## Remaining Work — M8Chat App2 (2026-04-11) ### P0 — Must test immediately (next session) - [ ] **Test video call with E2EE + COOP/COEP** — COOP/COEP headers are now on the server, E2EE is re-enabled in code. Start a call from app2 → Element X mobile. Watch console for: - `[E2EE] Received encryption key(s) from @user` — means key exchange worked - `worker error` — means SharedArrayBuffer still not available (COOP/COEP not working) - Scrambled video — key exchange format mismatch with Element X - [ ] **Test hangup termination** — end call from app2, verify Element X sees call ended - [ ] **If E2EE worker still crashes**: the COOP/COEP headers may break other things (e.g. loading cross-origin resources like Jitsi external_api.js, cached images). Test all features after enabling COEP. ### P1 — Important fixes - [ ] **Incoming call detection** — MSC3401 state event listener. When Element X starts a call, app2 should show an incoming call UI. Currently nothing happens. - [ ] **Ghost device cleanup** — Each web login creates a new device. Need either: (a) periodic admin API cleanup, (b) logout deletes the device, or (c) cron job to purge old M8Chat devices. - [ ] **Rooms provider performance** — Room list rebuilds on every sync tick (15+ times visible in console). Should debounce or only rebuild on actual changes. - [ ] **Device ID for APK/iOS** — When building native apps, re-enable session persistence and device ID reuse. The secure_storage.dart scaffold exists but is currently neutered for web. ### P2 — Quality improvements - [ ] **Noto emoji font** — Add NotoColorEmoji font asset to render emoji in room names (currently shows squares) - [ ] **Consolidate key restore dialogs** — key_restore_dialog.dart and security_setup_dialog.dart overlap. The security setup already does key restore. - [ ] **Voice-only calling** — LiveKit supports audio-only but no UI for it yet - [ ] **Cross-signing verification UX** — The Bootstrap flow creates cross-signing keys but there's no UI for verifying other users' devices (emoji comparison) ### P3 — Future features - [ ] **Push notifications** (Phase 2) - [ ] **Room search** (Phase 2 — placeholder in AppBar) - [ ] **Message reactions** (partial — display works, sending not implemented) - [ ] **File/image upload** (attachment button exists, handler not wired) - [ ] **Read receipts** (partial implementation) ### Blockers / dependencies - **E2EE video interop** depends on: (1) COOP/COEP working, (2) m.rtc.encryption_keys format matching Element X. If format doesn't match, need to capture what Element X actually sends (check to-device events on Synapse during a test call). - **COEP may break cross-origin loads** — CachedNetworkImage, Jitsi external API, and avatar images from matrix.m8chat.au may fail with `require-corp`. May need `credentialless` instead of `require-corp`, or add `crossorigin` attributes. ### Commands to resume ```bash cd /srv/wp-dev/pwa-sites/m8chat-app2 # Build flutter build web --release # Deploy rsync -avz --delete --exclude='.htaccess' \ -e "ssh -i ~/.ssh/m8chat_prod -p 2233" \ build/web/ m8chat@app.m8chat.au:~/public_html/app2.m8chat.au/ # Analyse dart analyze lib/ # Regenerate Riverpod/Freezed code dart run build_runner build --delete-conflicting-outputs # Check Synapse DB ssh -i ~/.ssh/m8chat_key -p 2233 m8chat_help4bis@chat.m8chat.au \ "PGPASSWORD=kijPt4cPWkoaZk8BVm psql -h localhost -U synapse_user -d synapse" # Check deployed .htaccess (COOP/COEP headers) ssh -i ~/.ssh/m8chat_prod -p 2233 m8chat@app.m8chat.au \ "cat ~/public_html/app2.m8chat.au/.htaccess" ``` ### What next session should start with 1. `/catchup` to load these notes 2. Test video call: app2 → Element X. Paste console output. 3. If E2EE works → commit everything to Gitea 4. If E2EE fails → check COEP compatibility issues, may need `credentialless` mode 5. If hangup works → move to P1 (incoming call detection)