LotusGuild/cinny
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a6b035a67e5badd4c4df249958e8db45bd12804
cinny/LOTUS_BUGS.md
T
jared 0a6b035a67 docs(readme): correct fork-sync version (v4.12.3) and logo path 
Two stale facts in README.md: it said "Forked from Cinny v4.12.1" (we've since
synced through v4.12.3) and referenced the logo as lotus_chat.png (the file is
public/res/Lotus.png). CONTRIBUTING.md is intentionally left as upstream
Cinny's and is not modified.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-28 21:32:49 -04:00

6.3 KiB
Raw Blame History

Lotus Chat — Open Bugs & Technical Debt

Only OPEN and awaiting-verification items live here. Resolved findings (fixed-and-verified, false-positives, won't-fix) have been removed to keep this actionable — the full history is in git. Items fixed in code but not yet verified in a real environment are in Needs Verification below and have step-by-step checks in LOTUS_TESTING.md.

Design rules for any fix here: follow the Native-Cinny Law and TDS Design Law in LOTUS_TODO.md.

⚠️ Needs Verification — fixed in code, awaiting live testing

Implemented and gate-green; confirm each per LOTUS_TESTING.md, then delete the row.

ID Item File / area Test
#1 Camera focus during screenshare ("Focus camera" menu) CallControl.ts, MemberGlance.tsx A5
#2 Chat-background animation flicker (contain:paint) lotus/chatBackground.ts F1
#3 Avatar decorations on call tiles call/CallMemberCard.tsx A6
#4 DM/group ringtone selection + in-call banner CallEmbedProvider.tsx, ringtones.ts A1A4
#6 Background vs. seasonal theme mutual exclusion state/settings.ts, General.tsx F2
#7 Composer toolbar touch targets (≥44px) room/RoomInput.tsx E1
#8 Room Settings horizontal overflow (mobile) components/page/style.css.ts E2
#9 Modal fullscreen on mobile (useModalStyle) 22+ modal files E3
#10 Composer not hidden by keyboard (100dvh) src/index.css E4
#12 PiP mute badge attribution (you vs. all-muted) CallEmbedProvider.tsx G1
N96 Call-recovery overlay single "Back" button call/CallView.tsx A7
N95 AFK-monitor mic released on mute (OS indicator clears) hooks/useAfkAutoMute.ts L1
N108 Maskable PWA icons (Android adaptive) public/manifest.json + res/android/maskable-* L2
EC EC iframe load watchdog + self-heal + recovery UI plugins/call/CallEmbed.ts, CallView.tsx A7
Gal MediaGallery lazy-decrypt (true virtualization deferred) room/MediaGallery.tsx H1
a11y aria-labels: edit-history / reaction / thread / reply message/* (FallbackContent, Reaction, Reply) I

🔴 Open — Actionable

Calls / Audio

  • N127 — ML denoise shim is never injected in vite dev. The lotusDenoise plugin injects only on closeBundle (build), so ML noise suppression is silently inactive during local dev. Add a dev-mode injection (configureServer / transformIndexHtml). Dev-only impact.

Security & Privacy

  • N97 — Access token stored in plaintext localStorage (state/sessions.ts), vulnerable to XSS; device ID likewise. Architectural — needs a token-protection / session-storage redesign.
  • Session writes are non-atomic and not cross-tab synced (state/sessions.ts) — risks inconsistent state / races across tabs.
  • Persisted PII without encryption: user status message + expiry (settings/account/Profile.tsx), unsent composer drafts (room/RoomInput.tsx). Leak risk on shared devices.

PWA / Offline / Notifications

  • N105 — Service worker has no notificationclick handler — notification clicks are broken when the tab is closed. Needs showNotification() via the SW + a notificationclick listener.
  • N107 — SW has no push handler — Web Push delivery is entirely non-functional. Needs a push listener + a Matrix push-gateway integration.
  • No app-asset caching strategy (src/sw.ts) — no offline capability.
  • manifest: false in vite.config.js — may block correct PWA install if not handled externally.

Dependencies & Build

  • matrix-js-sdk pinned to a Release Candidate (41.6.0-rc.0); @atlaskit and build tools (vite, typescript, eslint) on unstable/experimental pins — review for stable versions; RC SDK is a tree-shaking/bundle-size risk.
  • Build-time overhead: lotusDenoise does heavy sequential fs work in closeBundle; viteStaticCopy config is complex with redundant renames — could be streamlined.

Code Hygiene / DevEx

  • No automated test suite (src/) — no unit/integration tests configured.
  • Extensive as any casts across src/ — gradual typing cleanup.
  • types/matrix/ mirrors SDK types instead of importing them — drift risk.
  • Hardcoded CDN URL should move to an env var (the decoration CDN is now single-sourced in avatarDecorations.ts, but the literal is still in-repo).
  • patch-folds.mjs edits node_modules directly — consider patch-package.
  • Infra docs: contrib/nginx lacks security headers (HSTS/CSP) + uses rewrites over try_files; contrib/caddy has a placeholder path. CI/CD (prod-deploy.yml): sequential deploy, aggressive 1-min Netlify timeout, package-manager-cache: false.
  • README: keep the fork-sync version + logo path current. (CONTRIBUTING.md is intentionally left as upstream Cinny's — not a Lotus concern.)
  • Architecture notes (low priority): deep features/ + hooks/ nesting, many small coupled hooks, possible dead CSS/components, SpacingVariant / DropTarget recipe simplification.
  • Git workflow (forward-looking): keep commits scoped — past monolithic "fix all bugs" commits and inconsistent prefixes hurt git bisect.

Big Projects

  • #5 — Seasonal themes & chat-background redesign. Current backgrounds are basic CSS; goal is high-fidelity, research-backed, GPU-accelerated designs (layered oklch, backdrop-filter, contain:paint) with WCAG-AA overlay contrast. Treat each as its own design sprint.
Reference in New Issue View Git Blame Copy Permalink