m8chat-app2/help4bis-claude-notes/current-state.md

## M8Chat App2 — Current State (2026-04-11)

Custom Flutter Matrix chat client deployed to app2.m8chat.au. Replaces the FluffyChat fork (app.m8chat.au). Built on Matrix Dart SDK 0.33.0, LiveKit for video, Olm for E2EE.

### What was built/changed this session

1. **Jitsi Conference tab** — 4th bottom nav tab for joining conf.m8chat.au meetings
2. **Help tab** — 5th bottom nav tab with troubleshooting guides, account management links
3. **Auth rewrite (v2.0.0)** — fresh login every session on web, no credential persistence
4. **SSSS/cross-signing/key backup** — full security setup dialog (Bootstrap flow)
5. **Key restore dialog** — enter recovery key to download Megolm keys from backup
6. **Authenticated media (v2.0.0)** — switched to /_matrix/client/v1/media/download/ (Synapse 1.151.0 froze old endpoint)
7. **LiveKit E2EE** — CallE2EEManager for m.rtc.encryption_keys key exchange, COOP/COEP headers
8. **Hangup fix** — sends {} to clear call.member state event
9. **Cleaned up 24 ghost devices** for try user (DB direct delete)

### What works
- Login/logout flow (fresh every session)
- Room list with avatars (authenticated media endpoint)
- Chat messaging (text)
- Encrypted message display (lock icon for undecryptable)
- Security setup (SSSS + cross-signing + key backup creation)
- Key restore from backup
- Jitsi conference joining (Conference tab)
- Help tab with troubleshooting content
- Spaces view
- Profile with security settings

### What's broken / untested
- **Video calls (E2EE interop)** — COOP/COEP headers added, E2EE re-enabled, but NOT YET TESTED. May still show scrambled video if key exchange doesn't interop with Element X's m.rtc.encryption_keys format.
- **Hangup termination** — Changed to send {} but NOT YET TESTED whether Element X recognises it.
- **Incoming call detection** — Not implemented. No MSC3401 state event listener.
- **Avatar 404s in cached/old data** — sync_persistence_service caches URLs; stale URLs may linger in IndexedDB
- **Ghost devices accumulate** — each web login creates a new device. No cleanup mechanism.
- **Rooms provider fires excessively** — console shows room list logged 15+ times per sync cycle (performance)
- **Noto font warning** — emoji characters in room names can't render (missing font asset)

### Key file paths
| File | Version | Purpose |
|------|---------|---------|
| lib/core/auth/auth_notifier.dart | 2.0.0 | Auth state machine — fresh login, no restore |
| lib/core/auth/secure_storage.dart | 2.0.0 | Minimal — only stores device ID (currently unused) |
| lib/core/config/app_config.dart | 2.0.0 | Server URLs, app name/version |
| lib/shared/utils/mxc_url.dart | 2.0.0 | Authenticated media URL resolution |
| lib/features/calls/data/livekit_service.dart | 1.4.0 | LiveKit connect/disconnect with E2EE |
| lib/features/calls/data/call_e2ee.dart | 1.0.0 | E2EE key exchange via m.rtc.encryption_keys |
| lib/features/profile/presentation/security_setup_dialog.dart | 1.0.0 | SSSS Bootstrap driver |
| lib/features/profile/presentation/key_restore_dialog.dart | 1.0.0 | Recovery key input + loadAllKeys |
| lib/features/help/presentation/help_tab.dart | 1.1.0 | In-app help content |
| lib/features/jitsi/presentation/conference_tab.dart | 1.0.0 | Jitsi meeting join UI |
| lib/features/rooms/presentation/rooms_screen.dart | 1.3.0 | 5-tab bottom nav |

### Server configuration
- **COOP/COEP headers** added to ~/public_html/app2.m8chat.au/.htaccess
- Synapse 1.151.0 on chat.m8chat.au (PostgreSQL, SQLite was wrong assumption)
- LiveKit 1.10.1 on chat.m8chat.au
- lk-jwt-service for MatrixRTC JWT at /_matrix/livekit/jwt/sfu/get

### Known technical debt
- call_e2ee.dart imported but E2EE interop with Element X not verified
- secure_storage.dart exists but device ID save/load is unused (removed to fix keys/upload 400)
- key_restore_dialog.dart is separate from security_setup_dialog.dart — could be consolidated
- Rooms provider rebuilds too frequently (every sync tick)