Home A - Z
Page Index
Properties 
category: reference
tags: [tasks, milestones, launch]
last_updated: 2026-03-17
confidence: high

Pre-Launch Milestone

Work required before opening robot.wtf to the ATProto community. Everything here is either a bug, a missing feature that blocks usability, or a safety issue.

Completed

MCP wiki routing (bug) ✅ FIXED (2026-03-15)

Fixed and deployed. See Tasks/MCP_Wiki_Routing.

Multi-tenant semantic search (bug) ✅ FIXED (2026-03-17)

See Tasks/Semantic_Search_Architecture and Tasks/Semantic_Search_Multi_Tenant.

FAISS index corruption risk ✅ RESOLVED (2026-03-15)

Sync thread removed. Index updates now happen through page lifecycle hooks only.

OAuth token refresh ✅ FIXED (2026-03-17)

ACCESS_TOKEN_EXPIRY_SECONDS extended from 3600 to 7 days (604800). Refresh tokens set to 30 days.

Per-wiki databases ✅ DEPLOYED (2026-03-17)

Each wiki gets /srv/data/wikis/{slug}/wiki.db with preferences, drafts, user, cache tables. Resolver swaps DB per-request.

Permissions panel ✅ DEPLOYED (2026-03-17)

Wiki owners can set READ_ACCESS/WRITE_ACCESS/ATTACHMENT_ACCESS via Otterwiki's admin UI. Resolver enforces by intersecting with platform ACL.

MCP OAuth hardcoded defaults ✅ DEPLOYED (2026-03-17)

CONSENT_URL and PLATFORM_DOMAIN no longer default to robot.wtf. InMemoryOAuthProvider fallback when unset.

MCP OAuth dynamic base URL ✅ DEPLOYED (2026-03-17)

OAuth metadata endpoint uses request Host header. Each wiki's MCP endpoint works correctly.

SERVER_NAME hidden ✅ DEPLOYED (2026-03-17)

SERVER_NAME field hidden from Application Preferences in PLATFORM_MODE.

Remove is_public toggle ✅ DEPLOYED (2026-03-17)

READ_ACCESS replaces is_public as sole source of truth. Migration seeds READ_ACCESS=REGISTERED for private wikis.

Login return_to redirect ✅ DEPLOYED (2026-03-17)

Resolver passes wiki URL as return_to when redirecting to login. Auth server accepts *.robot.wtf URLs.

SITE_NAME lazy init ✅ DEPLOYED (2026-03-17)

display_name passed through to _init_wiki_db during lazy init.

Upstream bug fix submitted (2026-03-17)

handle_permissions_and_registration missing ADMIN guard — PR pending to redimp/otterwiki (fix/permissions-admin-guard).

Blocking

Disk usage cap

No per-wiki disk space limit. page_count and disk_usage_bytes fields in robot.db always read 0 — tier limits and quota enforcement are dead code. Design doc at Design/Wiki_Stats_Plugin describes an otterwiki plugin approach using lifecycle hooks + cron backstop. Not yet implemented.

Management UI usability

  • Wiki creation flow should default slug to username
  • MCP connection instructions need to be clearer
  • Settings page layout needs work

Landing page copy

Draft is live at robot.wtf/. Updated 2026-03-17. Still needs screenshots once UI is polished.

UX issues

Login page remembers nothing

The login page doesn't pre-fill the Bluesky handle from the platform JWT cookie. If a valid token exists, should skip login entirely and redirect to dashboard.

Login page visual mismatch

The login page color scheme and layout are completely different from the landing page, the Otterwiki admin panel, and the wikis themselves. Should be visually consistent.

No navigation from wiki to dashboard

There's no obvious way to get from within a wiki back to the platform dashboard or admin panel. Needs a nav link or menu item.

Safety

Backup coverage gaps

Backup cron runs every 4 hours, retains 7 days. Uses sqlite3 .backup for consistency.

What IS backed up: robot.db, mcp_oauth.db, per-wiki wiki.db files.

What is NOT backed up:

  • Git repos (/srv/data/wikis/{slug}/repo/) — all wiki content. Relies on Proxmox VM snapshots. Verify Proxmox snapshot schedule is actually running.
  • Signing keys (signing_key.pem, signing_key.pub, client_jwk.json, client_jwk_pub.json) — losing these breaks all OAuth sessions. Generated once, never backed up. Should be added to backup script or Ansible vault.
  • FAISS indexes — can be rebuilt from wiki content (not critical).

Recommended actions (in priority order):

  1. Verify Proxmox snapshots are running on schedule
  2. Add git bundle create per wiki to the backup script
  3. Add signing key backup to the script
  4. Write and test a restore script
  5. Automate a periodic integrity check (PRAGMA integrity_check on all DBs)

Backup verification

No tested restore path exists. Minimal local test: pull a backup, run integrity checks on each DB, verify schema matches.

Rate limiting

No rate limiting on any endpoint. Caddy can add this. Not critical for soft launch, needed before wider announcement.

OWASP high-priority items

From Security/OWASP_2025_Audit:

  • Bcrypt linear scan DoS: scan_by_token() iterates all wiki rows with bcrypt.checkpw() per MCP request. O(N) bcrypt operations. Needs index or prefix-based lookup.
  • Security response headers: Add X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security in Caddy.
  • Security logging: No audit trail for auth events, ACL changes, wiki deletions.

Git remote push/pull security

Repository Management admin panel lets wiki owners store SSH keys that the platform executes. Should be gated or disabled in PLATFORM_MODE. Noted in Design/Admin_Panel_Reenablement.

Not blocking but important

Phase 2: User Management

Consolidate Collaborators tab into Otterwiki's User Management panel. Explicit user roster per wiki. Admin adds DID handles, sets per-user flags. Completes the APPROVED access level. Remove Collaborators tab from dashboard. Design at Design/Admin_Panel_Reenablement (Phase 2 section).

Wiki stats plugin

Track page count and disk usage via otterwiki lifecycle hooks. Enables tier limits and quota enforcement. Design at Design/Wiki_Stats_Plugin. Parked — design only.

SMTP alerts test

Health check and disk monitoring alerts configured but not tested end-to-end.

CI/CD pipeline

Currently deploy is git push + ansible-playbook. GitHub Actions for tests on PR + auto-deploy would reduce risk.