# Lotus Chat — Bug Report & Technical Audit **Date:** June 2026 This document tracks identified bugs, edge cases, and architectural discrepancies. --- ## ✅ Resolved Issues (Recently Fixed) * **GIF Sending Bypasses E2EE**: Fixed in `RoomInput.tsx`. * **Scheduled Messages Bypass E2EE**: Fixed in `scheduledMessages.ts`. * **Drag-and-Drop Overlay Persistence**: Fixed in `useFileDrop.ts`. * **Stale Member List in Verification Banner**: Fixed in `useDeviceVerificationStatus.ts`. * **Incomplete Python Comment Highlighting**: Fixed in `syntaxHighlight.ts`. * **Search Button Hidden in E2EE Rooms**: Fixed in `RoomViewHeader.tsx`. * **TDS Design Law Violations (Hardcoded Hex)**: Fixed in `GifPicker.tsx` and `VoiceMessageRecorder.tsx`. * **Recent Emoji Sort Order**: Fixed in `recent-emoji.ts` (recency order, not frequency). * **Encrypted Search Misses Historic Events**: Fixed in `useLocalMessageSearch.ts`. * **Presence Updater Base URL Hack**: Fixed in `usePresenceUpdater.ts`. * **Presence Badge Accessibility**: Fixed in `Presence.tsx` (`aria-label` on badge). * **Presence Updater Wipes Custom Status**: Fixed in `usePresenceUpdater.ts` (removed `status_msg: ''`). * **Manifest Main Icon Paths 404**: Fixed in `public/manifest.json` (`./public/android/` → `./res/android/`). Shortcut icon was already correct. --- ## 🛡️ Critical Security & Logic ### 1. Edit History Broken for E2EE **File:** `src/app/features/room/message/EditHistoryModal.tsx` **Status:** **OPEN** * **Issue:** The modal fetches edit history via raw `fetch`. The returned events are not decrypted. * **Impact:** In encrypted rooms, the edit history shows ciphertext or "(no text)" for all previous versions. * **Recommended Fix:** After fetching raw events, check if they are encrypted. Use `mx.decryptEventIfNeeded(event)` for each event in the chunk before rendering. ### 2. Service Worker Ephemeral Sessions **File:** `src/sw.ts` **Status:** **OPEN** * **Issue:** Access tokens are stored in an in-memory `sessions` Map within the SW. * **Impact:** Closing all app tabs wipes the sessions. Background tasks (like future push notification handling or media pre-fetching) will fail. * **Recommended Fix:** Persist the session info (accessToken/baseUrl) in IndexedDB within the Service Worker so it survives app restarts. --- ## 📱 PWA & Mobile Issues ### 1. No PWA Precaching (Offline Mode Broken) **File:** `src/sw.ts`, `vite.config.js` **Status:** **OPEN** * **Issue:** The Service Worker is missing the `self.__WB_MANIFEST` injection point and `precacheAndRoute` call. * **Impact:** The app does not work offline and fails PWA installation requirements in most browsers. * **Recommended Fix:** Add `precacheAndRoute(self.__WB_MANIFEST)` to `sw.ts` and ensure `vite.config.js` has a valid `injectionPoint`. ### 2. PiP Resize Impossible on Mobile **File:** `src/app/components/CallEmbedProvider.tsx` **Status:** **OPEN** * **Issue:** Resizing the PiP window uses `onMouseDown` handlers which do not trigger on touch devices. * **Impact:** Mobile users cannot resize the PiP window. * **Recommended Fix:** Implement `onTouchStart` handlers for the resize corners, mapping touch coordinates to the same resize logic. ### 3. Double Background Animation (GPU Waste) **File:** `src/app/pages/client/SidebarNav.tsx`, `src/app/features/room/RoomView.tsx` **Status:** **OPEN** * **Issue:** When Glassmorphism is enabled, the chat background is mirrored to `document.body` while the `RoomView` also renders it. * **Impact:** Two identical animations (e.g., Digital Rain) run simultaneously, doubling GPU usage on mobile. * **Recommended Fix:** When Glassmorphism is active, make the `RoomView` background transparent and rely on the `document.body` background.