docs(roadmap): add template edit, healthz, JSON logs to shipped; add deploy pipeline to next-up

Roadmap.md

@@ -14,6 +14,27 @@
 | 15 | Month lifecycle: Planning, Active, Closed with reconciliation gate | 2026-04-17 |
 | 17 | UI redesign: condensed-sans ledger style with logo in the zero hero | 2026-04-17 |
 | 19 | Backing transaction ledger: replace applied field with Postings | 2026-04-17 |
+| 21 | Budget-side inline edit of entry name and amount | 2026-04-17 |
+| 26 | `/healthz` endpoint for container healthcheck | 2026-04-19 |
+| 27 | Emit structured JSON logs to stdout (Loki-ready) | 2026-04-19 |
+
+## Next up — deploy to home-ctr-onyx
+
+Tracked by the platform-contract intake (#25, closed). Platform side is
+provisioned (DNS, Traefik middlewares, bind mount, basic-auth creds —
+see [PlatformContractQuartermaster](https://forgejo.labbity.unbiasedgeek.com/homelab/homelab-IaC/wiki/PlatformContractQuartermaster)).
+App side is broken into three dependent issues:
+
+| # | Title | Depends on |
+|---|---|---|
+| 28 | Dockerfile for quartermaster-web container | — |
+| 29 | compose.yml for home-ctr-onyx deploy | #28 |
+| 30 | Forgejo Actions workflow for deploy | #28 + #29 |
+| 31 | Small cleanups from platform-prep code review | — |
+
+#31 is non-blocking polish (logger placement in `service.py`,
+middleware-vs-router comment in `routes_health.py`, richer
+`template_entry_updated` extras). Land when convenient.
 
 ## Deferred
 
@@ -64,11 +85,11 @@ schema. First pass: a sparkline per category across the last N months.
 Bulk in for seeding a fresh install, bulk out for taxes or external
 analysis. Month-scoped and budget-scoped variants.
 
-### Auth
+### App-level auth (future)
 
-Single-user, local-only today. If the app ever runs on a LAN or is
-exposed externally, add a simple password gate or run behind an
-SSO-aware reverse proxy.
+Today auth is Traefik-side (basic auth at the edge). If the app ever
+needs per-user views or a richer session model, an app-level login
+would slot in. Until then, there is no login page inside Quartermaster.
 
 ### localStorage persistence of collapsed groups
 
@@ -76,12 +97,13 @@ Today the open/closed state of section groups resets on every page
 load. A tiny `localStorage` hook would remember which groups a given
 browser last had open.
 
-### Budget entry name / amount edit
+### Observability follow-ups
 
-Budget entries currently require delete-and-recreate to change the
-name or amount. Notes are editable inline. Extending the inline edit
-pattern to name and amount on the budget page would mirror what the
-month page already allows.
+The launch alert set is container-down + TLS expiry + elevated 5xx
+rate, all wired platform-side. Richer signal (histograms for
+`http_request` latency, a Grafana dashboard for Quartermaster events,
+Prometheus `/metrics` endpoint) is out of scope for launch. File if
+the single-user Loki view ever proves insufficient.
 
 ## Out of scope (probably forever)