# spotlight.cam πŸŽ₯ Web application (PWA) for the dance community enabling matchmaking, chat, and video file exchange directly via WebRTC (peer-to-peer). ## πŸš€ Features ### βœ… Implemented **Authentication & Security:** - βœ… **JWT Authentication** - real authentication with bcrypt password hashing - βœ… **Email Verification** - email verification via AWS SES (link + PIN code) - βœ… **Password Reset** - complete password reset workflow - βœ… **WSDC Integration** - auto-fill data from worldsdc.com during registration - βœ… **Event Slugs** - unique alphanumeric identifiers preventing ID enumeration attacks **User Profiles:** - βœ… **User Profiles** - profile editing (first name, last name, WSDC ID) - βœ… **Social Media Links** - YouTube, Instagram, Facebook, TikTok - βœ… **Location** - country (dropdown with 195 countries with flags) and city - βœ… **Public Profiles** - visible to other logged-in users at /@{username} - βœ… **Profile Statistics** - number of matches, average rating, number of reviews - βœ… **Clickable Usernames** - usernames in chat are clickable links to public profiles **Events & Chat:** - βœ… **Event List** - browse dance events from worldsdc.com - βœ… **Event Participation Tracking** - automatic saving of joined events - βœ… **Real-time Event Chat** - Socket.IO chat for event participants with country flags - βœ… **Active Users Sidebar** - list of online users in the event - βœ… **Message History** - message persistence in database - βœ… **Infinite Scroll** - loading older messages - βœ… **Competitor Numbers** - bib number display in event chat **Matchmaking & Private Chat:** - βœ… **Match Requests** - send and accept match requests with real-time notifications - βœ… **Match Management** - view pending/active matches, accept/reject requests - βœ… **Private 1:1 Chat** - private chat for matched users with Socket.IO and message history - βœ… **Match Slugs** - secure random slugs (CUID) preventing ID enumeration **Ratings & Stats System:** - βœ… **Partner Ratings** - rate collaboration partners (1-5 stars, comments) - βœ… **Collaboration Preferences** - "would collaborate again" indicator - βœ… **Public Rating Display** - ratings visible on public user profiles - βœ… **Duplicate Prevention** - users can only rate each match once - βœ… **Auto-completion** - matches auto-complete when both partners have rated - βœ… **Stats Updates** - atomic recording stats updates (recordingsDone, recordingsReceived) - βœ… **Source Filtering** - only auto-matches update fairness stats (manual matches excluded) - βœ… **Race Condition Prevention** - statsApplied flag with atomic check-and-set - βœ… **Idempotency** - double-rating prevention ensures stats update exactly once **WebRTC P2P File Transfer:** - βœ… **WebRTC Signaling** - SDP/ICE exchange via Socket.IO - βœ… **P2P File Transfer** - RTCDataChannel with 16KB chunking (tested up to 700MB) - βœ… **WebRTC Detection** - automatic detection of browser capabilities - βœ… **Fallback UX** - user-friendly warnings when WebRTC blocked - βœ… **Real-time Progress** - transfer progress monitoring for sender/receiver - βœ… **E2E Encryption** - DTLS encryption (native WebRTC) - βœ… **Auto Download** - automatic file download on receiver side **Landing Page:** - βœ… **Homepage** - professional landing page with hero section, features showcase, and CTAs - βœ… **Public Access** - accessible to non-logged users with links to register/login - βœ… **Responsive Design** - mobile-friendly with gradient backgrounds **Backend & Infrastructure:** - βœ… **PostgreSQL Database** - 11 tables with relations (Prisma ORM) - βœ… **RESTful API** - Express.js backend with validation - βœ… **WebSocket** - Socket.IO for real-time communication - βœ… **Docker Compose** - full orchestration (nginx, frontend, backend, PostgreSQL) - βœ… **Test Coverage** - comprehensive test suite for WebRTC, Auth, Events, Matches - βœ… **WebRTC Tests** - full Socket.IO signaling and detection tests (7 tests passing) **Dashboard & Real-time:** - βœ… **Dashboard** - centralized landing page with active events, matches, requests - βœ… **Online Count** - real-time users in event chat - βœ… **Unread Count** - unread message badges per match - βœ… **Mobile-first Design** - responsive chat layout with page titles on mobile **Auto-matching & Account Tiers:** - βœ… **Smart Recording Matching** - auto-assign recorders for competition heats with collision detection - βœ… **3-Tier Account System** - BASIC (free), SUPPORTER, COMFORT tiers with fairness-based assignment - βœ… **Fairness Algorithm** - karma tracking (recordingsDone vs recordingsReceived) for balanced workload - βœ… **Dual Buffer System** - prep time before and rest time after dancing (no buffer for recording) - βœ… **Tier Penalties** - SUPPORTER (-10 fairness), COMFORT (-50 fairness) for reduced recording frequency - βœ… **Event-specific Upgrades** - accountTierOverride for temporary tier boosts (e.g., Comfort Pass) - βœ… **Multi-criteria Sorting** - Location > Fairness > Load balancing priority - βœ… **Competitor Numbers** - bib number support for events - βœ… **Matching Runs Audit** - complete audit trail with origin_run_id tracking - βœ… **Incremental Matching** - preserves accepted/completed suggestions across re-runs - βœ… **Scheduler Integration** - automated matching with cron-based scheduling - βœ… **Admin Endpoints** - per-run statistics and suggestion filtering **Security & PWA (All Implemented):** - βœ… **Security Hardening** - CORS, CSRF, Helmet.js, account lockout, rate limiting - βœ… **PWA Features** - manifest, service worker, offline support, iOS compatible ### πŸ”œ Future Extensions - ⏳ **User Badges** - trust system and reputation badges - ⏳ **Push Notifications** - real-time alerts for matches and messages - ⏳ **Video Compression** - client-side compression before transfer ## πŸ› οΈ Tech Stack ### Frontend - **React 18** - UI framework - **Vite** - build tool and dev server - **Tailwind CSS v3.4.0** - styling - **React Router** - routing - **Lucide React** - icons - **Context API** - state management (auth) - **Socket.IO Client** - real-time WebSocket communication - **WebRTC** - P2P file transfer (RTCPeerConnection, RTCDataChannel) ### Backend - **Node.js 20** - runtime - **Express 4.18** - web framework - **PostgreSQL 15** - relational database - **Prisma ORM 5.22** - type-safe database client - **Socket.IO 4.8** - WebSocket server - **bcrypt** - password hashing - **JWT** - token-based authentication - **AWS SES** - email service - **Jest + Supertest** - testing (342 tests, 72.5% coverage, 100% passing) ### Infrastructure - **Docker Compose** - container orchestration (dev + prod profiles) - **Nginx** - reverse proxy & static file serving - **Alpine Linux** - lightweight container base images ## πŸ“ Project Structure ``` spotlightcam/ β”œβ”€β”€ docker-compose.yml # Container orchestration (dev + prod profiles) β”œβ”€β”€ nginx/ # Nginx reverse proxy config β”‚ β”œβ”€β”€ nginx.conf β”‚ └── conf.d/default.conf # Proxy /api & /socket.io to backend β”œβ”€β”€ frontend/ # React PWA β”‚ β”œβ”€β”€ src/ β”‚ β”‚ β”œβ”€β”€ components/ # React components β”‚ β”‚ β”‚ β”œβ”€β”€ common/ # Shared components, PasswordStrength, VerificationBanner β”‚ β”‚ β”‚ β”œβ”€β”€ chat/ # Chat components β”‚ β”‚ β”‚ β”œβ”€β”€ video/ # WebRTC components (WebRTCWarning) β”‚ β”‚ β”‚ β”œβ”€β”€ layout/ # Navbar, Layout β”‚ β”‚ β”‚ └── __tests__/ # Component tests (WebRTCWarning) β”‚ β”‚ β”œβ”€β”€ pages/ # Application pages β”‚ β”‚ β”‚ β”œβ”€β”€ HomePage.jsx # Landing page with hero & features β”‚ β”‚ β”‚ β”œβ”€β”€ LoginPage.jsx β”‚ β”‚ β”‚ β”œβ”€β”€ RegisterPage.jsx # Two-step registration with WSDC lookup β”‚ β”‚ β”‚ β”œβ”€β”€ VerifyEmailPage.jsx # Email verification (link + PIN) β”‚ β”‚ β”‚ β”œβ”€β”€ ForgotPasswordPage.jsx # Request password reset β”‚ β”‚ β”‚ β”œβ”€β”€ ResetPasswordPage.jsx # Reset password with token β”‚ β”‚ β”‚ β”œβ”€β”€ ProfilePage.jsx # Edit profile (social media, location) β”‚ β”‚ β”‚ β”œβ”€β”€ PublicProfilePage.jsx # View other user's profile β”‚ β”‚ β”‚ β”œβ”€β”€ EventsPage.jsx # Event list with real API β”‚ β”‚ β”‚ β”œβ”€β”€ EventChatPage.jsx # Real-time event chat β”‚ β”‚ β”‚ β”œβ”€β”€ MatchChatPage.jsx # Private chat + WebRTC P2P transfer β”‚ β”‚ β”‚ β”œβ”€β”€ RatePartnerPage.jsx # Rate partner after collaboration β”‚ β”‚ β”‚ └── HistoryPage.jsx # Match history β”‚ β”‚ β”œβ”€β”€ hooks/ # Custom hooks (useWebRTC) β”‚ β”‚ β”œβ”€β”€ utils/ # Utilities (webrtcDetection) β”‚ β”‚ β”‚ └── __tests__/ # Utility tests (webrtcDetection) β”‚ β”‚ β”œβ”€β”€ contexts/ # AuthContext (JWT integration) β”‚ β”‚ β”œβ”€β”€ services/ # API client, Socket.IO client β”‚ β”‚ β”œβ”€β”€ data/ # Static data (countries list) β”‚ β”‚ └── mocks/ # Mock data (for UI development) β”‚ β”œβ”€β”€ Dockerfile # Development container β”‚ β”œβ”€β”€ Dockerfile.prod # Production build β”‚ └── package.json β”œβ”€β”€ backend/ # Node.js + Express API β”‚ β”œβ”€β”€ src/ β”‚ β”‚ β”œβ”€β”€ controllers/ # Auth, users, events, WSDC β”‚ β”‚ β”œβ”€β”€ middleware/ # Auth, validation, error handling β”‚ β”‚ β”œβ”€β”€ routes/ # API routes β”‚ β”‚ β”œβ”€β”€ socket/ # Socket.IO server (event/match rooms, WebRTC signaling) β”‚ β”‚ β”œβ”€β”€ utils/ # Auth utils, DB, email service (AWS SES) β”‚ β”‚ └── __tests__/ # Jest unit tests β”‚ β”‚ β”‚ β”œβ”€β”€ socket-webrtc.test.js # WebRTC signaling tests (7 tests) β”‚ β”‚ β”‚ β”œβ”€β”€ auth.test.js # Authentication tests β”‚ β”‚ β”‚ β”œβ”€β”€ events.test.js # Events API tests β”‚ β”‚ β”‚ β”œβ”€β”€ matches.test.js # Matches API tests β”‚ β”‚ β”‚ └── ... # Other test suites β”‚ β”œβ”€β”€ prisma/ β”‚ β”‚ β”œβ”€β”€ schema.prisma # Database schema (7 tables) β”‚ β”‚ β”œβ”€β”€ migrations/ # Database migrations β”‚ β”‚ └── seed.js # Seed data β”‚ β”œβ”€β”€ Dockerfile # Development container β”‚ β”œβ”€β”€ Dockerfile.prod # Production build β”‚ └── package.json └── docs/ # Documentation β”œβ”€β”€ SESSION_CONTEXT.md # Quick session context (minimal tokens) β”œβ”€β”€ CONTEXT.md # Full project description β”œβ”€β”€ TODO.md # Task list & roadmap β”œβ”€β”€ ARCHITECTURE.md # Technical details β”œβ”€β”€ DEPLOYMENT.md # Deployment guide β”œβ”€β”€ MONITORING.md # Monitoring & operations β”œβ”€β”€ QUICKSTART.md # Quick start guide β”œβ”€β”€ QUICK_TEST.md # Quick test instructions β”œβ”€β”€ WEBRTC_TESTING_GUIDE.md # WebRTC testing guide └── archive/ # Archived documentation β”œβ”€β”€ COMPLETED.md # Completed tasks archive β”œβ”€β”€ PHASE_1.5.md # Phase 1.5 documentation β”œβ”€β”€ SECURITY_AUDIT.md # Security audit & fixes β”œβ”€β”€ RESOURCES.md # Learning resources └── ADMIN_CLI.md # Admin CLI documentation ``` ## πŸš€ Getting Started ### Requirements - Docker and Docker Compose - (Optional) Node.js 20+ for development without Docker ### Development Mode 1. Clone the repository: ```bash git clone cd spotlightcam ``` 2. Copy example .env file: ```bash cp backend/.env.example backend/.env ``` 3. Start Docker Compose with dev profile: ```bash docker compose --profile dev up ``` 4. Open browser: ``` http://localhost:8080 ``` ### Production Mode ```bash docker compose --profile prod up -d ``` ### Service Access **Development:** - Frontend: http://localhost:8080 - Backend API: http://localhost:8080/api - WebSocket: ws://localhost:8080/socket.io - Health check: http://localhost:8080/api/health - PostgreSQL: localhost:5432 (exposed for dev tools) **Production:** - Application: http://localhost (port 80) - HTTPS: https://localhost (port 443, requires SSL certificates) - PostgreSQL: internal only (not exposed) ### Stopping Services ```bash # Development docker compose --profile dev down # Production docker compose --profile prod down ``` ### Rebuild After Changes ```bash docker compose --profile dev down docker compose --profile dev up --build ``` ## πŸ—„οΈ Database Schema 11 tables with relations (Prisma ORM): 1. **users** - users - Base: id, username, email, password_hash, avatar, created_at, updated_at - WSDC: first_name, last_name, wsdc_id - Email: email_verified, verification_token, verification_code, verification_token_expiry - Password Reset: reset_token, reset_token_expiry - Social: youtube_url, instagram_url, facebook_url, tiktok_url - Location: country, city - Account Tiers: account_tier (BASIC/SUPPORTER/COMFORT), recordings_done, recordings_received 2. **events** - dance events - id, slug (unique), name, location, start_date, end_date, description, worldsdc_id, participants_count 3. **event_participants** - event participants (many-to-many) - id, user_id, event_id, joined_at, recorder_opt_out, competitor_number - account_tier_override (optional event-specific tier upgrade) 4. **chat_rooms** - chat rooms - id, event_id, type (event/private), created_at 5. **messages** - messages - id, room_id, user_id, content, type (text/link/video), created_at 6. **matches** - user pairs - id, slug (unique cuid), user1_id, user2_id, event_id, room_id, status (pending/accepted/completed), created_at 7. **ratings** - ratings - id, match_id, rater_id, rated_id, score (1-5), comment, would_collaborate_again, created_at - Unique constraint: (match_id, rater_id, rated_id) - prevents duplicate ratings 8. **event_checkin_tokens** - QR code tokens for event access - id, event_id, token (cuid), created_at 9. **divisions** - competition divisions (Newcomer, Novice, Intermediate, etc.) - id, name, abbreviation, display_order 10. **competition_types** - competition types (Jack & Jill, Strictly, etc.) - id, name, abbreviation 11. **event_user_heats** - user's declared heats for matchmaking - id, user_id, event_id, division_id, competition_type_id, heat_number (1-9), role (Leader/Follower), created_at, updated_at - Unique constraint: (user_id, event_id, division_id, competition_type_id, role) ### Migrations ```bash # Development (inside backend container) docker compose exec backend npx prisma migrate dev # Production docker compose exec backend-prod npx prisma migrate deploy # Generate Prisma Client docker compose exec backend npx prisma generate ``` ### Seed Data ```bash docker compose exec backend npx prisma db seed ``` Adds: - 3 events (Warsaw, Barcelona, HerrΓ€ng) - 2 users (john_doe, jane_smith) - Event chat rooms ## πŸ§ͺ Testing the Application ### Test Flow: 1. **Landing Page** (http://localhost:8080/) - View professional landing page with hero section - Explore features showcase and how-it-works section - Click "Get Started" to register or "Sign in" to login 2. **Registration with WSDC** (http://localhost:8080/register) - Optional: provide WSDC ID (e.g., 12345) for auto-fill - Complete registration form - You'll receive verification email (check AWS SES sandbox) 3. **Email Verification** (http://localhost:8080/verify-email) - Click link from email OR enter 6-digit PIN code - Email will be verified 4. **Login** (http://localhost:8080/login) - Email: john@example.com - Password: password123 5. **Profile Editing** (http://localhost:8080/profile) - Add social media links (Instagram, YouTube, etc.) - Select country from list of 195 countries - Enter city - Edit WSDC ID, first name, last name 6. **Event Selection** (http://localhost:8080/events) - View event list (joined events appear at top) - Select event (e.g., "Warsaw Dance Festival 2025") - Click "Join chat" or "Open chat" (if already joined) 7. **Event Chat** - Real-time chat with Socket.IO - Active users list on the right side - Click "+" icon next to user to connect - You'll be redirected to private 1:1 chat 8. **1:1 Chat - WebRTC P2P File Transfer** πŸ”₯ - See partner's profile at top (click username to view public profile) - WebRTC connection status (disconnected/connecting/connected) - **Sending video via WebRTC:** - Click "Send video (WebRTC)" - Select video file from disk - Real P2P transfer via RTCDataChannel with STUN servers for NAT traversal - Supports files up to 700MB+ tested successfully - See real-time progress bar (16KB chunking) - Receiver automatically downloads the file - End-to-end encryption via DTLS (native WebRTC) - **WebRTC Detection:** - Automatic detection if WebRTC is blocked - User-friendly warning with fix suggestions - Button disabled when WebRTC unavailable - **Fallback - link sharing:** - Click "Link" - Paste video URL (Google Drive, Dropbox, etc.) - Alternative when WebRTC blocked (Opera, VPNs, privacy settings) 9. **Rate Partner** - Click "Finish and rate" - Select rating (1-5 stars) - Add comment - Mark if you want to collaborate again 10. **Collaboration History** (http://localhost:8080/history) - See list of matches - See received ratings - See statistics 11. **Public Profiles** - Click on another user's username - View profile: avatar, location, social media, statistics ## 🧰 Admin CLI Use an in-container admin console for quick maintenance. - Start REPL (default): `docker compose exec backend npm run cli` - Explicit REPL: `docker compose exec backend npm run cli -- repl` - List users: `docker compose exec backend npm run cli -- users:list --limit 20` - Create user: `docker compose exec backend npm run cli -- users:create --email admin@example.com --username admin --password 'Secret123!'` - Verify email: `docker compose exec backend npm run cli -- users:verify --email admin@example.com` - List events: `docker compose exec backend npm run cli -- events:list --limit 10` - Import WSDC (calendar/list) dry-run: `docker compose exec backend npm run cli -- events:import:wsdc --dry-run --since 2024-01-01 --until 2024-12-31` - Import with location from list: `docker compose exec backend npm run cli -- events:import:wsdc --source list --limit 50` - Enrich missing location: `docker compose exec backend npm run cli -- events:import:wsdc --source list --update-missing-location` - Event details by slug: `docker compose exec backend npm run cli -- events:details --slug warsaw-dance-2025 [--participants 25]` - Event participants: `docker compose exec backend npm run cli -- events:participants --slug warsaw-dance-2025 --limit 100` - Event participants CSV: `docker compose exec backend npm run cli -- events:participants --slug warsaw-dance-2025 --limit 200 --csv > participants.csv` - List matches: `docker compose exec backend npm run cli -- matches:list --limit 20 [--status accepted|pending|completed]` - Check-in user to event (simulate QR): `docker compose exec backend npm run cli -- events:checkin --username john_doe --slug warsaw-dance-2025` - App logs (if LOG_FILE configured): `docker compose exec backend npm run cli -- logs:app --lines 200` - Recent chat messages: `docker compose exec backend npm run cli -- logs:messages --limit 50` Production equivalents use `backend-prod` instead of `backend`. REPL specifics: - Inside REPL use `run('users:list --limit 20')` or `.cli users:list --limit 20`. - Top-level await works for Prisma: `await prisma.user.findMany({ take: 5 })`. - CLI errors in REPL do not exit the session; the error is printed so you can correct and retry. ## πŸ” Security ### Implemented Security Features: βœ… **Authentication:** - bcrypt password hashing (10 salt rounds) - JWT tokens (httpOnly cookies in production) - Protected routes with auth middleware - Email verification required βœ… **Input Validation:** - express-validator for all inputs - Custom validators for URLs (domain checking) - SQL injection prevention (Prisma parameterized queries) - XSS protection (input sanitization) βœ… **Rate Limiting:** - Login attempts: 5 per 15 minutes - Registration: 3 per hour - Email sending: 3 per hour βœ… **Database:** - Unique constraints on emails, usernames - Indexed fields for performance - Cascading deletes for data integrity βœ… **Event Security:** - Unique alphanumeric slugs (12 chars, MD5-based) - Prevents ID enumeration attacks - URLs: /events/{slug}/chat instead of /events/{id}/chat βœ… **Socket.IO:** - JWT authentication for WebSocket connections - Room-based access control - User verification before joining rooms ### Additional Security (Phase 3 - Implemented): βœ… CORS configuration βœ… CSRF protection (cookies) βœ… Helmet.js security headers βœ… Account lockout (after failed attempts) βœ… Content Security Policy ⏳ HTTPS enforcement (requires production SSL setup) ## πŸ“Š Test Coverage **Backend: 72.5% overall coverage** (342/342 tests passing - 100% βœ…) - **Matching Algorithm**: 19/19 integration tests passing - Phase 1: Fundamentals (TC1-3) - basic flow, NOT_FOUND scenarios - Phase 2: Collision Detection (TC4-9) - buffers, slot mapping, schedule conflicts - Phase 3: Limits & Workload (TC10-11) - MAX_RECORDINGS, recording-recording collisions - Phase 4: Fairness & Tiers (TC12-16) - debt calculation, tier penalties - Phase 5: Edge Cases (TC17-19) - multiple heats, incremental matching - **Ratings & Stats Flow**: 9/9 E2E tests passing - Double-rating completion flow - Atomic stats updates (recordingsDone, recordingsReceived) - Race condition prevention (statsApplied flag) - Manual vs auto match differentiation - Idempotency testing - **Matching Runs Audit**: 6/6 tests passing - origin_run_id assignment and tracking - Sequential runs with separate IDs - Accepted suggestions preservation - Filter parameters (onlyAssigned, includeNotFound) - Manual vs scheduler trigger differentiation - **Incremental Matching**: 5/5 tests passing - **Recording Stats Integration**: 6/6 tests passing - **WebRTC Signaling**: 12/12 tests passing (offer/answer/ICE relay, authorization) - **Auth Controllers**: Comprehensive coverage - **Events API**: Full test suite - **Matches API**: Full CRUD tests - **Dashboard API**: 12 tests passing - **Socket.IO**: Full WebRTC + chat coverage (12/12 passing) - **Test Isolation**: Fixed with unique test data per suite - **Code Coverage Highlights**: - matching.js: 94.71% statements, 91.5% branches - routes/matches.js: 76.11% statements - routes/events.js: 78.2% statements **Frontend: Test files ready** (requires test runner setup) - WebRTC detection utility tests - WebRTC warning component tests ```bash # Run all backend tests docker compose exec backend npm test # Run specific test suite docker compose exec backend npm test -- socket-webrtc.test.js # Coverage report docker compose exec backend npm run test:coverage ``` ## 🎯 Roadmap ### βœ… Phase 0: Frontend Mockup (COMPLETED) - All views with mock data - WebRTC UI mockup - Routing & navigation ### βœ… Phase 1: Backend Foundation (COMPLETED) - Node.js + Express + PostgreSQL - JWT authentication - Socket.IO real-time chat - Test coverage 81%+ ### βœ… Phase 1.5: Email & WSDC Integration (COMPLETED) - Email verification (AWS SES) - Password reset workflow - WSDC API integration - User profiles with social media & location - Public profiles - Event participation tracking - Event security (slugs) ### βœ… Phase 2: Matches & Ratings API (COMPLETED) - Matches API (create/accept match requests with slugs) - Real-time match notifications via Socket.IO - Ratings API (1-5 stars, comments, collaboration preferences) - Public profile ratings display - Profile links from chat and matches pages - Message history for matches - Duplicate rating prevention ### βœ… Phase 2.5: WebRTC P2P File Transfer (COMPLETED) - WebRTC signaling (SDP/ICE exchange via Socket.IO) - P2P file transfer via RTCDataChannel (16KB chunking) - STUN servers for NAT traversal (production-ready) - WebRTC capability detection (browser/network compatibility) - User-friendly fallback UX when WebRTC blocked - Tested up to 700MB file transfers - E2E encryption (DTLS) - Comprehensive test suite (7 backend tests passing) - Professional landing page with hero section ### βœ… Phase 3: MVP Finalization (COMPLETED) - βœ… Landing page - βœ… Dashboard with online/unread counts - βœ… Recording matching system (auto-assign recorders) - βœ… Security hardening (CSRF, account lockout, rate limiting) - βœ… PWA features (manifest, service worker, iOS support) - βœ… All backend tests passing (286/286 - 100%) - βœ… Production operations scripts (backup, restore, health check) - βœ… Documentation cleanup and reorganization ### ⏳ Phase 4: Extensions (FUTURE) - User badges & trust system - Block users - Push notifications - Video compression - Multi-file transfer ## πŸ“– Documentation **Quick Start:** - `docs/SESSION_CONTEXT.md` - Quick context for resuming sessions (minimal tokens) **Main Documentation:** - `docs/CONTEXT.md` - Main project description and assumptions - `docs/TODO.md` - Active tasks and roadmap - `docs/ARCHITECTURE.md` - Technical details and implementation - `docs/DEPLOYMENT.md` - Deployment and production setup guide - `docs/MONITORING.md` - Monitoring and operations guide **Quick Guides:** - `docs/QUICKSTART.md` - Quick start guide (2 minutes) - `docs/QUICK_TEST.md` - Quick testing instructions - `docs/WEBRTC_TESTING_GUIDE.md` - WebRTC testing guide **Archived Documentation:** - `docs/archive/PHASE_1.5.md` - Phase 1.5 documentation (Email & WSDC) - `docs/archive/SECURITY_AUDIT.md` - Security audit & fixes - `docs/archive/ADMIN_CLI.md` - Admin CLI & REPL usage - `docs/archive/COMPLETED.md` - Completed tasks archive - `docs/archive/RESOURCES.md` - Links to documentation and learning resources ## 🀝 Contributing Project is in development phase. Currently implementing Phase 2 (Matches & Ratings API, WebRTC P2P transfer). ### Git workflow: ```bash git status git add . git commit -m "feat: description" ``` **Note:** Commit messages without mentions of AI/automatic generation. ## πŸ“„ License TBD --- **Current Status:** MVP Complete βœ… | 285/286 tests passing (99.7%) | Ready for Production Deployment **Last Updated:** 2025-11-29