Home A - Z
Page Index

An Otter Wiki
Properties 
category: reference
tags: [tasks, milestones, launch]
last_updated: 2026-03-17
confidence: high

Pre-Launch Milestone

Work required before opening robot.wtf to the ATProto community. Everything here is either a bug, a missing feature that blocks usability, or a safety issue.

Completed

MCP wiki routing (bug) ✅ FIXED (2026-03-15)

Fixed and deployed. See Tasks/MCP_Wiki_Routing.

Multi-tenant semantic search (bug) ✅ FIXED (2026-03-17)

See Tasks/Semantic_Search_Architecture and Tasks/Semantic_Search_Multi_Tenant.

FAISS index corruption risk ✅ RESOLVED (2026-03-15)

Sync thread removed. Index updates now happen through page lifecycle hooks only.

OAuth token refresh ✅ FIXED (2026-03-17)

ACCESS_TOKEN_EXPIRY_SECONDS extended from 3600 to 7 days (604800). Refresh tokens set to 30 days.

Per-wiki databases ✅ DEPLOYED (2026-03-17)

Each wiki gets /srv/data/wikis/{slug}/wiki.db with preferences, drafts, user, cache tables. Resolver swaps DB per-request.

Permissions panel ✅ DEPLOYED (2026-03-17)

Wiki owners can set READ_ACCESS/WRITE_ACCESS/ATTACHMENT_ACCESS via Otterwiki's admin UI. Resolver enforces by intersecting with platform ACL.

MCP OAuth hardcoded defaults ✅ DEPLOYED (2026-03-17)

CONSENT_URL and PLATFORM_DOMAIN no longer default to robot.wtf. InMemoryOAuthProvider fallback when unset.

MCP OAuth dynamic base URL ✅ DEPLOYED (2026-03-17)

OAuth metadata endpoint uses request Host header. Each wiki's MCP endpoint works correctly.

SERVER_NAME hidden ✅ MERGED (2026-03-17)

SERVER_NAME field hidden from Application Preferences in PLATFORM_MODE. Awaiting next deploy.

Upstream bug fix submitted (2026-03-17)

handle_permissions_and_registration missing ADMIN guard — PR pending to redimp/otterwiki (fix/permissions-admin-guard).

In Progress

Remove is_public toggle (2026-03-17)

READ_ACCESS preference replaces is_public as sole source of truth for anonymous access. Migration seeds READ_ACCESS=REGISTERED for wikis with is_public=0. In final verification.

Blocking

Disk usage cap

No per-wiki disk space limit. page_count and disk_usage_bytes fields in robot.db always read 0 — tier limits and quota enforcement are dead code. Design doc at Design/Wiki_Stats_Plugin describes an otterwiki plugin approach using lifecycle hooks + cron backstop. Not yet implemented.

Management UI usability

Dashboard needs cleanup now that permissions moved to Otterwiki's admin:

  • is_public toggle being removed (in progress)
  • Wiki creation flow should default slug to username
  • MCP connection instructions need to be clearer
  • Settings page layout needs work

Landing page copy

Draft is live at robot.wtf/. Updated 2026-03-17. Still needs screenshots once UI is polished.

Safety

Backup coverage gaps

Backup cron runs every 4 hours, retains 7 days. Uses sqlite3 .backup for consistency.

What IS backed up: robot.db, mcp_oauth.db, per-wiki wiki.db files (added 2026-03-17).

What is NOT backed up:

  • Git repos (/srv/data/wikis/{slug}/repo/) — all wiki content. Relies on Proxmox VM snapshots. Verify Proxmox snapshot schedule is actually running.
  • Signing keys (signing_key.pem, signing_key.pub, client_jwk.json, client_jwk_pub.json) — losing these breaks all OAuth sessions. Generated once, never backed up. Should be added to backup script or Ansible vault.
  • FAISS indexes — can be rebuilt from wiki content (not critical).
  • robot.env, settings.cfg — reproducible from Ansible vars + vault (not critical).

Recommended actions (in priority order):

  1. Verify Proxmox snapshots are running on schedule
  2. Add git bundle create per wiki to the backup script
  3. Add signing key backup to the script
  4. Write and test a restore script
  5. Automate a periodic integrity check (PRAGMA integrity_check on all DBs)

Backup verification

No tested restore path exists. Minimal local test: pull a backup, run integrity checks on each DB, verify schema matches. Full test: restore to a container, start services, verify wiki access. See above for detailed plan.

Rate limiting

No rate limiting on any endpoint. Caddy can add this. Not critical for soft launch with small community, needed before wider announcement.

OWASP high-priority items

From Security/OWASP_2025_Audit:

  • Bcrypt linear scan DoS: scan_by_token() iterates all wiki rows with bcrypt.checkpw() per MCP request. O(N) bcrypt operations. Needs index or prefix-based lookup.
  • Security response headers: Add X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security in Caddy.
  • Security logging: No audit trail for auth events, ACL changes, wiki deletions.

Git remote push/pull security

Repository Management admin panel lets wiki owners store SSH keys that the platform executes. Should be gated or disabled in PLATFORM_MODE. Noted in Design/Admin_Panel_Reenablement.

Not blocking but important

Phase 2: User Management

Explicit user roster per wiki. Admin adds DID handles, sets per-user flags. Completes the APPROVED access level. Design at Design/Admin_Panel_Reenablement (Phase 2 section). Parked — implement after current batch.

Wiki stats plugin

Track page count and disk usage via otterwiki lifecycle hooks. Enables tier limits and quota enforcement. Design at Design/Wiki_Stats_Plugin. Parked — design only.

SMTP alerts test

Health check and disk monitoring alerts configured but not tested end-to-end.

CI/CD pipeline

Currently deploy is git push + ansible-playbook. GitHub Actions for tests on PR + auto-deploy would reduce risk.