# Master Implementation Plan This document serves as the central roadmap, referencing tasks from: - [`database-todos.md`](./database-todos.md) (DB) - [`security.md`](./security.md) (SEC) - [`caching.md`](./caching.md) (CACHE) ## Phase 1: Foundation (Schema & Data Security) *Goal: Secure the data layer and enable collaboration primitives.* - [ ] **[DB] Split `profiles` into `profiles_public` & `user_secrets`** - [ ] Create table & Migrate data (Ref: [`src/integrations/supabase/types.ts`](../src/integrations/supabase/types.ts)). - [ ] **[SEC]** Apply RLS to `user_secrets` (`user_id = auth.uid()`). - [ ] **[DB] Create `page_collaborators` Table** - [ ] Define columns & Unique Constraints. - [ ] **[SEC]** Implement RLS for shared Page access (Viewer/Editor logic). ## Phase 2: Server Core & API *Goal: Build the "Smart Proxy" layer to handle data fetching and caching.* - [ ] **[CACHE] Implement `CacheAdapter`** - [ ] Create Interface (Target: `server/src/commons/cache/types.ts`). - [ ] Implement `MemoryCache` (default) & `RedisCache` (optional). - [ ] **[DB] Implement Server Endpoints in [`ServingProduct`](../server/src/products/serving/index.ts)** - [ ] `GET /api/feed` (Hydrated View-Ready Feed). - [ ] `GET /api/profile/:id` (Public Profile). - [ ] `GET /api/me/secrets` (Secure Settings access). - [ ] **[CACHE] Apply Caching to Endpoints** - [ ] Cache Feed (60s) & Profiles (5m). ## Phase 3: Client Security & Refactor *Goal: Stop leaking keys and move to the Proxy.* - [ ] **[SEC] Critical: Remove Client-Side Key Fetching** - [ ] Scrub `profiles` selects in [`Profile.tsx`](../src/pages/Profile.tsx) and [`db.ts`](../src/lib/db.ts). - [ ] Remove API Key inputs from Profile UI in [`Profile.tsx`](../src/pages/Profile.tsx). - [ ] **[DB] Client Data Layer Refactor** - [ ] Update [`db.ts`](../src/lib/db.ts) to use `fetchFeedFromProxy` / `fetchProfileFromProxy`. - [ ] Deprecate direct Supabase `select` calls for core content. - [ ] **[SEC] Hardening** - [ ] **[SEC]** Handle 404s/403s in [`Post.tsx`](../src/pages/Post.tsx) correctly. ## Phase 4: Performance & Optimization *Goal: Instant loads and "feels native" speed.* - [ ] **[DB] Server-Side Injection (SSR-Lite)** - [ ] Inject `window.__INITIAL_STATE__` into `index.html` via [`ServingProduct`](../server/src/products/serving/index.ts). - [ ] **[CACHE] Client Hydration** - [ ] Configure React Query to hydrate from `__INITIAL_STATE__`. - [ ] Set global `staleTime` to 5m. - [ ] **[SEC] Rate Limiting** - [ ] Add limits to API endpoints.