m8chat-app2/help4bis-claude-notes/decisions.md at main

Files

help4bis a01c527157 claude-notes: update decisions.md (2026-04-11 03:53)

2026-04-11 03:53:46 +10:00

Decision: Re-enabled Olm encryption in index.html with synchronous load + Olm.init() before Flutter boots, graceful fallback if Olm fails
Rationale: 45 of 88 rooms have Megolm encryption. MatrixSdkDatabase persists Olm keys in IndexedDB resolving /keys/upload 400 errors
Files affected: web/index.html, lib/main.dart, app_config.dart, auth_repository.dart, pubspec.yaml
Status: Working — device keys uploaded, messages encrypt/decrypt correctly

Decision: app.m8chat.au = PRODUCTION (old FluffyChat). app2.m8chat.au = dev/test for m8chat-app2
Rationale: User corrected after accidental production deploy. Production restored from backup.
Status: All future deploys to app2.m8chat.au

Files: message_model.dart, chat_repository.dart, message_bubble.dart, room_preview.dart
Status: Done

Decision: Added 4th tab (videocam icon) to authenticated bottom nav so logged-in users can join Jitsi conferences
Rationale: Jitsi join was only accessible on the unauthenticated welcome screen. Logged-in users could never reach it.
Files affected: rooms_screen.dart (v1.3.0), conference_tab.dart (new), jitsi_screen.dart (Back→/rooms)
Status: Done and deployed

Decision: Added CallE2EEManager for m.rtc.encryption_keys to-device key exchange + E2EEOptions on LiveKit Room
Rationale: Element X encrypts video frames with AES-GCM. Without decryption, video is scrambled.
Files affected: call_e2ee.dart (new), livekit_service.dart (v1.4.0)
Status: PARTIALLY WORKING — E2EE worker requires SharedArrayBuffer which needs COOP/COEP headers. Headers added to .htaccess on 2026-04-11. Key exchange protocol (m.rtc.encryption_keys) implemented but interop with Element X NOT YET VERIFIED.

Decision: Removed session restore entirely for web. Every visit requires login. No access token stored.
Rationale: Security — web app runs on untrusted/shared devices. Can't assume same user. Different from future APK which will persist sessions.
Files affected: auth_notifier.dart (v2.0.0), secure_storage.dart (v2.0.0), auth_repository.dart (v2.0.0), app_config.dart (v2.0.0)
Status: Done. Removed StoredCredentials, restoreSession(), storage key constants. Device ID persistence also removed (caused keys/upload 400 because Olm account not persisted).

Decision: Implemented full security setup dialog using Matrix SDK Bootstrap class
Rationale: Users need to create/restore SSSS to decrypt old messages. Replaces "Phase 2" placeholder.
Files affected: security_setup_dialog.dart (new), key_restore_dialog.dart (new), profile_screen.dart (v1.4.0)
Status: Done. User 'try' successfully ran security setup. Recovery key generated.

Decision: Switched from frozen /_matrix/media/v3/download/ to /_matrix/client/v1/media/download/ with access_token query param
Rationale: Synapse 1.151.0 froze the old media endpoint. All room avatars returned 404.
Files affected: mxc_url.dart (v2.0.0)
Status: Done — avatars load correctly now

Decision: Added 5th bottom nav tab (Help) with expandable help cards
Rationale: Users need in-app guidance for encrypted messages, security setup, account management
Files affected: help_tab.dart (new), rooms_screen.dart (v1.3.0)
Status: Done. Contains: encrypted messages fix guide, getting started, conference guide, video call issues, account management (links to m8chat.au), privacy statement.

Decision: Added Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy to .htaccess
Rationale: LiveKit E2EE frame encryption uses Web Workers that need SharedArrayBuffer
Files affected: .htaccess on app2.m8chat.au (production server)
Status: Headers verified active. E2EE re-enabled in code. NOT YET TESTED with a live call.

Decision: Changed _clearCallMemberEvent to send {} instead of {'memberships': []}
Rationale: Element X sends {} when ending calls (verified from DB). Our {'memberships': []} wasn't being recognised.
Files affected: livekit_service.dart
Status: Deployed. NOT YET TESTED.