/index.tsx 684 Functional (1 TODO) Mobile assessment flow (app)/profile/index.tsx 490 Functional User profile (app)/profile/availability.tsx — Present Carer availability management (app)/video-call/[callId]/index.tsx 31 Present LiveKit WebRTC video call (app)/voice-commands.tsx 390 Functional Voice input feature (app)/notifications/index.tsx — Present Notification feed (app)/notifications/settings.tsx — Present Notification preferences (app)/settings.tsx — Present App settings (app)/dev-tools.tsx — Present Developer tools screen auth.tsx — Present OAuth callback handler Navigation Gaps Menu Item Sidebar Path Route Exists? Content Status Fix Needed Dashboard / Yes Functional (568 lines) None Notifications /notifications Yes Functional None Clients /clients Yes Functional None Employees > DBS Status /hr/dbs Yes Functional (1 TODO) None Employees > Training Matrix /hr/training-matrix Yes Functional (1 TODO) None Employees > Bradford Factor /hr/bradford Yes Functional (1 TODO) None Employees > Supervisions /hr/supervisions Yes Functional (1 TODO) None Employees > Care Certificate /hr/care-certificate Yes Functional (1 TODO) None Employees > CQC Pack /hr/cqc-pack Yes Functional None Schedule (parent) /visits Yes Functional Structural: parent links to /visits but sub-items link to /backoffice/scheduling , /visits/completed-events , /visits/handoff — mixed path hierarchy Schedule > Rostering /backoffice/scheduling Yes Functional (1 TODO) None Schedule > Completed Events /visits/completed-events Yes Functional None Schedule > Shift Handoff /visits/handoff Yes Functional None Care Plans /care-plans Yes Functional (1 TODO) None AI Care Plan /ai/care-plan-generator Yes Functional None Assessments /assessments Yes Functional None Finance /finance Yes Functional (ModuleProtectedRoute) None Incidents /backoffice/incidents/safeguarding Yes Functional (thin wrapper) Architectural: sidebar links to /safeguarding but incidents list is at /backoffice/incidents — users cannot reach incidents list from sidebar Reports /reports Yes Functional None Compliance (parent) /compliance Redirect only Redirects to /admin/compliance BUG P1: backoffice sidebar Compliance parent path redirects to HIPAA admin panel, not to backoffice CQC/compliance hub Compliance > CQC Readiness /cqc-readiness Yes Functional None Compliance > Training Compliance /training/compliance Yes Functional None Mock Data Pages Based on audit evidence, the following pages carry TODO markers explicitly referencing "connect to real API" or similar — indicating they may be rendering mock/sample data in some sections: Page File Location TODO Count Nature of Mock CarePlanEditorPage features/backOffice/carePlans 53 Many section fields not wired to real API — // TODO: connect to real API patterns throughout vitals.tsx (mobile) mobile/app/src/app/(app)/visit/[visitId]/vitals.tsx 19 Clinically sensitive screen with incomplete API wiring UsersPage features/admin/users 7 Minor TODOs — some user management operations may fall back OrganizationsPage features/admin/organizations 5 Minor TODOs IncidentsListPage features/backOffice/incidents/list 1 Single TODO SchedulingPage features/backOffice/scheduling 1 Single TODO in 799-line page CarePlansPage features/backOffice/carePlans 1 Single TODO DBSDashboardPage features/backOffice/hr/pages/DBSDashboardPage 1 Single TODO TrainingMatrixPage features/backOffice/hr/pages/TrainingMatrixPage 1 Single TODO BradfordDashboardPage features/backOffice/hr/pages/BradfordDashboardPage 1 Single TODO SupervisionSchedulePage features/backOffice/hr/pages/SupervisionSchedulePage 1 Single TODO CareCertificateTrackerPage features/backOffice/hr/pages/CareCertificateTrackerPage 1 Single TODO familyPortalDashboardPage pages/familyPortal/dashboard 1 Minor TODO CarePlanPage (family) features/familyPortal/carePlan 2 Minor TODOs InvoicesPage (family) features/familyPortal/invoices 2 Minor TODOs AuditLogsPage features/admin/auditLogs 1 Minor TODO RolesPage features/admin/roles 1 Minor TODO Note on methodology: TODO counts use literal string grep of "TODO". They include code comments such as // TODO: connect to real API and represent technical debt markers, not blank or placeholder UI. No page renders "Coming soon" or empty content. Stub / Placeholder Pages No pages are pure stubs rendering blank or "Coming soon" content. All registered pages render substantive UI. The following are below 50 lines but delegate intentionally: Page File Lines Nature BillingPage features/backOffice/billing 26 Intentional redirect wrapper to /finance/billing SafeguardingPage features/backOffice/incidents/safeguarding 59 Intentional RBAC wrapper delegating to ClientsSafeguardContent check-out.tsx (mobile) (app)/visit/[visitId]/check-out.tsx 5 Intentional thin delegator to CheckOutView component care-note.tsx (mobile) (app)/visit/[visitId]/care-note.tsx 46 Intentional thin wrapper for CareNoteForm video-call/[callId]/index.tsx (mobile) (app)/video-call/[callId]/index.tsx 31 LiveKit integration, thin entry point Unrouted Components The following components exist in the source tree but have no registered route in src/routes/index.ts : Component File Path Concern Level Notes SOSHistoryPage features/backOffice/dashboard/SOSHistoryPage.tsx (96 lines) P1 Referenced in comment as /backoffice/safety/sos-history but route never registered — feature dead end KeywordPage features/backOffice/keywords/pages/KeywordPage.tsx P1 Keyword management feature exists with no route — unreachable RedFlagDetectionDemoPage features/backOffice/clients/pages/RedFlagDetectionDemoPage.tsx P2 Demo/diagnostic page exists but is unrouted Summary Statistics Metric Count Total registered web routes (including aliases/redirects) ~97 Back Office routes (primary) 56 Back Office alias/redirect routes 8 Family Portal routes (primary) 4 Family Portal alias routes 3 Admin core routes 12 Admin test/diagnostic routes 22 Auth routes ( /login , /logout , /access-denied ) 3 Catch-all 404 route 1 Mobile screens 27 Pages with TODO markers (web) 17 Unrouted components 3 Navigation gaps (bugs) 2 confirmed Priority Issues Priority Issue Impact P0 CarePlanEditorPage (1768 lines, 53 TODOs) — core clinical page, incomplete fields Clinical product gap P0 Mobile vitals.tsx (1087 lines, 19 TODOs) — clinically sensitive screen Clinical product gap P1 Sidebar /compliance redirects to HIPAA admin page instead of backoffice CQC/compliance hub Wrong UX for all backoffice users P1 Sidebar Incidents links to /backoffice/incidents/safeguarding — users cannot reach the incidents list from the sidebar Navigation dead end P1 SOSHistoryPage component exists (96 lines) but has no registered route Feature dead end P1 KeywordPage component exists but is not routed Unreachable feature P2 Family portal URLs ( /family-portal-dashboard etc.) violate URL hierarchy — alias patches mask the structural problem UX and URL semantics debt P2 RedFlagDetectionDemoPage exists but is unrouted Dead code P2 switch.tsx file and switch/ folder coexist in src/components/ui/ — import resolution ambiguity Build risk P2 calender folder typo in src/components/ui/ DX friction, propagates through all calendar imports P3 22 admin test/diagnostic pages as permanent routes — should be gated by dev/debug feature flag Security surface area in production, route tree clutter P3 SafeguardingPage (59 lines) delegates to ClientsSafeguardContent — component lives in Clients feature, not Incidents Architectural boundary violation