From 8ab1ec254b543fef535eb6bd599f10f0d7ae129f Mon Sep 17 00:00:00 2001 From: Jared Vititoe Date: Thu, 2 Jul 2026 10:15:48 -0400 Subject: [PATCH] =?UTF-8?q?docs(testing):=20add=20July=20batch=20=E2=80=94?= =?UTF-8?q?=20threads,=20per-thread=20notifs,=20math,=20search=20cache,=20?= =?UTF-8?q?session,=20audit=20wave,=20desktop=20CSP=20(=C2=A7O)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fills the gap where LOTUS_BUGS referenced test IDs (P3-8/P4-1/P4-4/P4-8/N97a/ AW-1..4) with no matching procedures in the testing guide. Co-Authored-By: Claude Opus 4.8 --- LOTUS_TESTING.md | 70 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 64 insertions(+), 6 deletions(-) diff --git a/LOTUS_TESTING.md b/LOTUS_TESTING.md index 750036bb2..69a2b4dd0 100644 --- a/LOTUS_TESTING.md +++ b/LOTUS_TESTING.md @@ -1,6 +1,6 @@ # Lotus Chat — Manual Testing Guide -**Generated:** June 2026 +**Generated:** June 2026 · **Updated:** July 2026 (added §O — threads, per-thread notifications, math, search cache, session hardening, audit wave, desktop CSP) **Scope:** Everything landed on the `lotus` branch since the v4.12.3 merge that I (Claude) could **not** verify statically and that needs a human in a real environment to confirm. Work through it top-to-bottom; the highest-risk / hardest-to-reproduce items are first. > **How to report back:** For each numbered check, tell me **PASS** / **FAIL** (or **partial**). On any FAIL, include: what you saw vs. expected, the browser/OS (and whether web LXC 106 or the desktop/Tauri build), the theme you were on, and any **browser console** errors (F12 → Console). Screenshots help for anything visual. @@ -573,10 +573,68 @@ Log into **matrix.lotusguild.org** (password) and **matrix.org**. --- +## O. July 2026 batch — threads, notifications, math, search cache, audit wave + +Everything landed after the OIDC work. These mirror the checklists in `LOTUS_TODO.md` (§P3-8, §P4-1) and the Needs-Verification rows in `LOTUS_BUGS.md` (P3-8/P4-1/P4-4/P4-8/N97a/AW-1…4). **⚠️ Threads change the main timeline** — thread replies no longer render inline; that's intended (see O1). + +### O1. Thread Panel (P3-8) — 👥 2 people help for live replies + +1. Hover a message → **Reply in Thread** (message menu). The right-side **thread panel** opens with that message as the root. +2. Send text, an emoji, and a file upload into the thread; have the second person reply too. +3. Reply to a reply _inside_ the panel. + +**Expected:** the panel shows the root at top + an "N replies" divider + the reply timeline (own composer at the bottom). Your sends appear immediately (pending → confirmed). A reply-to-a-reply is a proper thread reply. In the **main** timeline the replies do **not** appear inline — the root message instead shows a **"N replies · time"** chip. Clicking the chip (or a reply's thread indicator) opens the panel. **×** or **Escape** closes it; on mobile the panel is fullscreen. Scrolled up in a long thread → a **Jump to Latest** chip appears. Reload the page → the root/reply split persists; in an **encrypted** room the thread replies decrypt (not "Unable to decrypt"). + +### O2. Per-thread notifications (P4-1, Slack-style) — 👥 2 people + +1. Have the second person reply in a thread **you have posted in** → expect a notification + sound. +2. Have them reply in a thread **you have never touched** and don't @mention you → expect **silence** (only the chip's unread badge updates). +3. Have them **@mention** you in any thread → expect a notification regardless of participation. +4. Open the panel's **bell menu** (header) → set the thread to **Mute** → expect no notifications, the chip's unread badge gone (bell-mute glyph shown), and the room's **sidebar badge drops** by that thread's count. Try **All** (every reply notifies) and **Mentions only** (only @mentions). +5. On a **second device**, confirm the same per-thread modes are set (they sync via account data). +6. Room-level **Mute** (room context menu) still silences everything, including thread overrides. + +**Known caveat:** Mentions-only can under-notify in E2EE rooms (the decision runs before decryption). Muted-thread badge subtraction is Lotus-only. + +### O3. Math / LaTeX (P4-4) + +Send each and confirm rendering: `$x^2 + y^2$` (inline), `$$\int_0^1 f(x)\,dx$$` (block, centered), `$5 and $10 for lunch` (**stays plain text** — currency guard), and a code block containing `$x$` (**stays literal** inside the code block). **Expected:** the first two render as math (KaTeX); the last two are untouched. First math of the session may show the raw `$…$` for a beat while the KaTeX chunk lazy-loads, then renders. + +### O4. Encrypted search cache (P4-8) — opt-in + +In an **encrypted** room's message search, enable **"Persist search index on this device"** (Encrypted Rooms panel). Search, then **reload** and search the same term. **Expected:** coverage survives the reload (results without re-paginating everything). **Clear cached index** empties it. **Log out** → the cache is wiped (privacy). Toggling the setting OFF does **not** wipe (only Clear/logout do). + +### O5. Session hardening (N97a) — cross-tab + +1. Log in on a build that predates the change, then load this build → you stay logged in (legacy keys migrate to the `cinny_session_v1` blob; check DevTools → Application → Local Storage). +2. Open the app in **two tabs**; **log out** in tab A → tab B reloads to the auth screen within a moment. Log in again in one tab → the other reloads too. + +### O6. Audit-wave correctness fixes (AW-1) + +- **Scheduled-message cancel:** schedule a message, then cancel it **with the network cut** (DevTools offline) → the item **stays** with an inline error (it does **not** silently disappear and still send). Restore network, retry → cancels cleanly. +- **Escape coordination:** in a thread panel, open the mention autocomplete or set a reply draft, press **Escape** → it dismisses the autocomplete/reply **without** closing the panel. A bare Escape (nothing to dismiss) still marks the room read / closes the panel as before. +- **Panel exclusivity:** on mobile, opening a thread while the media gallery (or members drawer) is open shows only **one** right panel (thread wins), not stacked fullscreen overlays. +- **Emoji board (AW-2):** the **first** time you open the emoji board / autocomplete in a session, the grid **and search** populate with unicode emoji (they don't stay empty). Reactions still show a label. + +### O7. Desktop (Tauri) — CSP tighten + native stack (AW-4) — 🖥️ desktop build only + +The webview CSP was tightened and the full native module set now compiles. Smoke-test the desktop build: + +1. App **boots**, avatars + media thumbnails load, the **VT323** terminal font renders (Lotus Terminal theme), a **location message** embeds its OpenStreetMap map, **calls** connect (EC iframe), **deep links** (`matrix:` / clicking a room link) navigate. +2. **Native features:** minimize to tray (notifications still arrive), a message notification is a **rich toast** (click opens the room; reply box sends), the taskbar **Jump List** lists recent rooms, in a call the taskbar thumbnail shows **Mute/Deafen/End**, Windows **Focus Assist** silences Lotus. +3. **Console** (desktop devtools) shows **no CSP violations** during normal use. If something visual/media is blocked, that's the CSP to loosen — note exactly what and where. + +### O8. E2EE / call-key cluster (KE-1→4) — 👥 2 people, during a real call + +We shipped the diagnostics kit + a **Crypto Diagnostics** card (**Settings → Developer Tools**). During your next call that glitches (audio cutouts, "Unable to decrypt"), open it and **Download report**, and note whether the symptoms even still occur now that we're on **matrix-js-sdk 41.7.0** (crypto-wasm 18.3.1). Send me the report + `LOTUS_E2EE_INVESTIGATION.md` is the runbook. + +--- + ## Priority if you're short on time -1. **A4** (in-call banner) + **A3** (ringtone) — newest, most logic, hardest to reproduce. -2. **B1–B3** (polls on a default theme) — the confirmed visual bug. -3. **D** (EC 0.20.1 control sweep) — guards against the upstream merge breaking calls. -4. **A7** false-positive check (normal joins don't show the error overlay). -5. Everything else. +1. **O1 + O2** (threads + per-thread notifications) — the largest new surface; the main-timeline change is user-visible. +2. **O7** (desktop CSP smoke) — CI can't catch CSP breakage; a wrong directive silently breaks media/fonts/maps. +3. **O5** (session cross-tab) + **O6** (scheduled-cancel ghost-send) — auth-critical + a real data-loss-class fix. +4. **A4** (in-call banner) + **A3** (ringtone) — newest call logic, hardest to reproduce. +5. **D** (EC control sweep) — guards against the fork breaking calls. +6. Everything else.