docs: update AGENTS.md with E2E chat architecture and permissions
This commit is contained in:
13
AGENTS.md
13
AGENTS.md
@@ -68,6 +68,7 @@ js/
|
||||
│ ├── locations.js # Standorte Service (Geo-Suche)
|
||||
│ ├── conversations.js # Zero-Knowledge Chat (E2E, per-listing keys)
|
||||
│ ├── crypto.js # NaCl Encryption + per-listing keypair management
|
||||
│ ├── key-pinning.js # TOFU Key-Pinning (warnt bei Schlüsseländerung)
|
||||
│ ├── currency.js # XMR/Fiat Umrechnung
|
||||
│ ├── pow-captcha.js # Proof-of-Work Captcha (Challenge/Verify)
|
||||
│ ├── btcpay.js # BTCPay Server Integration (Invoice, Checkout, Webhook)
|
||||
@@ -107,7 +108,10 @@ tests/
|
||||
├── test-runner.js # Minimaler Test-Framework
|
||||
├── helpers.test.js # Unit Tests für helpers.js
|
||||
├── i18n.test.js # Unit Tests für i18n.js
|
||||
└── router.test.js # Unit Tests für router.js
|
||||
├── router.test.js # Unit Tests für router.js
|
||||
├── crypto.test.js # E2E Encryption, per-listing keys, TOFU
|
||||
├── client.test.js # Directus Client Tests
|
||||
└── services.test.js # Service Tests
|
||||
|
||||
locales/
|
||||
├── de.json # Deutsch (Fallback)
|
||||
@@ -152,6 +156,7 @@ locales/
|
||||
1. **SSH funktioniert nicht** mit diesem Repo auf gitea.pro - HTTPS mit Token nutzen
|
||||
2. **Service Worker** kann lokale Änderungen cachen - bei Problemen Cache leeren
|
||||
3. **i18n muss vor Shell laden** - siehe `app.js` (dynamischer Import)
|
||||
4. **E2E Chat**: Per-listing Keypairs (nicht Account-Key) für Seller-Identität. Listing braucht `contact_public_key` Feld in Directus. TOFU Key-Pinning warnt bei Schlüsseländerung. Conversations/Messages nur über User-Rolle zugänglich (kein Public-Zugriff).
|
||||
|
||||
## Nächste Schritte
|
||||
|
||||
@@ -160,7 +165,7 @@ locales/
|
||||
3. ~~Listings bearbeiten~~ ✅ Edit-Modus via `#/edit/:id`
|
||||
4. ~~PoW-Captcha server-seitig~~ ✅ PHP-Server auf `pow.dgray.io`
|
||||
5. ~~TweetNaCl self-hosted~~ ✅ In `js/vendor/`
|
||||
6. ~~Chat-Crypto fix~~ ✅ `box.before` + `secretbox`
|
||||
6. ~~Chat-Crypto fix~~ ✅ Per-listing E2E Keys, TOFU Key-Pinning, kein Pending-Flow mehr
|
||||
7. ~~Payment-Integration mit BTCpay Server~~ ✅ Proxy auf `pow.dgray.io`, Frontend-Service `btcpay.js`
|
||||
8. ~~Favoriten Directus Sync~~ ✅ FavoritesService mit Union-Merge bei Login
|
||||
9. ~~Expired Listings~~ ✅ Directus Flow (alle 15 Min), Status-Badges auf Cards
|
||||
@@ -190,8 +195,8 @@ locales/
|
||||
| `categories_translations` | ✓ | - | - | Für i18n |
|
||||
| `locations` | ✓ | ✓ | - | User kann neue Orte anlegen |
|
||||
| `languages` | ✓ | - | - | Für Sprachen-Liste |
|
||||
| `conversations` | ✓ | ✓ | ✓ | Filter via `participant_hash`, Update nur `status` |
|
||||
| `messages` | ✓ | ✓ | - | Filter via `conversation` ID |
|
||||
| `conversations` | - | - | - | **Nur User-Rolle** (Auth-Pflicht, kein Public-Zugriff) |
|
||||
| `messages` | - | - | - | **Nur User-Rolle** (Auth-Pflicht, kein Public-Zugriff) |
|
||||
| `favorites` | ✓ | ✓ | - | User-Rolle: Filter `user = $CURRENT_USER`, Delete erlaubt |
|
||||
| `notifications` | ✓ | ✓ (via Flow/Webhook) | ✓ | User-Rolle: Filter `user_hash`, nur `read` updaten |
|
||||
| `deals` | ✓ | ✓ | ✓ | Update nur `*_confirmed`, `status`, `date_confirmed` |
|
||||
|
||||
Reference in New Issue
Block a user