diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md
index bbf946d..d2b1ec2 100644
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@@ -20,7 +20,7 @@
 - [x] Equipment tracking with OLT/SNMP diagnostics
 - [x] SMS/Email notifications (Twilio + Mailjet)
 - [x] Invoice OCR — originally Ollama Vision, migrated to Gemini 2.5 Flash via targo-hub (2026-04-22, no GPU on ops VM). See [VISION_AND_OCR.md](VISION_AND_OCR.md).
-- [x] Field tech mobile (/t/{token})
+- [x] Field tech mobile (/j/, unified into ops app — see Phase 2.7)
 - [x] Authentik federation (staff → client SSO)
 - [x] Modem-bridge (Playwright headless for TP-Link ONU diagnostics)
 - [x] WiFi diagnostic panel (mesh topology, client signal, packet loss)
@@ -44,6 +44,45 @@
 - [ ] Register DocuSeal webhook in UI (Settings → Webhooks, `form.completed` → hub endpoint) — **manual**
 - [ ] First end-to-end signed acceptance on a real customer quote
 
+## Phase 2.7 — Field ↔ Ops unification at /j (In Progress, started 2026-04-22)
+
+Collapse `apps/field` into `apps/ops/src/modules/tech` so there is one
+PWA, one deploy, one auth surface. See [VISION_AND_OCR.md](VISION_AND_OCR.md)
+for the scan pipeline this depends on.
+
+**Phase 1 — scan + device (Shipped 2026-04-22, commit `e50ea88`)**
+- [x] Invoice OCR on Gemini 2.5 Flash via hub `/vision/invoice` — ops VM no longer needs a GPU
+- [x] Ollama proxy blocks removed from ops + field nginx configs
+- [x] Offline store (`apps/ops/src/stores/offline.js`) — mutation queue + vision queue, time-driven retries, idb-keyval persistence
+- [x] Unified scanner composable (`useScanner.js`) with Mode A (barcodes, 8s timeout + queue) and Mode B (equipment label, sync)
+- [x] TechScanPage at `/j/scan` — camera, 3-tier lookup (serial → barcode → MAC), auto-link to Dispatch Job context, create/link dialogs
+- [x] TechDevicePage at `/j/device/:serial` — 7 cards surfacing full ERPNext relationship graph (Equipment, Customer, Location, Subscription, Issues, Dispatch Jobs, OLT)
+- [x] Documentation: `docs/VISION_AND_OCR.md` (pipeline, §10 relationship graph, §8.1 secrets/rotation)
+
+**Phase 2 — PWA hardening**
+- [ ] Quasar service worker runtime caching scoped to `/j/*` (stale-while-revalidate for reads, network-first for mutations)
+- [ ] Precache the tech route manifest so a cold install with no signal still boots `/j/`
+
+**Phase 4 — Auth unification**
+- [ ] Collapse logout URL to `id.gigafibre.ca` (currently ops points to `auth.targo.ca`)
+- [ ] Decide whether `/j/*` stays behind Authentik forwardAuth or moves to magic-link only
+
+**Phase 5 — Magic-link tech access**
+- [ ] Traefik skip Authentik on `/j/{jwt-token}` route
+- [ ] targo-hub `/otp/tech-link` — mint short-lived JWT bound to technician + job
+- [ ] JWT validation in TechTasksPage → populate tech context without an SSO session
+- [ ] SMS delivery of the link (reuse existing Twilio path)
+
+**Phase 6 — Flow runtime integration**
+- [ ] Wire `flow-runtime` to persist pending steps through `offline.queue` so a tech mid-flow survives a dead zone
+- [ ] Surface queued flow state in TechTasksPage ("3 actions en attente de sync")
+
+**Phase 7 — Remove apps/field**
+- [ ] `git rm -r apps/field` once `/j/*` has parity and has run in production for ≥2 weeks
+- [ ] Remove field build + deploy from CI
+- [ ] Redirect `*.field.gigafibre.ca` (if any) → `erp.gigafibre.ca/ops/#/j/`
+- [ ] Update `docs/ARCHITECTURE.md` service table (drop field row)
+
 ## Phase 3 — Workflows & Automation (In Progress)
 - [ ] Tag technicians with skills (46 techs to tag)
 - [ ] Wire auto-dispatch (cost-optimization matching)