Software Objectives

Source of truth for open software-related work across the FOLTC codebase and infrastructure. Both Zora and Solace maintain this file. Each entry includes status, priority, owner, and a doc-ref link to the relevant project doc repo or research note.

Last updated: 2026-04-18 — Pathfinder Console logged, Internal DNS added, formatting fix shipped

In Progress

(Active work currently in flight.)

Audit and track all custom server-side PHP files

• Priority: high
• Owner: zora + solace
• Doc: daystrom-server-scripts.git (to be created), citadel-nx-v2.git (app-specific copies)
• Notes: ~30 custom PHP backend files under data.finestoflines.net power all FOLTC apps (Citadel auth-api, Lineup api/events/notify/utils, Subspace api/content/sites/img, Forge forge-api, Compendium api/assets/serve/collections, Quartermaster, Inkwell, GTT, Comms, todo api.php, plus Argus and Pathfinder support files). Most are NOT tracked in git. Two-repo strategy: Zora maintains canonical daystrom-server-scripts.git with ALL backend PHP; Solace adds server/ directories in citadel-nx-v2 for app-specific redundant copies. Also need to add rsync --exclude rules for PHP files in SPA deploy scripts to prevent future wipes (see todo api.php incident 2026-04-17).

Fleet service compliance — mandatory services on all smart devices

• Priority: high
• Owner: zora + solace
• Doc: /etc/argus/fleet-registry.json, /usr/local/bin/argus-sentry
• Notes: Standing policy from Ray: all fleet/VPN devices get argus-heartbeat (done), pathfinder-listen (2/9), pathfinder-dispatch (agent hosts only), KLAXON (not yet built). Periodic audits via argus-sentry. Onboarding checklist in Quartermaster.

Open

(Ready to start, waiting on owner capacity or scheduling.)

Internal DNS for Fort Chaos — hostname-based device addressing

• Priority: medium
• Owner: zora
• Doc: pathfinder-docs.git, argus-docs.git
• Notes: dnsmasq on ChaosActual already runs for LanCache DNS spoofing. Add local A records for all Fort Chaos devices (chaosactual.local, sector-001.local, pegasus.local, dragon.local, etc.) + DHCP static reservations. Eliminates hardcoded IPs in fstab, configs, and scripts that break when topology shifts (e.g., S001 drifted from .101 to .150 after ChaosActual gateway change). Sunday night maintenance window per Ray directive. Discovered 2026-04-18 during CIFS mount investigation.

Citadel multi-device auth — Tier 2 B: stop using REPLACE INTO authkeys

• Priority: medium
• Owner: zora
• Doc: research/2026-04-16-multi-device-auth-thrash.md
• Notes: Server-side hardening. Stop using REPLACE INTO at auth-api.php:144; allow concurrent rows per (user_id, device_id). Belt-and-suspenders for Tier 1 A+C. Also enforce authkeys.expires in apiKeyDbAuth (currently silently accepts expired rows).

KLAXON — fleet-wide alert system

• Priority: high
• Owner: zora
• Doc: foltc-alert-system.git (empty repo, needs design + build)
• Notes: Ray directive: every fleet device gets KLAXON. Repo exists but has no code. Needs architecture design — receives critical alerts via MQTT, logs, escalates. Build after argus-sentry proves out in production.

Retire Roundcube

• Priority: low
• Owner: zora
• Doc: MEMORY.md priority queue #9
• Notes: Gated on Palantir (replacement webmail) proving out in production. No action until Palantir UX is signed off.

Lineup docs repo

• Priority: low
• Owner: ray
• Doc: (pending — repo to be created)
• Notes: Lineup is the largest FOLTC app and has no companion -docs.git. Ray needs to pick the variant first (single lineup-docs or split lineup-frontend/lineup-backend).

Citadel multi-device auth — Tier 1 A+C (client-side)

• Priority: high
• Owner: solace
• Doc: /home/oldbones/citadel-auth-architecture.md (Layer 1) + citadel-docs research
• Notes: (A) Inject DeviceService into TokenService.performRefresh so /refresh carries device_id — eliminates the default-bucket collision. (C) Extend authInterceptor to detect HTTP 403 with code: 1012 and auto-run the refresh flow before surfacing the error — orphaned-token races self-heal. Small PR once Ray greenlights. Pairs with Zora's Tier 2 B on the server side.

FB/IG surfacing — Phase 1 (Lineup inbox)

• Priority: medium
• Owner: solace
• Doc: /home/oldbones/fb-surfacing-phase1.md + backend prep
• Notes: Add optional source field to Conversation model, replace SHOP_DIDS filter with ALLOWED_SOURCES, add channel chips (FB/IG/SMS) in inbox. Compose bar disabled for FB/IG until Phase 2 dispatcher lands server-side. Awaiting Ray's greenlight — frontend diff is fully drafted.

Camera catch-block differentiation (lineup-detail)

• Priority: medium
• Owner: solace
• Doc: /home/oldbones/citadel-auth-architecture.md — Appendix A
• Notes: libs/citadel-base/src/lib/lineup/components/lineup-detail/lineup-detail.component.ts:626-630 treats every Camera.getPhoto() rejection as "access failed or denied." Differentiate cancel (silent), denial (helpful message), other (generic). Zora caught the undifferentiated handler during the 2026-04-16 incident review; Ray's devtools confirmed Case 2 (user cancellation) was the actual firing path. 10-line diff, can ride with Tier 1 PR.

lineup assets/loading.gif 404

• Priority: low
• Owner: solace
• Doc: (cosmetic, no separate doc)
• Notes: lineup-detail.component.html:199 and .ts:246,289 reference assets/loading.gif as a design-image placeholder but the asset was never committed to apps/lineup/src/assets/. Users see a broken-image flash during design loads. Either ship the asset or swap for an inline SVG spinner.

Pathfinder Console — future Nx2 GUI (Tier 2)

• Priority: low
• Owner: solace
• Doc: pathfinder-docs.git (canonical), Forge project PATHFINDER-CONSOLE (id 22)
• Notes: Two-tier architecture decided 2026-04-18 (joint Solace+Zora proposal, Ray greenlit). Tier 1 = Zora's Daystrom standalone at pathfinder.finestoflines.net, the canonical infrastructure-grade always-on web monitor (framework-free HTML + mqtt.min.js, committed to pathfinder.git, WSS via pathfinder-ws-proxy on 9001). Tier 2 (this entry) = future Angular app in citadel-nx-v2. Rename scaffold apps/pathfinder-chat → apps/pathfinder-console when work resumes. Consumes same MQTT topics as the standalone — zero backend changes required. Uses libs/citadel-auth for unified FOLTC login, libs/citadel-ui for styling, PWA manifest already scaffolded (desktop/mobile installable). Shared MQTT service in libs/ will be reusable by Argus GUI and Quartermaster. HELD per Ray directive — do not start build without go. Styling fix on the Tier 1 standalone (add white-space: pre-wrap to .msg CSS to stop newlines/tables collapsing to run-on text) is applied independently by Zora.

Blocked

(Waiting on an external dependency, decision, or prerequisite.)

STARS END — Dillon's AI academy

• Priority: medium
• Owner: ray (decision), zora/solace (implementation)
• Doc: starsend-docs.git
• Notes: Architecture locked, held in concept pending Ray's decision on Claude access model. Bollux (mentor VPS) + Blue Max (coder, fostered on Bootbox→Skynet) roles defined.

Parked

(Deliberately set aside; revisit when conditions change.)

Citadel v3 — signature-verification auth (long-arc)

• Priority: high (when scheduled)
• Owner: unassigned
• Doc: research/2026-04-16-multi-device-auth-thrash.md § Tier 3
• Notes: Full rewrite of Citadel auth model — JWT signature verification replaces row-presence gate, short-TTL access + rotation-on-use refresh tokens, dedicated revocation table, cross-app SSO handshake. Not a patch — a project. Schedule against Stars End / Citadel-Nx-v2.

FOL.ROCKS

• Priority: low
• Owner: ray
• Doc: (no repo yet)
• Notes: Paused awaiting crew music collection from Ray.

Shipped

(Completed work, kept here for history and cross-reference. Trim periodically.)

2026-04-16 — apps.finest links open in new tab

• Owner: solace
• Doc: /var/www/apps.finestoflines.net/index.html line 703
• Notes: Added target="_blank" rel="noopener noreferrer" to the rendered <a> for each clickable app card. Lets Ray pin apps.finest as a home tab without app launches navigating the home page away. File is not currently tracked in daystrom-config — nice-to-have followup.

2026-04-16 — Camera + file-chooser fix on lineup.finestoflines.net (pwa-elements)

• Owner: solace
• Doc: Solace commit fc54e6c in citadel-nx-v2, deployed 2026-04-16 16:37 UTC
• Notes: Installed @ionic/pwa-elements + added defineCustomElements(window) to apps/lineup/src/main.ts. ID-image click now opens proper camera modal; file chooser also verified working. Ray confirmed live.

2026-04-16 — Lineup image-processing overlay (MMS send + lineup attach)

• Owner: solace
• Doc: Solace commit a8dad30 in citadel-nx-v2, deployed 2026-04-16 13:04 UTC
• Notes: Full-screen overlay on SMS thread while executeImageActions runs (Sending Image... / Attaching to lineup N/M...). Covers the gap where the compose-bar spinner did not fire on the image-edit → MMS send flow.

2026-04-16 — Lineup modal scroll fix + SMS send spinner

• Owner: solace
• Doc: Solace commit 742e429 in citadel-nx-v2, deployed 2026-04-16 12:38 UTC
• Notes: Crop and image-actions modals now flex-column with scrollable main content so tall content no longer spills past the 90vh panel. SMS compose bar swaps Send icon for a spinner while a send is in flight.

2026-04-16 — argus-sentry unified fleet monitoring daemon

• Owner: zora
• Doc: /usr/local/bin/argus-sentry, /etc/argus/fleet-registry.json, /etc/systemd/system/argus-sentry.service
• Notes: Three-job daemon: MQTT heartbeat watcher (9 smart devices), dumb device poller (8 devices — switches, APs, printers, phones, router via ICMP/TCP/SSH-proxy), alert engine (offline detection + VPN-down pattern + pathfinder alerts + SMS for critical). 17/20 devices online. Registry hot-reloads. State persists to disk.

2026-04-16 — Fleet heartbeat fixes (Stargate, Sector-001, ChaosActual, Forge)

• Owner: zora
• Doc: argus-heartbeat configs on each host
• Notes: Repointed stale broker configs (10.0.20.101 → 10.0.5.17) on Stargate, Sector-001, ChaosActual. Fresh install on Forge (paho-mqtt, systemd service, UFW rule, public-IP mosquitto listener). Fixed Apache WebSocket proxy (ws://10.0.20.101:9001 → ws://127.0.0.1:9001). All 9 smart devices confirmed publishing.

2026-04-16 — Pathfinder broker repoint completed (fleet-wide argus)

• Owner: zora
• Doc: MEMORY.md priority queue #10
• Notes: All argus-heartbeat agents now pointing at Daystrom broker (10.0.5.17 or 127.0.0.1 for local). Mosquitto listener added on public interface (164.90.134.115:1883, UFW-gated) for non-VPN hosts like Forge.

2026-04-16 — voip.ms outage fix

• Owner: zora
• Doc: (5 PHP files + Gringotts correction)
• Notes: Restored SMS inbound/outbound after voip.ms credential thrash.

Format Template (for new entries)

### Short title
- **Priority**: high | medium | low
- **Owner**: zora | solace | ray | unassigned
- **Doc**: [link text](url-or-path)
- **Notes**: one-liner rationale, blockers, or state

Status sections: In Progress → Open → Blocked → Parked → Shipped. Move entries between sections as state changes. Keep Shipped trimmed — archive to project journals when it outgrows this file.