From 23f715857cfcce560a21c4a5493b5039cc462a44 Mon Sep 17 00:00:00 2001 From: Jared Vititoe Date: Thu, 2 Jul 2026 10:09:50 -0400 Subject: [PATCH] docs: mark P4-8 (search cache) + session-atomicity as shipped Co-Authored-By: Claude Opus 4.8 --- LOTUS_BUGS.md | 2 +- LOTUS_TODO.md | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/LOTUS_BUGS.md b/LOTUS_BUGS.md index 2e0832d0f..778393d28 100644 --- a/LOTUS_BUGS.md +++ b/LOTUS_BUGS.md @@ -139,7 +139,7 @@ retry … AbortError: Restart delayed event timed out before the HS responded`, ### Security & Privacy - **N97 — Access token stored in plaintext `localStorage`** (`state/sessions.ts`), vulnerable to XSS; device ID likewise. Architectural — needs a token-protection / session-storage redesign. -- **Session writes are non-atomic and not cross-tab synced** (`state/sessions.ts`) — risks inconsistent state / races across tabs. +- ~~**Session writes are non-atomic and not cross-tab synced**~~ — **done (2026-07):** atomic single-key `cinny_session_v1` blob (legacy-key migration + dual-write) + `subscribeSessionChanges`/`useSessionSync` cross-tab reload. (The plaintext-token concern in N97 above is the remaining, separate architectural item.) - **Persisted PII without encryption:** user status message + expiry (`settings/account/Profile.tsx`), unsent composer drafts (`room/RoomInput.tsx`). Leak risk on shared devices. ### PWA / Offline / Notifications diff --git a/LOTUS_TODO.md b/LOTUS_TODO.md index a3ded4be9..0a9b9280c 100644 --- a/LOTUS_TODO.md +++ b/LOTUS_TODO.md @@ -209,10 +209,9 @@ Features: **What:** Replace the manual "load more" button with an automated, virtualized infinite scroll for search results. **Status:** Done in a prior session — `MessageSearch.tsx` already uses `useVirtualizer` (~line 336) over the result groups AND auto-fetches the `nextToken` page when the last virtual item scrolls into view (~line 469) via `useInfiniteQuery`. Nothing left to build. -### [ ] P4-8 · Encrypted Message Search Indexing & Caching +### [~] P4-8 · Encrypted Message Search Indexing & Caching — IMPLEMENTED (2026-07), opt-in -**What:** Implement a persistent local cache for search results, optimized for encrypted rooms. -**Approach:** Use `IndexedDB` to store search metadata (event IDs, timestamps) to prevent redundant server-side decryption/fetching. +**Shipped:** `src/app/utils/searchCache.ts` — raw-IndexedDB per-room index (`lotus-search-cache`) of decrypted search rows + coverage markers, merged into local search (in-memory-wins dedupe). **Opt-in, default OFF** (stores plaintext at rest) with a privacy note, Clear button, and logout wipe. Awaiting live QA (LOTUS_BUGS AW / P4-8 row). ### [~] P4-1 · Thread Notification Mode Per-Thread — IMPLEMENTED (2026-07), ⚠️ AWAITING LIVE QA