PHASE 2 ACTION PLAN - nself-org/nchat GitHub Wiki
Date: February 5, 2026 Priority: HIGH Time to Fix: 2-4 hours
Failed to compile.
Module not found: Can't resolve 'next-auth'
# Install missing dependency
npm install next-auth@latest
# Verify build
npm run buildsrc/app/api/channels/categories/route.ts
src/lib/security/secret-scanner.ts(42,61): error TS1005: ',' expected.
src/lib/security/secret-scanner.ts(77,57): error TS1005: ',' expected.
# Edit the file and fix syntax errors on lines 42 and 77
code src/lib/security/secret-scanner.tsnpm run type-checkDocumentation claims features are "implemented" when they're MVP mocks.
Add implementation status section:
## Implementation Status (v0.9.1)
### Production-Ready β
- WebRTC/LiveKit integration
- End-to-end encryption (Web Crypto API)
- Backend microservices (5 services)
- Database layer (44 migrations, 222 tables)
- Chat core functionality
### MVP/Partial β οΈ
- **Stripe Payments**: Client is mock, server integration exists
- **Media Pipeline**: Images β
, Video β (FFmpeg required)
- **Signal Protocol**: Custom implementation, not using @signalapp/libsignal-client
### Planned π§
- Video transcoding (requires FFmpeg)
- Real Stripe.js integration
- Advanced analytics (real-time)Add feature status badges:
## Features
### Communication
- [x] **Text Chat** - β
Production Ready
- [x] **Voice/Video Calls** - β
LiveKit Integration
- [x] **Screen Sharing** - β
WebRTC Implementation
- [x] **End-to-End Encryption** - β
Signal Protocol Algorithms
### Monetization
- [x] **Stripe Integration** - β οΈ MVP (Client mock, server ready)
- [ ] **Subscription Management** - π§ Planned
- [ ] **Payment Processing** - π§ Needs Stripe.js integration
### Media
- [x] **Image Upload/Processing** - β
Sharp.js
- [ ] **Video Transcoding** - π§ Requires FFmpeg
- [ ] **Text Extraction (OCR)** - π§ PlannedAdd "Implementation Details" column:
| Feature | Status | Implementation | Notes |
| ------------ | ------ | -------------- | ---------------------------------- |
| WebRTC Calls | β
| Production | Real RTCPeerConnection API |
| E2EE | β
| Production | Web Crypto API, not libsignal |
| Stripe | β οΈ | MVP | Mock client, real server endpoints |
| Media | β οΈ | Partial | Images β
, Video β |File: src/lib/webrtc/__tests__/screen-capture.test.ts
Issue: Mock causes infinite recursion
RangeError: Maximum call stack size exceeded
at ScreenCaptureManager.handleTrackEnded
Solution: Fix mock track event listeners
// Before (line 71)
stop: jest.fn(() => {
callbacks.forEach((cb) => cb(new Event('ended'))) // β Causes recursion
})
// After
stop: jest.fn(function () {
const track = this
track.readyState = 'ended'
// Don't trigger callbacks during cleanup
})File: jest.config.js
Issue: ESM module not transformed
SyntaxError: Unexpected token 'export'
at [email protected]/dist/browser/index.js
Solution: Add to transformIgnorePatterns
// jest.config.js
module.exports = {
transformIgnorePatterns: ['node_modules/(?!(jose|livekit-server-sdk|livekit-client)/)'],
}File: src/services/__tests__/plugin-integration.test.ts
Issue: Tests timeout waiting for services
thrown: "Exceeded timeout of 10000 ms for a hook"
Solution: Skip integration tests in CI until services are running
// Use environment variable
const PLUGINS_ENABLED = process.env.PLUGINS_ENABLED === 'true'
describe.skip('Plugin Integration Tests', () => {
// Tests will be skipped unless explicitly enabled
})Long-term: Set up docker-compose for test environment
Installed @signalapp/libsignal-client but using Web Crypto API instead.
# Update encryption implementation to use libsignal
# This will take ~1 week of developmentPros:
- Official Signal implementation
- Better compatibility
- Standard X25519/Ed25519
Cons:
- Significant refactoring required
- May break existing encrypted data
# In .claude/CLAUDE.md
## Encryption Implementation Note
Ι³Chat uses a custom Signal Protocol implementation built on Web Crypto API
instead of `@signalapp/libsignal-client`. This provides:
- **Compatibility**: Works in all modern browsers without WASM
- **Performance**: Native browser crypto
- **Security**: Uses ECDH P-256, AES-256-GCM, HKDF (cryptographically sound)
The implementation follows the Signal Protocol specification but uses
standard Web Crypto APIs (P-256 instead of X25519, ECDSA instead of Ed25519).
If official Signal library support is required, the package is already
installed and can be integrated.Pros:
- Transparent about implementation
- No code changes needed
- Current implementation is secure
Cons:
- May confuse users expecting official Signal library
Option 2 for now, Option 1 for future release.
- β Server-side Stripe SDK installed and used
- β Webhook handling implemented
- β Well-structured client interface
- β Client returns mock data
// src/lib/payments/stripe-client.ts
import { loadStripe, Stripe } from '@stripe/stripe-js'
export class StripeClient {
private stripe: Stripe | null = null
async initialize(): Promise<boolean> {
try {
// β
Real Stripe.js loading
this.stripe = await loadStripe(this.config.publishableKey)
this.initialized = this.stripe !== null
return this.initialized
} catch (error) {
console.error('Failed to load Stripe:', error)
return false
}
}
}async createPaymentIntent(params: PaymentIntentParams): Promise<StripeClientResult<PaymentIntent>> {
if (!this.stripe) {
return { success: false, error: { code: 'not_initialized', ... } }
}
try {
// β
Real API call to backend
const response = await fetch('/api/billing/create-payment-intent', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(params),
})
const { clientSecret, ...data } = await response.json()
return {
success: true,
data: {
...data,
clientSecret,
}
}
} catch (error) {
return { success: false, error: this.handleError(error) }
}
}async confirmPaymentIntent(paymentIntentId: string, paymentMethodId: string): Promise<StripeClientResult<PaymentIntent>> {
if (!this.stripe) {
return { success: false, error: { code: 'not_initialized', ... } }
}
try {
// β
Real Stripe.js confirmation
const result = await this.stripe.confirmCardPayment(clientSecret, {
payment_method: paymentMethodId,
})
if (result.error) {
return { success: false, error: this.handleError(result.error) }
}
return {
success: true,
data: this.mapPaymentIntent(result.paymentIntent)
}
} catch (error) {
return { success: false, error: this.handleError(error) }
}
}# Use Stripe test mode
STRIPE_PUBLISHABLE_KEY=pk_test_xxx
STRIPE_SECRET_KEY=sk_test_xxx
# Test cards
4242 4242 4242 4242 # Success
4000 0000 0000 0002 # Declinenpm install @stripe/stripe-js@latest- Quick Fix (mock β backend proxy): 2 hours
- Full Integration (real Stripe.js): 8 hours
- Testing & Polish: 4 hours
- Total: ~12-14 hours for production-ready
After completing fixes, verify:
β
npm run build # Should succeed
β
npm run type-check # No errors
β
npm run lint # All files passβ
npm run test # >95% pass rate
β
npm run test -- --coverage # Measure actual coverage
β
npm run test:e2e # E2E tests passβ
.claude/CLAUDE.md updated # Implementation status added
β
README.md updated # Feature status badges
β
docs/Features-Complete.md # Implementation detailsβ
No "TODO" in critical paths
β
No misleading comments
β
Mock implementations clearly marked- Fix build (next-auth)
- Fix TypeScript errors
- Update documentation
- Fix screen capture test
- Configure Jest for ESM
- Document Signal Protocol approach
- Implement real Stripe integration
- Add integration test environment
- Measure test coverage
- β Build succeeds without errors
- β Documentation accurately reflects implementation
- β Test pass rate >95%
- β TypeScript errors = 0
- π Stripe integration is real (not mock)
- π Test coverage measured and >80%
- π All integration tests passing
- π§ Official Signal Protocol library
- π§ Video transcoding (FFmpeg)
- π§ Advanced analytics features
Prepared By: Phase 2 QA Verification Date: February 5, 2026 Status: READY FOR IMPLEMENTATION