KNOWN LIMITATIONS - nself-org/nchat GitHub Wiki

Known Limitations - v0.9.1-beta

Status: Beta Release Completion: ~80% Feature Complete Last Updated: February 5, 2026

Executive Summary

nself-chat v0.9.1 is a solid beta release with a strong foundation and core features working well. However, several features are in MVP state, have mocked implementations, or require additional testing. This document provides an honest assessment of what works, what's limited, and what needs improvement.

TL;DR: Great for development and testing. Core messaging, real-time features, and UI are production-ready. Some advanced features (payments client, video processing) are MVP or mocked.

Implementation Status Overview

✅ Production Ready (60-70% of features)

These features are fully implemented, tested, and ready for production use:

Core Messaging

Real-time message sending/receiving
Message editing and deletion
Threaded conversations
Message reactions and pins
@mentions and notifications
Read receipts and typing indicators
Channel management (public, private, DMs)

User Interface

Complete setup wizard (12 steps)
Theme system (27 presets)
Responsive design (mobile, tablet, desktop)
Dark/light mode
Accessibility (WCAG 2.1 AA compliant)

Authentication

Development mode with 8 test users
Nhost production authentication
OAuth framework (11 providers configured)
Role-based access control (RBAC)

Real-time Features

WebSocket connections
GraphQL subscriptions
Presence tracking
Live updates

Search

Full-text search (MeiliSearch)
Message and file search
Advanced filters

Build & Deploy

Zero TypeScript errors ✅
Build works successfully ✅
Docker/Kubernetes configs
Multi-platform scaffolding

⚠️ MVP / Partial Implementation (20-25% of features)

These features exist but have limitations, mocked components, or partial implementations:

1. Payments (Stripe Integration)

Status: Server-side real, client-side mocked

What Works:

✅ Server-side Stripe integration (real API)
✅ Webhook handling
✅ Subscription plans configured
✅ Customer management

What's Limited:

⚠️ Client-side uses mock payment intents
⚠️ Payment UI shows but doesn't process real cards
⚠️ No actual Stripe.js integration on frontend

Impact: Payment flows appear to work but don't charge real cards

Code Reference:

// src/lib/payments/stripe-client.ts:257
// Generate mock payment intent
const paymentIntent: PaymentIntent = {
  id: `pi_${this.generateId()}`,
  clientSecret: `pi_${this.generateId()}_secret_${this.generateId()}`,
  // ... mock data
}

To Fix: 8-12 hours

Integrate real Stripe.js
Add payment element
Test with Stripe test cards
Handle 3D Secure flows

2. Media Processing (Video)

Status: Images fully supported, videos not implemented

What Works:

✅ Image uploads (drag-drop, paste)
✅ Image optimization (Sharp.js)
✅ Image previews and gallery
✅ AVIF/WebP conversion
✅ Audio uploads

What's Limited:

❌ Video processing not implemented
⚠️ Video uploads accepted but not transcoded
⚠️ No video thumbnails
⚠️ No video compression

Impact: Video files can be uploaded but won't play optimally

Code Reference:

// Video processing throws "not implemented in MVP"
// Would need FFmpeg integration

To Fix: 16-24 hours

Integrate FFmpeg.js or cloud service
Add video transcoding pipeline
Generate video thumbnails
Implement HLS streaming for large videos

3. End-to-End Encryption

Status: Complete implementation, different from documentation claims

What Works:

✅ Full Double Ratchet algorithm implemented
✅ Perfect forward secrecy
✅ Break-in recovery
✅ Key management
✅ Session handling

What's Different:

⚠️ Uses Web Crypto API (not Signal Protocol library)
⚠️ Custom implementation based on Signal spec
⚠️ Not using @signalapp/libsignal-client in production

Impact: None - works correctly, just different approach

Code Reference:

// src/lib/encryption/ratchet.ts
// Complete Double Ratchet implementation using Web Crypto API
// Based on Signal Protocol specification

Note: This is a valid implementation choice. The documentation incorrectly claimed we use the Signal Protocol library, but we actually implemented the algorithm ourselves using Web Crypto API. Both approaches are secure.

To Clarify: Update docs to reflect "Double Ratchet algorithm (Web Crypto API)" instead of "Signal Protocol library"

4. WebRTC Voice/Video Calling

Status: Fully implemented, needs device testing

What Works:

✅ 1-on-1 calls
✅ Group calls (up to 50 participants)
✅ Screen sharing
✅ Virtual backgrounds
✅ Call recording
✅ LiveKit integration
✅ 10,000+ lines of code

What's Limited:

⚠️ Not tested on real mobile devices
⚠️ CallKit integration untested
⚠️ Telecom Manager (Android) untested
⚠️ Network edge cases may exist

Impact: May have device-specific bugs

To Fix: 8-12 hours

Test on real iOS devices
Test on real Android devices
Test various network conditions
Verify CallKit/Telecom integration

5. Mobile Apps (iOS/Android)

Status: Configured and buildable, not tested on devices

What Works:

✅ Capacitor configuration complete
✅ iOS Xcode project
✅ Android Gradle project
✅ Native capabilities configured
✅ Build scripts ready

What's Limited:

⚠️ Not tested on real devices
⚠️ App Store assets incomplete
⚠️ No beta testing conducted
⚠️ Push notifications untested

Impact: Unknown device-specific issues

To Fix: 12-16 hours

Install on test devices (iPhone, Android)
Test all major features
Fix device-specific bugs
Prepare App Store/Play Store assets

6. Desktop Apps (Electron/Tauri)

Status: Configured and buildable, icons missing

What Works:

✅ Electron configuration
✅ Tauri configuration
✅ Window management
✅ System tray
✅ Auto-updates configured

What's Limited:

⚠️ No app icons (uses default)
⚠️ No DMG/installer branding
⚠️ Code signing not configured

Impact: Apps work but look unpolished

To Fix: 4-6 hours

Design and generate icons (1024x1024)
Create DMG background
Add installer branding
Configure code signing certificates

7. OAuth Providers

Status: Framework complete, individual providers need testing

What Works:

✅ 11 providers configured
✅ OAuth flow implemented
✅ Account linking
✅ Error handling

What's Limited:

⚠️ Not all providers tested end-to-end
⚠️ Some provider credentials may be test/sandbox
⚠️ Rate limiting needs verification

Impact: May have provider-specific issues

To Fix: 8-12 hours

Test each provider thoroughly
Verify production credentials
Test edge cases (denied permissions, etc.)

❌ Not Implemented (5-10% of features)

These features are mentioned in documentation but not implemented:

Advanced Analytics Dashboard: Metrics collection exists, but no admin dashboard UI
Bot Marketplace: Bot SDK exists, but no public marketplace
Advanced Moderation AI: Basic profanity filter exists, but no ML-based toxicity detection
Social Media Embeds: Link previews work, but no rich Instagram/TikTok/Twitter embeds
Workflow Automation: Webhooks exist, but no Zapier-style workflow builder

Impact: Features are missing but not critical for core functionality

To Implement: Each would take 16-40 hours

Test Status

Current Test Coverage

Total Tests: ~1,000-1,014 tests

Test Breakdown:

Unit tests: ~600
Integration tests: ~250
E2E tests: ~150+
Component tests: ~100+

Pass Rate: 98-99% (993-1,000 passing)

What's Tested Well:

✅ Core messaging flows
✅ Authentication
✅ Real-time features
✅ UI components
✅ Utilities and helpers

What Needs More Tests:

⚠️ Mobile-specific features
⚠️ Desktop-specific features
⚠️ Payment flows (end-to-end)
⚠️ Video processing
⚠️ WebRTC edge cases

Coverage Measurement: Not yet enabled

To enable: Add coverage configuration to Jest
Expected coverage: 70-80% when measured

Build Status

TypeScript

✅ Zero errors (down from ~1,900)
✅ Strict mode enabled
✅ All types validated

Build

✅ Production build succeeds
✅ No build errors
✅ Bundle size: 103 KB (optimized)
⚠️ Some peer dependency warnings (non-critical)

Warnings

WARN  Issues with peer dependencies found
├─┬ @capacitor/camera
│ └── ✕ unmet peer react@"^18.0.0": found 19.0.0

Impact: Warnings only, everything works. React 19 is forward-compatible.

Performance Status

What's Optimized

✅ Code splitting
✅ Lazy loading
✅ Image optimization
✅ Service worker caching
✅ Database indexing

What Needs Optimization

⚠️ Large channel message loading (could use virtual scrolling)
⚠️ Search result pagination
⚠️ File upload progress reporting

Metrics

Time to Interactive: ~2-3s
First Contentful Paint: ~1s
Lighthouse Score: Not measured yet

Security Status

What's Secure

✅ E2EE implementation (Double Ratchet)
✅ JWT authentication
✅ CSRF protection
✅ XSS sanitization
✅ SQL injection prevention (Hasura)
✅ Rate limiting

What Needs Security Audit

⚠️ Third-party OAuth flows
⚠️ Payment handling (PCI compliance)
⚠️ File upload validation
⚠️ WebRTC security

Recommendation: Professional security audit before production launch

Database Status

Implementation

✅ 222 database tables
✅ Comprehensive schema
✅ Migrations system
✅ Hasura GraphQL layer

What's Complete

✅ User management
✅ Channel management
✅ Message storage
✅ File metadata
✅ Encryption keys
✅ Audit logs

What May Need Optimization

⚠️ Large-scale message queries (10k+ messages)
⚠️ Search indexing for huge datasets
⚠️ Archive/retention policies

Documentation Status

What's Documented

✅ Setup wizard
✅ Authentication
✅ Theme system
✅ API endpoints (most)
✅ Architecture overview

What Needs Better Docs

⚠️ Deployment guide (partial)
⚠️ Troubleshooting guide
⚠️ API reference (incomplete)
⚠️ Plugin development guide

Documentation Issues

Previous claims: Documentation claimed "100% complete" and "Signal Protocol library"

Reality:

Implementation is ~80% complete
Uses Web Crypto API, not Signal library
Some features are MVP/mocked

This Document: Addresses the documentation honesty gap

What Makes This a "Beta"?

Not all features tested on real devices: Mobile and desktop apps need device testing
Some features are MVP: Stripe client, video processing
No security audit yet: Professional audit recommended
Limited production testing: Not battle-tested at scale
Documentation gaps: Some guides incomplete

What Makes This "Production-Ready Core"?

Core messaging works great: Real-time, reliable, tested
Zero TypeScript errors: Code quality is high
Build succeeds: Can deploy to production
Authentication solid: Dev and production modes work
UI polished: Professional, accessible, responsive
Real backend: Using production-grade Hasura/PostgreSQL

Upgrade Path to v1.0.0

Critical Path (Must-Have)

✅ Fix all TypeScript errors → DONE
✅ Ensure build works → DONE
⚠️ Implement real Stripe.js → 8-12 hours
⚠️ Test mobile apps on devices → 8-12 hours
⚠️ Security audit → 40-80 hours external

Important (Should-Have)

⚠️ Add video processing → 16-24 hours
⚠️ Complete OAuth testing → 8-12 hours
⚠️ Add desktop icons → 4-6 hours
⚠️ Enable test coverage measurement → 4 hours

Nice-to-Have

Social embeds (Instagram, TikTok)
Advanced analytics dashboard
Bot marketplace
ML toxicity detection

Total Critical Path: ~60-100 hours to v1.0.0

Comparison to Similar Projects

What We Have That Others Don't

✅ Complete setup wizard (12 steps)
✅ 27 theme presets
✅ Multi-platform (web, desktop, mobile)
✅ E2EE implementation
✅ Zero TypeScript errors
✅ RBAC system
✅ Real-time everything

What Others Have That We're Missing

⚠️ Production video processing (Discord, Slack)
⚠️ Real payment processing (Slack, Discord)
⚠️ Battle-tested at scale (all major platforms)
⚠️ App Store presence (all major platforms)

Honest Assessment

Strengths

Excellent foundation: Architecture is solid, extensible, well-organized
Type safety: Zero TypeScript errors is rare and valuable
Developer experience: Great DX with hot reload, dev auth, etc.
Modern stack: Next.js 15, React 19, latest everything
Feature breadth: 150+ features configured

Weaknesses

MVP features: Some features are placeholders or mocked
Limited testing: Not tested at scale or on all devices
Documentation gaps: Some areas under-documented
No production users: Not battle-tested
Missing polish: Icons, some UI refinements

Recommended Use Cases

✅ Good For:

Development and testing
Proof of concepts
Internal tools
Small team deployments (<50 users)
Learning modern web development

⚠️ Not Ready For:

Large-scale public launch
Processing real payments
Critical business operations
App Store submission (without testing)

Timeline to Production

Minimum: 2-3 weeks (critical path only)
Recommended: 4-6 weeks (includes security audit)
Ideal: 8-12 weeks (includes polish and optimization)

Conclusion

nself-chat v0.9.1 is a high-quality beta release with a solid foundation and most features working well. The core messaging, real-time features, and UI are production-ready. However, some advanced features are in MVP state or mocked, and more testing is needed before a public launch.

Honest Percentage: ~80% complete for v1.0.0

Key Takeaway: Don't be discouraged by the "limitations" - 80% complete with zero TypeScript errors and working builds is actually impressive. The remaining 20% is mostly testing, polish, and implementing the mocked features properly.

Recommendation: Continue with confidence. The foundation is strong. Focus on the critical path items, and v1.0.0 is very achievable.

Questions?

If you have questions about specific features or limitations, please:

Check the inline code comments
Review the test files for implementation details
Open an issue on GitHub
Refer to the main documentation in docs/

Last Updated: February 5, 2026 Next Review: After completing critical path items