mono/packages/ui/docs/overview-todos.md

Master Implementation Plan

This document serves as the central roadmap, referencing tasks from:

• database-todos.md (DB)
• security.md (SEC)
• caching.md (CACHE)

Phase 1: Foundation (Schema & Data Security)

Goal: Secure the data layer and enable collaboration primitives.

• [DB] Split profiles into profiles_public & user_secrets
  • Create table & Migrate data (Ref: src/integrations/supabase/types.ts).
  • [SEC] Apply RLS to user_secrets (user_id = auth.uid()).
• [DB] Create page_collaborators Table
  • Define columns & Unique Constraints.
  • [SEC] Implement RLS for shared Page access (Viewer/Editor logic).

Phase 2: Server Core & API

Goal: Build the "Smart Proxy" layer to handle data fetching and caching.

• [CACHE] Implement CacheAdapter
  • Create Interface (Target: server/src/commons/cache/types.ts).
  • Implement MemoryCache (default) & RedisCache (optional).
• [DB] Implement Server Endpoints in ServingProduct
  • GET /api/feed (Hydrated View-Ready Feed).
  • GET /api/profile/:id (Public Profile).
  • GET /api/me/secrets (Secure Settings access).
• [CACHE] Apply Caching to Endpoints
  • Cache Feed (60s) & Profiles (5m).

Phase 3: Client Security & Refactor

Goal: Stop leaking keys and move to the Proxy.

• [SEC] Critical: Remove Client-Side Key Fetching
  • Scrub profiles selects in Profile.tsx and db.ts.
  • Remove API Key inputs from Profile UI in Profile.tsx.
• [DB] Client Data Layer Refactor
  • Update db.ts to use fetchFeedFromProxy / fetchProfileFromProxy.
  • Deprecate direct Supabase select calls for core content.
• [SEC] Hardening
  • [SEC] Handle 404s/403s in Post.tsx correctly.

Phase 4: Performance & Optimization

Goal: Instant loads and "feels native" speed.

• [DB] Server-Side Injection (SSR-Lite)
  • Inject window.__INITIAL_STATE__ into index.html via ServingProduct.
• [CACHE] Client Hydration
  • Configure React Query to hydrate from __INITIAL_STATE__.
  • Set global staleTime to 5m.
• [SEC] Rate Limiting
  • Add limits to API endpoints.