Home A - Z
Page Index

An Otter Wiki

Commit e68889

2026-03-17 06:09:57 Claude (MCP): [mcp] Update To-Do: mark is_public complete, add UX issues, file login/nav items
To-Do.md ..
@@ 35,16 35,20 @@
### ~~MCP OAuth dynamic base URL~~ ✅ DEPLOYED (2026-03-17)
OAuth metadata endpoint uses request Host header. Each wiki's MCP endpoint works correctly.
- ### ~~SERVER_NAME hidden~~ ✅ MERGED (2026-03-17)
- SERVER_NAME field hidden from Application Preferences in PLATFORM_MODE. Awaiting next deploy.
+ ### ~~SERVER_NAME hidden~~ ✅ DEPLOYED (2026-03-17)
+ SERVER_NAME field hidden from Application Preferences in PLATFORM_MODE.
- ### ~~Upstream bug fix~~ submitted (2026-03-17)
- `handle_permissions_and_registration` missing ADMIN guard — PR pending to redimp/otterwiki (`fix/permissions-admin-guard`).
+ ### ~~Remove is_public toggle~~ ✅ DEPLOYED (2026-03-17)
+ READ_ACCESS replaces is_public as sole source of truth. Migration seeds READ_ACCESS=REGISTERED for private wikis.
+
+ ### ~~Login return_to redirect~~ ✅ DEPLOYED (2026-03-17)
+ Resolver passes wiki URL as return_to when redirecting to login. Auth server accepts *.robot.wtf URLs.
- ## In Progress
+ ### ~~SITE_NAME lazy init~~ ✅ DEPLOYED (2026-03-17)
+ display_name passed through to _init_wiki_db during lazy init.
- ### Remove `is_public` toggle (2026-03-17)
- `READ_ACCESS` preference replaces `is_public` as sole source of truth for anonymous access. Migration seeds `READ_ACCESS=REGISTERED` for wikis with `is_public=0`. In final verification.
+ ### ~~Upstream bug fix~~ submitted (2026-03-17)
+ `handle_permissions_and_registration` missing ADMIN guard — PR pending to redimp/otterwiki (`fix/permissions-admin-guard`).
## Blocking
@@ 52,8 56,6 @@
No per-wiki disk space limit. `page_count` and `disk_usage_bytes` fields in robot.db always read 0 — tier limits and quota enforcement are dead code. Design doc at [[Design/Wiki_Stats_Plugin]] describes an otterwiki plugin approach using lifecycle hooks + cron backstop. **Not yet implemented.**
### Management UI usability
- Dashboard needs cleanup now that permissions moved to Otterwiki's admin:
- - `is_public` toggle being removed (in progress)
- Wiki creation flow should default slug to username
- MCP connection instructions need to be clearer
- Settings page layout needs work
@@ 61,18 63,28 @@
### Landing page copy
Draft is live at robot.wtf/. Updated 2026-03-17. Still needs screenshots once UI is polished.
+ ## UX issues
+
+ ### Login page remembers nothing
+ The login page doesn't pre-fill the Bluesky handle from the platform JWT cookie. If a valid token exists, should skip login entirely and redirect to dashboard.
+
+ ### Login page visual mismatch
+ The login page color scheme and layout are completely different from the landing page, the Otterwiki admin panel, and the wikis themselves. Should be visually consistent.
+
+ ### No navigation from wiki to dashboard
+ There's no obvious way to get from within a wiki back to the platform dashboard or admin panel. Needs a nav link or menu item.
+
## Safety
### Backup coverage gaps
Backup cron runs every 4 hours, retains 7 days. Uses `sqlite3 .backup` for consistency.
- **What IS backed up:** `robot.db`, `mcp_oauth.db`, per-wiki `wiki.db` files (added 2026-03-17).
+ **What IS backed up:** `robot.db`, `mcp_oauth.db`, per-wiki `wiki.db` files.
**What is NOT backed up:**
- **Git repos** (`/srv/data/wikis/{slug}/repo/`) — all wiki content. Relies on Proxmox VM snapshots. **Verify Proxmox snapshot schedule is actually running.**
- **Signing keys** (`signing_key.pem`, `signing_key.pub`, `client_jwk.json`, `client_jwk_pub.json`) — losing these breaks all OAuth sessions. Generated once, never backed up. Should be added to backup script or Ansible vault.
- FAISS indexes — can be rebuilt from wiki content (not critical).
- - `robot.env`, `settings.cfg` — reproducible from Ansible vars + vault (not critical).
**Recommended actions (in priority order):**
1. Verify Proxmox snapshots are running on schedule
@@ 82,10 94,10 @@
5. Automate a periodic integrity check (`PRAGMA integrity_check` on all DBs)
### Backup verification
- No tested restore path exists. Minimal local test: pull a backup, run integrity checks on each DB, verify schema matches. Full test: restore to a container, start services, verify wiki access. See above for detailed plan.
+ No tested restore path exists. Minimal local test: pull a backup, run integrity checks on each DB, verify schema matches.
### Rate limiting
- No rate limiting on any endpoint. Caddy can add this. Not critical for soft launch with small community, needed before wider announcement.
+ No rate limiting on any endpoint. Caddy can add this. Not critical for soft launch, needed before wider announcement.
### OWASP high-priority items
From [[Security/OWASP_2025_Audit]]:
@@ 99,7 111,7 @@
## Not blocking but important
### Phase 2: User Management
- Explicit user roster per wiki. Admin adds DID handles, sets per-user flags. Completes the APPROVED access level. Design at [[Design/Admin_Panel_Reenablement]] (Phase 2 section). **Parked — implement after current batch.**
+ Consolidate Collaborators tab into Otterwiki's User Management panel. Explicit user roster per wiki. Admin adds DID handles, sets per-user flags. Completes the APPROVED access level. Remove Collaborators tab from dashboard. Design at [[Design/Admin_Panel_Reenablement]] (Phase 2 section).
### Wiki stats plugin
Track page count and disk usage via otterwiki lifecycle hooks. Enables tier limits and quota enforcement. Design at [[Design/Wiki_Stats_Plugin]]. **Parked — design only.**
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9