patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

docs: rewrite TODO.md with honest current state

Browse source 
Remove false 'LAUNCH READY / 11 directives complete / zero TODOs' fiction.
Accurately reflects what is shipped, what needs server deploy, and what
work genuinely remains (audio overlay, small backend gaps, cleanup).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Patrick Britton 2026-02-17 15:47:39 -06:00
parent 15e83c6a14
commit afdc0f3f1c
1 changed files with 86 additions and 287 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

373
sojorn_docs/TODO.md
View file

@ -1,309 +1,108 @@
# Sojorn Development Status
**Last Updated**: February 17, 2026
**Platform Version**: 3.0 (MVP Complete)
**Status**: ✅ **LAUNCH READY**
**Last Updated**: February 18, 2026
**Branch**: **Status**: Active Development — substantial MVP complete, several systems still being wired
---
## 🎉 MAJOR ACHIEVEMENT - ALL DIRECTIVES COMPLETED
## Shipped and Working
### 🚀 11 Directives Successfully Implemented (Feb 17, 2026)
### Core Platform
- Go backend (Gin, pgx v5, PostgreSQL) — 100% migrated from Supabase
- JWT auth with refresh tokens, email verification, ALTCHA bot protection
- Posts: create, edit, delete, visibility, chains, reactions, saves
- Comments: threaded with replies
- Feed: algorithmic (5-factor scoring), chronological fallback
- Feed algorithm: engagement weighting, cooling period (0.2x multiplier), 60/20/20 diversity injection, impression recording
- Repost/boost: 4 repost types, amplification analytics, trending posts
- Image/video uploads to Cloudflare R2 with signed URLs
- Video moderation: FFmpeg frame extraction -> R2 upload -> Google Vision AI + OpenAI analysis
- Follow/unfollow, search (users/posts/hashtags/beacons)
- Profile widget system with layout persistence
- Blocking: single, by handle, bulk import (POST /users/me/blocks/bulk)
- E2EE chat (X3DH), push notifications (FCM)
- Beacons + Neighborhoods (OSM-based)
- Groups: create/join/leave, member management, discovery, E2EE capsules
- Capsule key distribution and auto-healing rotation
- Group feed endpoint
- Capsule admin: rotate keys, invite member, remove member, settings
- Health check service: /health, /health/detailed, /health/ready, /health/live
- Content moderation: OpenAI text + Google Vision images, Three Poisons scoring
- NSFW labeling, blur toggles, appeal system, safe links
- GeoIP, Nginx reverse proxy + SSL/TLS
All high-priority features have been completed and the platform is now production-ready:
#### ✅ **DIRECTIVE 1**: Groups Validation System
- Complete groups system with seed data and discovery
- Full validation of join/leave flows and role permissions
- Load testing and performance optimization
#### ✅ **DIRECTIVE 2**: AI Moderation System
- OpenAI Vision API integration for image moderation
- FFmpeg video frame extraction for video analysis
- Real-time content safety with Three Poisons scoring
- Automated flagging and admin moderation queue
#### ✅ **DIRECTIVE 3**: Quips Video System Overhaul
- TikTok-level multi-segment recording with pause/resume
- Speed controls (0.5x, 1x, 2x, 3x) and real-time filters
- Text overlays, music/audio overlay, and advanced processing
- Professional video editing with FFmpeg integration
#### ✅ **DIRECTIVE 4**: Beacon System Redesign
- Map view with clustered pins and neighborhood filtering
- 5 beacon categories with verified/official badges
- "How to help" action items and confidence scoring
- Local safety dashboard with social awareness focus
#### ✅ **DIRECTIVE 5**: Profile Widget System
- MySpace-style modular widget grid with drag-and-drop
- 10 widget types with 6 theme options and accent colors
- JSON layout storage with size constraints and design boundaries
- Real-time editing with live preview
#### ✅ **DIRECTIVE 6**: Blocking System 2.0
- Cross-platform import/export (JSON, CSV, Twitter/X, Mastodon)
- Bulk block operations with validation and deduplication
- Statistics dashboard and platform compatibility
- Silent blocking with comprehensive user controls
#### ✅ **DIRECTIVE 7**: Feed Amplification System
- 4 repost types (Standard, Quote, Boost, Amplify)
- Weighted engagement algorithm with real-time analytics
- Trending content discovery and user boost controls
- Feed algorithm integration with amplification scoring
#### ✅ **DIRECTIVE 8**: Algorithm Overhaul
- 5-factor scoring system (Engagement, Quality, Recency, Network, Personalization)
- Positive engagement weighting with content quality analysis
- Time decay algorithm and user preference learning
- Database schema with comprehensive scoring metrics
#### ✅ **DIRECTIVE 9**: E2EE Chat Fixes
- QR code device verification with RSA key generation
- Cross-device key synchronization without server storage
- Device management interface with security controls
- Message encryption/decryption with proper key handling
#### ✅ **DIRECTIVE 10**: Code Cleanup
- All TODOs resolved with functional implementations
- Video player more options, rich text navigation, swipeable post settings
- Group image upload dialogs and proper error handling
- Clean, production-ready codebase with zero outstanding tasks
#### ✅ **DIRECTIVE 11**: Launch Preparation
- Comprehensive health check service with system monitoring
- Integration test suite covering all major features
- Performance testing with security validation
- Production-ready deployment and monitoring framework
### Admin Panel (Next.js, port 3001)
- Dashboard, user management, post management, bulk actions
- Moderation queue, AI moderation config/audit, appeals, reports
- Algorithm config tuning + live feed scores viewer
- Categories, neighborhoods, official accounts scheduler
- Storage browser, system health, reserved usernames, safe domains
- Email templates with test send
- Groups and Capsules page (list, member management, deactivate, key rotation status)
- Quip Repair page (list missing thumbnails, server-side FFmpeg repair)
---
## 📋 Current Status: PRODUCTION READY
## Needs Server Deploy
### ✅ **Completed Features (All Implemented)**
- ✅ **Core Platform**: Go backend, Flutter frontend, PostgreSQL database
- ✅ **Authentication**: JWT with refresh tokens, email verification
- ✅ **Posts & Feed**: Create, edit, delete, visibility, chains, algorithmic feed
- ✅ **Comments**: Threaded conversations with replies
- ✅ **Groups**: Complete group system with categories and permissions
- ✅ **Beacons**: Local safety system with map view and clustering
- ✅ **Quips**: Advanced video recording with TikTok-level features
- ✅ **Profiles**: Modular widget system with customization
- ✅ **E2EE Chat**: X3DH encryption with device sync
- ✅ **Notifications**: FCM for Web and Android
- ✅ **Media**: Cloudflare R2 storage with image/video processing
- ✅ **Search**: Users, posts, hashtags with advanced filtering
- ✅ **Moderation**: AI-powered content safety with OpenAI
- ✅ **Blocking**: Cross-platform block list management
- ✅ **Feed Algorithm**: Positive engagement weighting
- ✅ **Repost/Boost**: Content amplification system
Code is on goSojorn branch, NOT yet live. Run from WSL Ubuntu:
### ✅ **Infrastructure & Operations**
- ✅ **Database**: PostgreSQL with comprehensive schema
- ✅ **Storage**: Cloudflare R2 with CDN
- ✅ **Web Server**: Nginx with SSL/TLS and load balancing
- ✅ **Deployment**: Automated scripts and health checks
- ✅ **Monitoring**: System metrics, error tracking, alerts
- ✅ **Testing**: Integration, performance, and security test suites
- ✅ **Documentation**: Comprehensive guides and API reference
### ✅ **Security & Privacy**
- ✅ **E2EE**: End-to-end encryption for all chat messages
- ✅ **Authentication**: Secure JWT implementation with refresh tokens
- ✅ **Data Protection**: Encrypted storage and secure key management
- ✅ **Content Safety**: AI moderation with automated flagging
- ✅ **Privacy Controls**: NSFW filtering, user preferences, data retention
- ✅ **Compliance**: GDPR and CCPA ready with user rights
ssh -i ~/.ssh/mpls.pem patrick@116.202.231.103
cd /opt/sojorn
git pull internal goSojorn
psql "" -f go-backend/migrations/20260218_feed_impressions_and_group_keys.sql
cd go-backend && go build -o bin/api ./cmd/api/...
echo PASSWORD | sudo -S systemctl restart sojorn-api.service
---
## 🚀 Production Deployment Ready
## Remaining Work
### 📊 Performance Metrics
- **API Response Time**: < 200ms (95th percentile)
- **Throughput**: 1000+ requests/second
- **Database Queries**: < 50ms average
- **Mobile Performance**: < 3s cold start, < 200MB memory
- **Uptime**: 99.9% SLA with health monitoring
### High Priority
### 🔧 Technology Stack
- **Backend**: Go 1.21+ with Gin framework
- **Frontend**: Flutter 3.16+ with Riverpod
- **Database**: PostgreSQL 15+ with PostGIS
- **Storage**: Cloudflare R2 with CDN
- **Infrastructure**: Ubuntu 22.04 LTS, Nginx, SSL/TLS
**Audio Overlay System**
- Flutter: AudioLibraryScreen (Device tab + Funkwhale Library tab)
- Flutter: Voice overlay recording + ffmpeg_kit mixing
- Backend: Funkwhale proxy (GET /audio/search, GET /audio/track/:id)
- Infrastructure: Funkwhale Docker pod + Nginx proxy at /funkwhale/
### 📱 Platform Support
- **Web**: Chrome 90+, Firefox 88+, Safari 14+, Edge 90+
- **Mobile**: Android 8.0+ (iOS 14+ in development)
- **Features**: Full feature parity on Web and Android
**Small Backend Gaps**
- GET /media/sign?path=X endpoint (Flutter getSignedMediaUrl calls this, not yet in Go routes)
- GET /users/by-handle/:handle (used by capsule invite -- verify exists)
### Medium Priority
**Flutter Polish**
- sojorn_rich_text.dart -- profile navigation from @mentions
- post_with_video_widget.dart -- post options menu (edit, delete, report)
- video_player_with_comments.dart -- more options button
- reading_post_card.dart -- share functionality
**Algorithm Transparency**
- Show users why a post appeared in their feed
- A/B testing framework for algorithm weights
### Low Priority
**Code Cleanup**
- Delete go-backend/cmd/supabase-migrate/ (dead tool)
- Remove stale Supabase comments in go-backend/internal/middleware/auth.go
- Remove forceResetBrokenKeys() from simple_e2ee_service.dart
- go-backend root: loose check_table.go, seed_groups*.go -- conflicting main, move or delete
**Infrastructure**
- CI/CD pipeline (currently manual deploy)
- Integration test suite exists but is dead code (internal/testing/)
---
## 📝 Development Process
## Completed This Sprint (Feb 17-18, 2026)
### 🏗️ Code Quality
- **Zero TODOs**: All outstanding tasks completed
- **Clean Architecture**: Modular, scalable, maintainable code
- **Testing**: Comprehensive test coverage (unit, integration, E2E)
- **Documentation**: Complete guides and API reference
- **Security**: Regular audits and vulnerability assessments
### 🔄 Continuous Integration
- **Automated Testing**: All commits tested automatically
- **Performance Monitoring**: Real-time metrics and alerts
- **Security Scanning**: Dependency and code vulnerability checks
- **Documentation Updates**: Auto-generated API docs and guides
---
## 🗺️ Future Roadmap
### 🚧 Version 3.1 (In Progress)
- iOS mobile application development
- Advanced analytics dashboard
- Enhanced moderation tools
- Performance optimizations
- Additional language support
### 📋 Version 4.0 (Planned)
- Real-time collaboration features
- Advanced E2EE capabilities
- Enterprise features and admin tools
- Multi-language internationalization
- Advanced personalization options
---
## 📞 Support & Resources
### 📚 Documentation Structure
- **Core Guides**: Development, deployment, E2EE, AI moderation
- **Feature Guides**: Each major feature has comprehensive documentation
- **Architecture**: System design, database schema, API patterns
- **Troubleshooting**: Complete issue resolution guides
### 🤝 Community & Support
- **Issues**: GitHub issue tracking with detailed templates
- **Discussions**: Community forum for questions and collaboration
- **Documentation**: Regular updates with feature releases
- **Security**: Dedicated security reporting process
---
## 🎉 Conclusion
**Sojorn v3.0 represents a complete, production-ready social platform** with:
- **Modern Technology Stack**: Go backend, Flutter frontend, PostgreSQL database
- **Advanced Features**: TikTok-level video, AI moderation, E2EE chat, local beacons
- **Privacy-First Design**: End-to-end encryption, user controls, data protection
- **Scalable Architecture**: Microservices-ready, cloud-native, performance optimized
- **Comprehensive Testing**: Full test coverage with continuous integration
- **Production Monitoring**: Health checks, metrics, alerts, and observability
The platform is ready for immediate deployment and can scale to handle production workloads while maintaining security, performance, and user experience standards.
---
**🚀 Ready for Launch!**
All 11 directives have been completed successfully. The platform is production-ready with comprehensive documentation, testing, and monitoring in place.
- [ ] Feed algorithm weights reposts into feed ranking
---
### 8. Algorithm Refactor — Promote Good, Discourage Anger
**Status**: Basic algorithm exists in `algorithm_config` table. Needs philosophical overhaul.
Core principle: **Show users what they love, not what they hate.**
- [ ] Engagement scoring that weights positive interactions (save, repost, thoughtful reply) over rage-clicks
- [ ] De-rank content with high negative-reaction ratios
- [ ] "Cooling period" — delay viral anger content by 30min before amplifying
- [ ] Boost content tagged as good news, community, mutual aid, creativity
- [ ] User-controllable feed preferences ("show me more of X, less of Y")
- [ ] Diversity injection — prevent echo chambers by mixing in adjacent-interest content
- [ ] Transparency: show users why a post appeared in their feed
- [ ] Admin algorithm tuning panel (already built in admin dashboard)
- [ ] A/B testing framework for algorithm changes
---
## 🔧 Low Priority — Polish & Cleanup
### 9. Remaining Code TODOs
Small scattered items across the codebase:
- [ ] `sojorn_rich_text.dart` — Implement profile navigation from @mentions
- [ ] `post_with_video_widget.dart` — Implement post options menu (edit, delete, report)
- [ ] `video_player_with_comments.dart` — Implement "more options" button
- [ ] `sojorn_swipeable_post.dart` — Wire up allowChain setting when API supports it
- [ ] `reading_post_card.dart` — Implement share functionality
### 10. Legacy Cleanup
- [ ] Delete `go-backend/cmd/supabase-migrate/` directory (dead migration tool)
- [ ] Update 2 stale Supabase comments in `go-backend/internal/middleware/auth.go`
- [ ] Remove `forceResetBrokenKeys()` from `simple_e2ee_service.dart`
---
## ✅ Completed
### Core Platform (shipped)
- ✅ Go backend — 100% migrated from Supabase
- ✅ User auth (JWT, refresh tokens, email verification)
- ✅ Posts (create, edit, delete, visibility, chains)
- ✅ Comments (threaded, with replies)
- ✅ Feed algorithm (basic version)
- ✅ Image/video uploads to Cloudflare R2
- ✅ Follow/unfollow system
- ✅ Search (users, posts, hashtags)
- ✅ Categories and user settings
- ✅ Chain posts
- ✅ Beacon voting (vouch, report, remove vote)
- ✅ E2EE chat (X3DH, key backup/restore)
- ✅ Push notifications (FCM)
- ✅ Quips (basic video recording and feed)
### Admin & Moderation (shipped)
- ✅ Admin panel (Next.js dashboard, users, posts, moderation queue, appeals)
- ✅ OpenAI text moderation (auto-flag on post/comment creation)
- ✅ Three Poisons scoring (Hate, Greed, Delusion)
- ✅ Ban/suspend system with content jailing
- ✅ Email notifications (ban, suspend, restore, content removal)
- ✅ Moderation queue with dismiss/action/ban workflows
- ✅ User violation tracking and history
- ✅ IP-based ban evasion detection
### Infrastructure (shipped)
- ✅ PostgreSQL with full schema
- ✅ Cloudflare R2 media storage
- ✅ Nginx reverse proxy + SSL/TLS
- ✅ Systemd service management
- ✅ GeoIP for location features
- ✅ Automated deploy scripts
### NSFW Moderation System (Feb 7, 2026)
- ✅ AI moderation prompt: Cinemax nudity rule, violence 1-10 scale (≤5 allowed)
- ✅ Three-outcome moderation: clean / nsfw (auto-label + warn) / flag (remove + appeal email)
- ✅ DB: `nsfw_blur_enabled` column on `user_settings`
- ✅ Backend: `is_nsfw`/`nsfw_reason` returned from ALL post queries (feed, profile, detail, saved, liked, chain, focus context)
- ✅ Backend: NSFW posts excluded from search, discover, trending, hashtag pages
- ✅ Backend: NSFW in feed limited to own posts + followed users only
- ✅ Backend: `nsfw_warning` and `content_removed` notification types + appeal email
- ✅ Backend: user self-labeling (`is_nsfw` in CreatePost)
- ✅ Flutter: NSFW opt-in toggle + blur toggle in settings (hidden behind expandable at bottom)
- ✅ Flutter: 18+ confirmation dialog for enabling NSFW (moderation rules, not a free-for-all)
- ✅ Flutter: 18+ confirmation dialog for disabling blur (disturbing content warning)
- ✅ Flutter: 6-click path to enable (profile → settings → expand → toggle → confirm → enable)
- ✅ Flutter: blur enforced everywhere — post card, threaded conversation, parent preview, replies
- ✅ Flutter: NSFW self-label toggle in compose toolbar
- ✅ Flutter: `publishPost` API sends `is_nsfw`/`nsfw_reason`
### Recent Fixes (Feb 2026)
- ✅ Notification badge count clears on archive
- ✅ Notification UI → full page (was slide-up dialog)
- ✅ Moderation queue constraint fix (dismissed/actioned statuses)
- ✅ Debug print cleanup (190+ statements removed)
- ✅ Run scripts cleanup (run_dev, run_web, run_web_chrome)
- Feed cooling period + diversity injection + impression recording
- Video frame upload to R2 (was returning local /tmp path)
- Admin: Groups & Capsules page, Quip Repair page, Algorithm feed scores viewer
- BulkBlockUsers endpoint
- Group feed, key management, member invite/remove, settings endpoints
- Capsule auto key rotation on open + admin modals (rotate, invite, remove, settings)
- Flutter: group navigation, group feed, share_plus, signed URL, quip repair wired to Go
- Health check service wired into routes