diff --git a/help4bis-claude-notes/decisions.md b/help4bis-claude-notes/decisions.md index ad92c65..30d7005 100644 --- a/help4bis-claude-notes/decisions.md +++ b/help4bis-claude-notes/decisions.md @@ -21,3 +21,51 @@ ### 2026-04-10 17:05 — Fix web metadata to M8Chat branding - **Files:** web/index.html, web/manifest.json - **Status:** Done + +### 2026-04-11 02:00 — Add Jitsi Conference tab to bottom nav +- **Decision:** Added 4th tab (videocam icon) to authenticated bottom nav so logged-in users can join Jitsi conferences +- **Rationale:** Jitsi join was only accessible on the unauthenticated welcome screen. Logged-in users could never reach it. +- **Files affected:** rooms_screen.dart (v1.3.0), conference_tab.dart (new), jitsi_screen.dart (Back→/rooms) +- **Status:** Done and deployed + +### 2026-04-11 03:00 — LiveKit E2EE frame encryption attempt +- **Decision:** Added CallE2EEManager for m.rtc.encryption_keys to-device key exchange + E2EEOptions on LiveKit Room +- **Rationale:** Element X encrypts video frames with AES-GCM. Without decryption, video is scrambled. +- **Files affected:** call_e2ee.dart (new), livekit_service.dart (v1.4.0) +- **Status:** PARTIALLY WORKING — E2EE worker requires SharedArrayBuffer which needs COOP/COEP headers. Headers added to .htaccess on 2026-04-11. Key exchange protocol (m.rtc.encryption_keys) implemented but interop with Element X NOT YET VERIFIED. + +### 2026-04-11 04:00 — Web auth: fresh login every session (no session persistence) +- **Decision:** Removed session restore entirely for web. Every visit requires login. No access token stored. +- **Rationale:** Security — web app runs on untrusted/shared devices. Can't assume same user. Different from future APK which will persist sessions. +- **Files affected:** auth_notifier.dart (v2.0.0), secure_storage.dart (v2.0.0), auth_repository.dart (v2.0.0), app_config.dart (v2.0.0) +- **Status:** Done. Removed StoredCredentials, restoreSession(), storage key constants. Device ID persistence also removed (caused keys/upload 400 because Olm account not persisted). + +### 2026-04-11 04:30 — SSSS + cross-signing + key backup bootstrap +- **Decision:** Implemented full security setup dialog using Matrix SDK Bootstrap class +- **Rationale:** Users need to create/restore SSSS to decrypt old messages. Replaces "Phase 2" placeholder. +- **Files affected:** security_setup_dialog.dart (new), key_restore_dialog.dart (new), profile_screen.dart (v1.4.0) +- **Status:** Done. User 'try' successfully ran security setup. Recovery key generated. + +### 2026-04-11 05:00 — Fix authenticated media (Synapse 1.151.0) +- **Decision:** Switched from frozen /_matrix/media/v3/download/ to /_matrix/client/v1/media/download/ with access_token query param +- **Rationale:** Synapse 1.151.0 froze the old media endpoint. All room avatars returned 404. +- **Files affected:** mxc_url.dart (v2.0.0) +- **Status:** Done — avatars load correctly now + +### 2026-04-11 06:00 — Add Help tab + Account management info +- **Decision:** Added 5th bottom nav tab (Help) with expandable help cards +- **Rationale:** Users need in-app guidance for encrypted messages, security setup, account management +- **Files affected:** help_tab.dart (new), rooms_screen.dart (v1.3.0) +- **Status:** Done. Contains: encrypted messages fix guide, getting started, conference guide, video call issues, account management (links to m8chat.au), privacy statement. + +### 2026-04-11 07:00 — COOP/COEP headers for E2EE workers +- **Decision:** Added Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy to .htaccess +- **Rationale:** LiveKit E2EE frame encryption uses Web Workers that need SharedArrayBuffer +- **Files affected:** .htaccess on app2.m8chat.au (production server) +- **Status:** Headers verified active. E2EE re-enabled in code. NOT YET TESTED with a live call. + +### 2026-04-11 07:00 — Fix hangup call termination +- **Decision:** Changed _clearCallMemberEvent to send {} instead of {'memberships': []} +- **Rationale:** Element X sends {} when ending calls (verified from DB). Our {'memberships': []} wasn't being recognised. +- **Files affected:** livekit_service.dart +- **Status:** Deployed. NOT YET TESTED. \ No newline at end of file