mikkel/felt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
felt/.planning/STATE.md
Mikkel Georgsen d4956f0c82 docs(01-03): complete Authentication + Audit Trail + Undo Engine plan 
- Create 01-03-SUMMARY.md with plan execution results
- Update STATE.md: plan 7 of 14, 6 plans completed, 43% progress
- Update ROADMAP.md: 6/14 plans complete for Phase 1
- Mark AUTH-01, AUTH-03, PLYR-06 requirements complete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 04:05:55 +01:00

4.7 KiB
Raw Blame History

gsd_state_version milestone milestone_name status last_updated progress
1.0 v1.0 milestone unknown 2026-03-01T03:03:22.000Z
total_phases completed_phases total_plans completed_plans
1 0 14 6

Project State

Project Reference

See: .planning/PROJECT.md (updated 2026-02-28)

Core value: A venue can run a complete tournament offline on a €100 device with wireless displays and player mobile access — and it just works, on any network, with zero IT involvement. Current focus: Phase 1 — Foundation

Current Position

Phase: 1 of 7 (Tournament Engine) Plan: 7 of 14 in current phase Status: Executing Phase 1 Last activity: 2026-03-01 — Completed Plan C (Authentication + Audit Trail + Undo Engine)

Progress: [████░░░░░░] 43%

Performance Metrics

Velocity:

  • Total plans completed: 6
  • Average duration: 9min
  • Total execution time: 0.88 hours

By Phase:

Phase Plans Total Avg/Plan
01-tournament-engine 6 53min 9min

Recent Trend:

  • Last 5 plans: 01-02 (10min), 01-10 (5min), 01-04 (8min), 01-05 (10min), 01-03 (5min)
  • Trend: accelerating

Updated after each plan completion

Accumulated Context

Decisions

Decisions are logged in PROJECT.md Key Decisions table. Recent decisions affecting current work:

  • [Init]: Go monorepo, shared internal/, cmd/leaf and cmd/core are the only divergence points
  • [Init]: NATS sync_interval: always required before first deploy (December 2025 Jepsen finding)
  • [Init]: All monetary values int64 cents — never float64 (CI gate test required)
  • [Init]: go-libsql has no tagged releases — pin to commit hash in go.mod
  • [Init]: Netbird reverse proxy is beta — validate player PWA access in Phase 1 before depending on it in Phase 8
  • [01-01]: NATS server v2.12.4 requires Go 1.24+ — auto-upgraded from Go 1.23
  • [01-01]: WebSocket JWT via query parameter (browser WS API limitation)
  • [01-01]: JWT signing key ephemeral per startup — will persist in auth plan
  • [01-02]: go-libsql requires single-statement Exec — migration runner splits SQL files into individual statements
  • [01-02]: go-libsql PRAGMA handling is inconsistent — use QueryRow for journal_mode, execPragma helper for others
  • [01-02]: Force single DB connection during migrations (SetMaxOpenConns(1)) for table visibility
  • [01-10]: ESM type:module required in package.json for SvelteKit/Vite compatibility
  • [01-10]: frontend/build/ tracked in git (not gitignored) for go:embed
  • [01-10]: Catppuccin colors defined as CSS custom properties rather than @catppuccin/palette JS package
  • [01-04]: Clock ticker uses 100ms resolution with broadcast gating (not two separate tickers)
  • [01-04]: Crash recovery always restores clock as paused (operator must explicitly resume)
  • [01-04]: Overtime mode defaults to repeat (last level repeats indefinitely)
  • [01-04]: State change callback is async to avoid holding clock mutex during DB writes
  • [01-05]: Seed data uses INSERT OR IGNORE with explicit IDs for idempotent migration re-runs
  • [01-05]: Wizard generates preview-only levels (not auto-saved) for TD review before saving
  • [01-05]: BB ante used in WSOP-style template (separate from standard ante field)
  • [01-05]: Payout bracket validation enforces contiguous entry count ranges with no gaps
  • [01-03]: JWT HS256 enforcement via WithValidMethods prevents algorithm confusion attacks
  • [01-03]: Rate limiting keyed by global sentinel (_global) since PINs scan all operators
  • [01-03]: AuditRecorder callback breaks import cycle between auth and audit packages
  • [01-03]: NATS publish best-effort (logged, not fatal) to avoid audit blocking mutations
  • [01-03]: Undo creates reversal entry, only marks undone_by on original (never deletes)

Pending Todos

None yet.

Blockers/Concerns

  • [Phase 1]: go-libsql CGO ARM64 cross-compilation must be validated in CI before any downstream features depend on it
  • [Phase 1]: Netbird reverse proxy beta status — test the full QR code → HTTPS → WireGuard → Leaf flow early
  • [Phase 3]: NATS JetStream cross-domain stream mirroring (Leaf → Core) needs integration test before Phase 2 depends on it
  • [Phase 4]: Events engine security — run_command sandboxing, webhook URL allowlist, WYSIWYG HTML sanitization (deferred from Phase 1 security review)
  • [Phase 7]: JWT HttpOnly cookies + signing key rotation (deferred from Phase 1 security review — localStorage is acceptable while Leaf is local-network only)
  • [Phase 7]: Pi Zero 2W memory must be profiled on actual hardware with all display views before scaling signage

Session Continuity

Last session: 2026-03-01 Stopped at: Completed 01-03-PLAN.md (Authentication + Audit Trail + Undo Engine) Resume file: None