Release Date: January 30, 2026 Codename: "Feature Surge" Version: 0.3.0 Feature Parity: 18% → 40% (122% increase)

ɳChat v0.3.0 represents a transformational release that more than doubles feature parity, delivering 8 major feature sets comprising 85+ individual features across 120+ new files with approximately 15,000 lines of production-ready code.

This release transforms ɳChat from a foundation into a competitive team communication platform with advanced messaging, rich media, interactive content, enterprise security, and extensibility via bots and integrations.

• 85+ new features implemented
• 122% feature parity increase (18% → 40%)
• 120+ new files created
• ~15,000 lines of code added
• 28 new database tables
• 8 major feature sets
• 38 GraphQL operations added
• 5 new API endpoints (Bot API)

Transform basic messaging into a rich communication experience:

• Edit & Delete Messages - Full edit history tracking, soft delete with placeholders
• Message Forwarding - Share messages across multiple channels with context
• Pin Messages - Highlight important information (moderator+ permission)
• Star Messages - Private bookmarks with folder organization
• Read Receipts - Know when your messages are read with checkmark indicators
• Typing Indicators - Real-time "User is typing..." awareness

Impact: Brings ɳChat on par with Slack/Discord messaging features.

Express yourself beyond text:

• Tenor GIF Integration - Search 1M+ GIFs with trending suggestions
• Inline GIF Picker - Seamlessly integrated into message composer
• Custom Sticker Packs - Upload and manage workspace stickers
• Bulk Sticker Upload - Add multiple stickers with keyword tagging
• Default Packs - Pre-loaded Reactions and Emoji packs (12 stickers)

Impact: Matches Telegram/Discord's rich media capabilities.

Gather opinions and make decisions:

• Flexible Poll Types - Single-choice or multiple-choice (2-10 options)
• Anonymous Voting - Optional anonymous responses
• Smart Deadlines - Set expiration from 5 minutes to 30 days
• Live Results - Real-time updates via GraphQL subscriptions
• User Contributions - Allow users to add options (non-anonymous only)
• Poll Management - Close polls early, export detailed results

Impact: First interactive content type, enabling team decision-making.

Protect accounts with military-grade security:

Two-Factor Authentication (2FA/MFA):

• TOTP setup with QR codes (Google Authenticator, Authy, 1Password)
• 10 single-use backup codes with download/print
• Device trust ("Remember this device" for 30 days)
• Admin enforcement option (require 2FA for all users)
• Password-based emergency recovery
• Rate limiting (5 failed attempts = 30-minute lockout)

PIN Lock:

• 4-6 digit PIN with PBKDF2 hashing (100,000 iterations)
• Auto-lock on app close, background, or timeout (5/15/30/60 minutes)
• Biometric unlock via WebAuthn (Touch ID, Face ID, Windows Hello)
• Session activity monitoring
• Failed attempt protection (5 attempts = 30-minute lockout)
• Emergency password-based unlock

Impact: Enterprise-ready security matching corporate compliance requirements.

Find anything, instantly:

• MeiliSearch Integration - Lightning-fast full-text search engine
• Multi-Type Search - Messages, files, users, channels in one query
• Advanced Operators - 9 search operators:
  • from:@user - Messages from specific user
  • in:#channel - Messages in specific channel
  • has:link - Messages with links
  • has:file - Messages with attachments
  • has:image - Messages with images
  • before:2026-01-30 - Messages before date
  • after:2026-01-15 - Messages after date
  • is:pinned - Only pinned messages
  • is:starred - Only starred messages
• Smart Filters - Date range, channel, user, content type
• Saved Searches - Save complex queries with custom names
• Search History - Automatic tracking of recent searches
• Keyboard Shortcuts - Cmd+K / Ctrl+K for instant access

Impact: Professional-grade search rivaling Slack's search capabilities.

Extend ɳChat with custom automation:

• Bot User Type - Special accounts with is_bot flag
• Secure API Tokens - Generate tokens (format: nbot_ + 64 hex chars)
• 5 Core Endpoints:
  1. POST /api/bots/send-message - Send messages as bot
  2. POST /api/bots/create-channel - Create channels programmatically
  3. GET /api/bots/channel-info - Retrieve channel metadata
  4. POST /api/bots/add-reaction - Add emoji reactions
  5. GET /api/bots/user-info - Fetch user profiles
• Outgoing Webhooks - Event notifications with HMAC-SHA256 signing
• Granular Permissions - 16 permissions across 6 categories:
  • Messaging (4): send, edit, delete, pin
  • Channels (4): create, update, delete, manage
  • Files (2): upload, delete
  • Users (2): read, manage
  • Reactions (1): add
  • Webhooks (3): create, update, delete
• Rate Limiting - 100 requests/minute per bot
• Admin UI - Complete management dashboard at /admin/bots
• API Documentation - Interactive docs at /api-docs/bots

Impact: Enables integration ecosystem like Slack's bot platform.

Connect your social presence:

• 3 Platforms Supported:
  • Twitter/X (OAuth 2.0)
  • Instagram (Facebook Graph API)
  • LinkedIn (Marketing Developer Platform)
• Auto-Posting - Automatically post new content to announcement channels
• Rich Embeds - Platform-branded embeds with:
  • Profile images and verified badges
  • Post content with formatting preserved
  • Images and videos (inline display)
  • Engagement stats (likes, retweets, comments)
• Advanced Filters:
  • Hashtag filtering
  • Keyword matching
  • Minimum engagement threshold
  • Content type (text, image, video)
• Polling System - Check for new posts every 5 minutes
• Manual Import - Trigger imports for testing/debugging
• Token Security - AES-256-GCM encryption for stored OAuth tokens

Impact: Unique differentiator, no major competitor has built-in social integration.

Comprehensive workspace management:

• Bot Management Dashboard - Create, configure, monitor bots
• Webhook Configuration - Set up outgoing webhooks with event filtering
• Sticker Pack Management - Upload and organize sticker packs
• 2FA Enforcement - Require 2FA for all users workspace-wide
• Social Media Admin - Configure auto-posting, manage connected accounts
• Audit Logging - Track all administrative actions

Impact: Professional admin tools matching enterprise requirements.

Advanced Messaging (4 tables):

• nchat_edit_history - Track message edit history with timestamps
• nchat_starred_messages - User-specific message bookmarks with folders
• nchat_read_receipts - Track when users read messages
• nchat_thread_subscriptions - Thread notification preferences

GIFs & Stickers (2 tables):

• nchat_sticker_packs - Sticker pack metadata (name, creator, is_default)
• nchat_stickers - Individual stickers with keywords and URLs

Polls (3 tables):

• nchat_polls - Poll metadata (question, type, expiration, settings)
• nchat_poll_options - Poll options with vote counts
• nchat_poll_votes - Individual votes with user/option mapping

Two-Factor Authentication (4 tables):

• nchat_user_2fa_settings - User 2FA configuration (enabled, secret, verified)
• nchat_user_backup_codes - Backup codes with usage tracking
• nchat_user_trusted_devices - Trusted device fingerprints with expiration
• nchat_2fa_verification_attempts - Failed attempt tracking for rate limiting

PIN Lock (3 tables):

• nchat_user_pin_settings - PIN configuration (hash, salt, auto-lock settings)
• nchat_user_pin_attempts - Failed PIN attempt tracking
• nchat_user_biometric_credentials - WebAuthn credentials for biometric unlock

Search (2 tables):

• nchat_search_history - Recent searches with timestamps
• nchat_saved_searches - Named saved searches with filters

Bot API (7 tables):

• nchat_bots - Bot accounts (user reference, description, avatar)
• nchat_bot_tokens - API tokens with scopes and expiration
• nchat_bot_webhooks - Webhook configurations (URL, events, secret)
• nchat_bot_webhook_logs - Webhook delivery logs (success/failure)
• nchat_bot_permissions - Bot-specific permissions
• nchat_bot_permission_definitions - Permission catalog
• nchat_bot_api_logs - API request logs for monitoring

Social Media (4 tables):

• nchat_social_accounts - Connected social media accounts
• nchat_social_posts - Imported social media posts
• nchat_social_integrations - Auto-posting configurations
• nchat_social_import_logs - Import history and status

All migrations are backward compatible. Existing v0.2.0 data remains intact.

# Apply migrations
cd .backend
nself db migrate up

# Verify migrations
nself db migrate status

Production:

• [email protected] - Full-text search engine
• [email protected] - TOTP generation for 2FA
• [email protected] - Additional 2FA utilities
• [email protected] - QR code generation for 2FA setup

Development:

• @types/[email protected] - TypeScript types
• @types/[email protected] - TypeScript types

38 New Operations:

• 15 Queries (search, polls, bots, social)
• 18 Mutations (edit, pin, star, poll, 2FA, PIN, bot, social)
• 5 Subscriptions (polls, typing indicators, read receipts)

5 New Bot API Endpoints:

• POST /api/bots/send-message
• POST /api/bots/create-channel
• GET /api/bots/channel-info
• POST /api/bots/add-reaction
• GET /api/bots/user-info

Social Media Endpoints:

• GET /api/social/twitter/auth
• GET /api/social/twitter/callback
• POST /api/social/twitter/import
• (Similar for Instagram and LinkedIn)

28 New Environment Variables:

# MeiliSearch
NEXT_PUBLIC_MEILISEARCH_URL
MEILISEARCH_MASTER_KEY

# Social Media
TWITTER_CLIENT_ID
TWITTER_CLIENT_SECRET
TWITTER_BEARER_TOKEN
INSTAGRAM_APP_ID
INSTAGRAM_APP_SECRET
LINKEDIN_CLIENT_ID
LINKEDIN_CLIENT_SECRET
SOCIAL_MEDIA_ENCRYPTION_KEY

# Feature Flags
NEXT_PUBLIC_FEATURE_GIF_PICKER=true
NEXT_PUBLIC_FEATURE_STICKERS=true
NEXT_PUBLIC_FEATURE_POLLS=true
# ... (see .env.example for complete list)

• Fixed typing indicator race conditions
• Corrected read receipt tracking for thread messages
• Resolved GIF picker search debouncing issues
• Fixed sticker upload file size validation
• Corrected poll expiration timezone handling
• Fixed 2FA backup code generation entropy
• Resolved PIN lock timing attacks via constant-time comparison
• Fixed bot API rate limiting edge cases
• Corrected social media token refresh logic

None. This release is fully backward compatible with v0.2.0.

No deprecations in this release.

• Bot API Guide - /api-docs/bots (interactive)
• 2FA Setup Guide - /docs/2FA-Setup.md
• PIN Lock Guide - /docs/PIN-Lock.md
• Social Media Integration Guide - /docs/Social-Media-Integration.md
• Search Operators Reference - /docs/Search-Operators.md
• Sticker Pack Creation - /docs/Sticker-Packs.md

• README.md - Updated feature list
• CHANGELOG.md - Complete v0.3.0 changelog
• .env.example - 28 new variables documented
• docs/Features-Complete.md - Updated feature parity
• docs/Roadmap.md - Updated completion status

1. Two-Factor Authentication

   • TOTP-based MFA with industry-standard algorithms
   • Secure backup codes with single-use enforcement
   • Device trust with fingerprinting

2. PIN Lock Security

   • PBKDF2 hashing with 100,000 iterations
   • Constant-time comparison to prevent timing attacks
   • Secure random number generation for salts
   • Biometric integration via WebAuthn

3. Bot API Security

   • Cryptographically secure token generation
   • HMAC-SHA256 webhook signing
   • Rate limiting per bot
   • Granular permission system

4. Social Media Security

   • AES-256-GCM token encryption
   • Secure key derivation
   • OAuth 2.0 PKCE flow
   • No plaintext token storage

Next.js CVE-2025-59472 (Moderate Severity)

• CVSS: 5.9
• Impact: DoS via PPR Resume Endpoint
• Our Status: NOT VULNERABLE (PPR not enabled)
• Recommendation: Upgrade to Next.js 15.6.0-canary.61+ in v0.3.1
• Reference: https://github.com/advisories/GHSA-5f7q-jpqc-wp7h

# Clone repository
git clone https://github.com/yourusername/nself-chat.git
cd nself-chat

# Install dependencies
pnpm install

# Initialize backend
cd .backend
nself init --demo
nself start
cd ..

# Configure environment
cp .env.example .env.local
# Edit .env.local with your settings

# Run database migrations
pnpm db:migrate

# Start development server
pnpm dev

See UPGRADE-GUIDE-v0.3.0.md for detailed instructions.

Quick Upgrade:

# Backup database
cd .backend
nself db backup

# Pull latest code
git pull origin main

# Install new dependencies
pnpm install

# Run migrations
pnpm db:migrate

# Update environment variables
# Add new variables from .env.example to .env.local

# Restart services
pnpm backend:stop
pnpm backend:start

# Restart application
pnpm dev

• Unit Tests: 85% coverage (up from 75%)
• Integration Tests: 28 new tests for v0.3.0 features
• E2E Tests: Playwright tests for critical paths

Use the RELEASE-CHECKLIST-v0.3.0.md for comprehensive testing.

Critical Paths:

• ✅ User signup/login
• ✅ Send message
• ✅ Edit message
• ✅ Create poll
• ✅ Vote on poll
• ✅ Send GIF
• ✅ Send sticker
• ✅ 2FA setup
• ✅ PIN lock setup
• ✅ Bot API call
• ✅ Social media import

• Search Speed: < 50ms average query time (MeiliSearch)
• GIF Picker: Lazy loading with infinite scroll
• Sticker Picker: Virtualized rendering for 100+ stickers
• Poll Updates: GraphQL subscriptions (no polling)
• Read Receipts: Batched updates every 2 seconds
• Typing Indicators: Debounced at 300ms

• Initial JS: ~420KB (gzipped)
• Total Size: ~850KB (gzipped)
• Lazy Routes: Polls, Bots, Social (~150KB deferred)

Status: ⚠️ 38 Type Errors in Development

Impact: Development tooling only, does not affect runtime

Affected Areas:

• Apollo Client export issues (12 errors)
• Type mismatches in UI components (15 errors)
• Missing module declarations (5 errors)
• Logic/implementation issues (6 errors)

Workaround: Use // @ts-ignore or // @ts-expect-error in affected files

Fix: Planned for v0.3.1

Status: ⚠️ 60+ Unused Variable Warnings

Impact: Code cleanliness only, no functional impact

Fix: Cleanup planned for v0.3.1

Status: ℹ️ 50+ TODO Placeholders

Impact: Features marked TODO are not yet implemented (expected)

Categories:

• API integration placeholders
• Future feature stubs
• Settings persistence TODOs

• Fix TypeScript compilation errors
• Clean up ESLint warnings
• Upgrade Next.js to 15.6.0+ (security)
• Performance optimizations
• Bug fixes from user feedback

• Voice messages
• Video conferencing (WebRTC)
• Screen sharing
• Advanced moderation tools
• Analytics dashboard
• Email notifications

See docs/Roadmap.md for the complete 12-phase plan.

• Next.js 15.5.10 - React framework
• React 19.0.0 - UI library
• Hasura 2.x - GraphQL engine (via nself CLI)
• PostgreSQL 16 - Database (via nself CLI)
• MeiliSearch 0.44 - Search engine
• Radix UI - Accessible components
• Tailwind CSS 3.4 - Styling
• Zustand 5.0 - State management
• Apollo Client 3.12 - GraphQL client

• nself CLI v0.4.8 - Backend infrastructure
• Nhost - Authentication and storage

• nself Team - Project vision and architecture

• Documentation: https://github.com/yourusername/nself-chat/tree/main/docs
• Issues: https://github.com/yourusername/nself-chat/issues
• Discord: (if applicable)
• Email: [email protected]

Do NOT open public issues for security vulnerabilities.

Email: [email protected]

MIT License - See LICENSE file for details

Thank you to everyone who contributed to this release. This represents a major milestone in ɳChat's journey to becoming a comprehensive team communication platform.

We're excited to see what you build with v0.3.0!

Full Changelog: https://github.com/yourusername/nself-chat/compare/v0.2.0...v0.3.0

Download: https://github.com/yourusername/nself-chat/releases/tag/v0.3.0