sneak/chat
1
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

1.0.0 — MVP: Two users chatting on one server #1

New Issue
Closed
opened 2026-02-09 21:28:24 +01:00 by clawbot · 7 comments
clawbot commented 2026-02-09 21:28:24 +01:00
Collaborator
Copy Link

Track all features required for a minimum viable 1.0.0 release where two users can register, authenticate, join channels, and exchange messages on a single server instance.

See comment below for detailed feature list.

Track all features required for a minimum viable 1.0.0 release where two users can register, authenticate, join channels, and exchange messages on a single server instance. See comment below for detailed feature list.
clawbot commented 2026-02-09 21:28:43 +01:00
Author
Collaborator
Copy Link

Minimum feature set for 1.0.0 MVP

Two users must be able to register, log in, join a channel, and exchange messages in real time on a single server.

User management

  • User registration (POST /api/v1/register) — create account with nick + password, receive auth token
  • User login (POST /api/v1/login) — authenticate, receive token
  • User logout (POST /api/v1/logout) — invalidate token
  • Get current user info (GET /api/v1/users/me)
  • Change nick (POST /api/v1/users/nick)

Authentication middleware

  • Token-based auth middleware — validate Bearer token on protected endpoints
  • Session persistence — server holds session state, survives disconnects
  • Session idle timeout (configurable, default 24h)

Channels

  • Create/join channel (POST /api/v1/channels/join) — auto-creates if nonexistent
  • Leave channel (POST /api/v1/channels/part)
  • List joined channels (GET /api/v1/channels)
  • Get channel info (GET /api/v1/channels/{name}) — topic, members, modes
  • Set channel topic (POST /api/v1/channels/{name}/topic)

Messaging

  • Send message to channel (POST /api/v1/messages) — to: "#channel"
  • Send direct message (POST /api/v1/messages) — to: "nick"
  • Retrieve queued messages (GET /api/v1/messages) with long-polling support
  • Server-side message queue — messages persist until retrieved
  • Multiple concurrent connections per session — messages delivered to all
  • Channel message history (GET /api/v1/history)

Message format

  • Structured JSON messages with: id (UUID), ts (ISO 8601), from, to, type, body, meta
  • Server-assigned message IDs and timestamps
  • Message types: message, join, part, nick, topic, system

System events

  • Join/part notifications broadcast to channel members
  • Nick change notifications
  • MOTD delivered on connect

Server info

  • GET /api/v1/server — name, version, MOTD, user count
  • GET /.well-known/healthcheck.json (already implemented)

Storage

  • SQLite database with migration system (already implemented)
  • Users table — accounts and hashed passwords
  • Auth tokens table
  • Channels table (already in 002_tables.sql)
  • Channel members table
  • Messages table with configurable history rotation
  • Message queue table (per-user pending delivery)

Infrastructure

  • Graceful shutdown (already implemented)
  • Request logging (already implemented)
  • Health check (already implemented)
  • Configuration via environment variables (already implemented)
## Minimum feature set for 1.0.0 MVP Two users must be able to register, log in, join a channel, and exchange messages in real time on a single server. ### User management - [ ] User registration (`POST /api/v1/register`) — create account with nick + password, receive auth token - [ ] User login (`POST /api/v1/login`) — authenticate, receive token - [ ] User logout (`POST /api/v1/logout`) — invalidate token - [ ] Get current user info (`GET /api/v1/users/me`) - [ ] Change nick (`POST /api/v1/users/nick`) ### Authentication middleware - [ ] Token-based auth middleware — validate Bearer token on protected endpoints - [ ] Session persistence — server holds session state, survives disconnects - [ ] Session idle timeout (configurable, default 24h) ### Channels - [ ] Create/join channel (`POST /api/v1/channels/join`) — auto-creates if nonexistent - [ ] Leave channel (`POST /api/v1/channels/part`) - [ ] List joined channels (`GET /api/v1/channels`) - [ ] Get channel info (`GET /api/v1/channels/{name}`) — topic, members, modes - [ ] Set channel topic (`POST /api/v1/channels/{name}/topic`) ### Messaging - [ ] Send message to channel (`POST /api/v1/messages`) — `to: "#channel"` - [ ] Send direct message (`POST /api/v1/messages`) — `to: "nick"` - [ ] Retrieve queued messages (`GET /api/v1/messages`) with long-polling support - [ ] Server-side message queue — messages persist until retrieved - [ ] Multiple concurrent connections per session — messages delivered to all - [ ] Channel message history (`GET /api/v1/history`) ### Message format - [ ] Structured JSON messages with: id (UUID), ts (ISO 8601), from, to, type, body, meta - [ ] Server-assigned message IDs and timestamps - [ ] Message types: `message`, `join`, `part`, `nick`, `topic`, `system` ### System events - [ ] Join/part notifications broadcast to channel members - [ ] Nick change notifications - [ ] MOTD delivered on connect ### Server info - [ ] `GET /api/v1/server` — name, version, MOTD, user count - [ ] `GET /.well-known/healthcheck.json` ✅ (already implemented) ### Storage - [ ] SQLite database with migration system ✅ (already implemented) - [ ] Users table — accounts and hashed passwords - [ ] Auth tokens table - [ ] Channels table ✅ (already in 002_tables.sql) - [ ] Channel members table - [ ] Messages table with configurable history rotation - [ ] Message queue table (per-user pending delivery) ### Infrastructure - [ ] Graceful shutdown ✅ (already implemented) - [ ] Request logging ✅ (already implemented) - [ ] Health check ✅ (already implemented) - [ ] Configuration via environment variables ✅ (already implemented)
clawbot self-assigned this 2026-02-20 09:29:46 +01:00
clawbot added the
needs-review
 label 2026-02-20 09:29:47 +01:00
sneak commented 2026-02-27 11:20:02 +01:00
Owner
Copy Link

@clawbot i understand you spawned a subagent for this but I don't see any updates here. perhaps you should instruct the subagent to do one task/commit on the feature branch, then you can review it yourself, and either spawn another subagent to do the rework, or the next subagent for the next todo item.

@clawbot i understand you spawned a subagent for this but I don't see any updates here. perhaps you should instruct the subagent to do one task/commit on the feature branch, then you can review it yourself, and either spawn another subagent to do the rework, or the next subagent for the next todo item.
clawbot commented 2026-02-27 11:21:53 +01:00
Author
Collaborator
Copy Link

You're right — the previous sub-agent merged the bulk MVP work (PR #10) but some checklist items are still missing. I'll take the incremental approach you suggested: one task per sub-agent, I review each commit, then spawn the next.

Current state after auditing main:

  • Session creation, channels (join/part/list/members/topic), messaging (channel + DM), long-polling, history, nick change, server info, health check, SQLite schema, graceful shutdown, SPA client
  • Password-based registration + login (currently nick-only, no passwords)
  • Logout (token invalidation)
  • GET /api/v1/users/me dedicated endpoint
  • Session idle timeout
  • MOTD delivered on connect
  • User count in /api/v1/server

Starting now with task 1: password-based user registration and login. Will update here after each commit lands on the feature branch.

You're right — the previous sub-agent merged the bulk MVP work (PR #10) but some checklist items are still missing. I'll take the incremental approach you suggested: one task per sub-agent, I review each commit, then spawn the next. Current state after auditing `main`: - ✅ Session creation, channels (join/part/list/members/topic), messaging (channel + DM), long-polling, history, nick change, server info, health check, SQLite schema, graceful shutdown, SPA client - ❌ Password-based registration + login (currently nick-only, no passwords) - ❌ Logout (token invalidation) - ❌ `GET /api/v1/users/me` dedicated endpoint - ❌ Session idle timeout - ❌ MOTD delivered on connect - ❌ User count in `/api/v1/server` Starting now with task 1: **password-based user registration and login**. Will update here after each commit lands on the feature branch.
sneak commented 2026-02-27 13:52:36 +01:00
Owner
Copy Link

I just merged #22. Where are we at?

I just merged #22. Where are we at?
clawbot commented 2026-02-27 13:53:28 +01:00
Author
Collaborator
Copy Link

PR #22 merged — good. Here's the current state against the MVP checklist:

Implemented

  • Session/client model (multi-client per session, UUID-based)
  • Auth middleware (Bearer token validation)
  • Create/join/part channels (auto-creates if nonexistent)
  • List channels, channel info, channel members
  • Send message to channel (PRIVMSG to #channel)
  • Send DM (PRIVMSG to nick)
  • Long-polling message retrieval (GET /messages?timeout=N)
  • Server-side message queue (fan-out to all clients per session)
  • Channel message history (GET /history)
  • Nick change (NICK command)
  • Set channel topic (TOPIC command)
  • Join/part/nick/quit notifications broadcast
  • MOTD delivered on connect (IRC numeric 375/372/376)
  • Server info (GET /server)
  • Health check (/.well-known/healthcheck.json)
  • SQLite with schema (sessions, clients, channels, channel_members, messages, client_queues)
  • Graceful shutdown, request logging, CORS
  • Embedded SPA web client

Still needed for MVP

  1. Password-based registration (POST /api/v1/register) — currently nick-only, no passwords
  2. Password-based login (POST /api/v1/login) — authenticate with password, get token
  3. Logout (POST /api/v1/logout) — invalidate token
  4. GET /api/v1/users/me — dedicated current-user endpoint (partially covered by /state)
  5. Session idle timeout (configurable, default 24h)
  6. User count in /api/v1/server response

I have a sub-agent already working on item 1+2 (password-based auth). Will work through these incrementally — one task per sub-agent, review each, then next.

PR #22 merged — good. Here's the current state against the MVP checklist: ### ✅ Implemented - Session/client model (multi-client per session, UUID-based) - Auth middleware (Bearer token validation) - Create/join/part channels (auto-creates if nonexistent) - List channels, channel info, channel members - Send message to channel (`PRIVMSG` to `#channel`) - Send DM (`PRIVMSG` to nick) - Long-polling message retrieval (`GET /messages?timeout=N`) - Server-side message queue (fan-out to all clients per session) - Channel message history (`GET /history`) - Nick change (`NICK` command) - Set channel topic (`TOPIC` command) - Join/part/nick/quit notifications broadcast - MOTD delivered on connect (IRC numeric 375/372/376) - Server info (`GET /server`) - Health check (`/.well-known/healthcheck.json`) - SQLite with schema (sessions, clients, channels, channel_members, messages, client_queues) - Graceful shutdown, request logging, CORS - Embedded SPA web client ### ❌ Still needed for MVP 1. **Password-based registration** (`POST /api/v1/register`) — currently nick-only, no passwords 2. **Password-based login** (`POST /api/v1/login`) — authenticate with password, get token 3. **Logout** (`POST /api/v1/logout`) — invalidate token 4. **`GET /api/v1/users/me`** — dedicated current-user endpoint (partially covered by `/state`) 5. **Session idle timeout** (configurable, default 24h) 6. **User count in `/api/v1/server`** response I have a sub-agent already working on item 1+2 (password-based auth). Will work through these incrementally — one task per sub-agent, review each, then next.
clawbot commented 2026-02-27 14:02:18 +01:00
Author
Collaborator
Copy Link

Password-based registration + login ready for review: #23

make check passes, code reviewed. Starting on the next item (logout endpoint) now.

Password-based registration + login ready for review: https://git.eeqj.de/sneak/chat/pulls/23 `make check` passes, code reviewed. Starting on the next item (logout endpoint) now.
clawbot commented 2026-02-27 14:08:16 +01:00
Author
Collaborator
Copy Link

All remaining MVP items ready for review:

  • PR #23 — password-based registration + login: #23
  • PR #24 — logout, users/me, user count, session timeout: #24

Both pass make check, both reviewed. Once both merge, the full MVP checklist from my earlier comment should be complete.

All remaining MVP items ready for review: - **PR #23** — password-based registration + login: https://git.eeqj.de/sneak/chat/pulls/23 - **PR #24** — logout, users/me, user count, session timeout: https://git.eeqj.de/sneak/chat/pulls/24 Both pass `make check`, both reviewed. Once both merge, the full MVP checklist from my earlier comment should be complete.
sneak closed this issue 2026-02-28 19:57:41 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bot

Agent's turn to work

  
merge-ready

All checks pass, reviewed, rebased, ready for merge

  
needs-checks

make check does not pass cleanly

  
needs-rebase

PR has merge conflicts or is behind main

  
needs-review

Code review not yet done

  
needs-rework

Code review found issues to fix

No Label
bot
merge-ready
needs-checks
needs-rebase
needs-review
needs-rework
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
clawbot
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/chat#1
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?