diff --git a/Roadmap.md b/Roadmap.md
index a1b9c2e..096fc26 100644
--- a/Roadmap.md
+++ b/Roadmap.md
@@ -17,24 +17,20 @@
 | 21 | Budget-side inline edit of entry name and amount | 2026-04-17 |
 | 26 | `/healthz` endpoint for container healthcheck | 2026-04-19 |
 | 27 | Emit structured JSON logs to stdout (Loki-ready) | 2026-04-19 |
+| 28 | Dockerfile for quartermaster-web container | 2026-04-19 |
+| 29 | compose.yml for home-ctr-onyx deploy | 2026-04-19 |
+| 30 | Forgejo Actions workflow for deploy to home-ctr-onyx | 2026-04-19 |
+| 35 | uvicorn `--proxy-headers` so `url_for` works behind Traefik | 2026-04-19 |
 
-## Next up — deploy to home-ctr-onyx
+## Outstanding
 
-Tracked by the platform-contract intake (#25, closed). Platform side is
-provisioned (DNS, Traefik middlewares, bind mount, basic-auth creds —
-see [PlatformContractQuartermaster](https://forgejo.labbity.unbiasedgeek.com/homelab/homelab-IaC/wiki/PlatformContractQuartermaster)).
-App side is broken into three dependent issues:
+#31 **small cleanups from platform-prep code review** is non-blocking
+polish (logger placement in `service.py`, middleware-vs-router comment
+in `routes_health.py`, richer `template_entry_updated` extras). Fold
+into whichever follow-up PR naturally touches those files.
 
-| # | Title | Depends on |
-|---|---|---|
-| 28 | Dockerfile for quartermaster-web container | — |
-| 29 | compose.yml for home-ctr-onyx deploy | #28 |
-| 30 | Forgejo Actions workflow for deploy | #28 + #29 |
-| 31 | Small cleanups from platform-prep code review | — |
-
-#31 is non-blocking polish (logger placement in `service.py`,
-middleware-vs-router comment in `routes_health.py`, richer
-`template_entry_updated` extras). Land when convenient.
+#23 **MCP proposal for exposing Quartermaster to AI agents** is a
+design discussion, not committed work.
 
 ## Deferred
 
@@ -97,6 +93,21 @@ Today the open/closed state of section groups resets on every page
 load. A tiny `localStorage` hook would remember which groups a given
 browser last had open.
 
+### Browser-rendered-page smoke test
+
+The `/healthz` smoke in the deploy workflow doesn't exercise template
+URL generation, which is how #35 slipped past CI and into production.
+A CI step that loads `/` through Traefik and asserts every `<link>`
+and `<img>` href is https-scheme would have caught it before the user
+did.
+
+### Rollback automation
+
+Rollback today is manual: set `QUARTERMASTER_TAG` in the host's
+`.env` to a prior SHA, `docker compose up -d`. A one-line re-deploy
+job that accepts a tag would be worth ~30 minutes of work once we
+have a reason to roll back under pressure.
+
 ### Observability follow-ups
 
 The launch alert set is container-down + TLS expiry + elevated 5xx
