| 3 |
3 |
|
## Status
|
| 4 |
4 |
|
Done: All pre-beta phases, UX audit remediation, creator trust audit remediation. Active: Creator setup (Stripe), manual testing. Next: Soft launch.
|
| 5 |
5 |
|
|
| 6 |
|
- |
v0.4.8. Audit grade A (Run 18, 2026-05-01). Code fuzz Run 19 complete (2026-05-03, 17 bugs fixed). ~1,213 unit + ~679 integration = ~1,923 tests (all passing). Mutation kill rate 99.4%. Property-based testing active (proptest). `cargo test --features fast-tests` for fast runs.
|
|
6 |
+ |
v0.4.8. Audit grade A (Run 18, 2026-05-01). Code fuzz Run 19 complete (2026-05-03, 17 bugs fixed). ~1,220 unit + ~679 integration = ~1,930 tests (all passing with `--features fast-tests` as of 2026-05-04). Mutation kill rate 99.4%. Property-based testing active (proptest). `cargo test --features fast-tests` for fast runs.
|
| 7 |
7 |
|
|
| 8 |
8 |
|
Human tasks (manual testing, outreach, legal, infrastructure) moved to `human_todo.md`.
|
| 9 |
9 |
|
Completed items moved to `todo_done.md`.
|
| 18 |
18 |
|
### Pre-deploy
|
| 19 |
19 |
|
- [ ] Run migration 090 on production after deploy
|
| 20 |
20 |
|
|
|
21 |
+ |
### Test Failures — FIXED (2026-05-04)
|
|
22 |
+ |
All 10 previously-failing integration tests resolved. Three bugs fixed:
|
|
23 |
+ |
- **SyncKit 500→401**: `SyncAppKeyExtractor` returned `GovernorError::UnableToExtractKey` on missing bearer token, causing tower_governor to respond 500 before `SyncUser` could return 401. Fix: return nil sentinel `SyncAppId` to pass through to handler.
|
|
24 |
+ |
- **CSRF double-slash**: Exempt prefix `/postmark/` caused matching to produce `/postmark//`. Fix: use `/postmark` without trailing slash.
|
|
25 |
+ |
- **CSRF missing guest-free**: `/api/checkout/guest-free` was not in the CSRF exempt list. Fix: added it alongside `/api/checkout/guest`.
|
|
26 |
+ |
- **Sandbox rate limit** (2 tests): Not a code bug — requires `--features fast-tests` as documented.
|
|
27 |
+ |
- Removed dead `changelog_page` function (superseded by blog-based `/changelog` route). Zero warnings.
|
|
28 |
+ |
|
|
29 |
+ |
Also: CI on astra has compilation errors (separate issue, likely stale paths from monorepo restructure).
|
|
30 |
+ |
|
| 21 |
31 |
|
#### Low (previous)
|
| 22 |
32 |
|
- [ ] Add README.md to server/
|
| 23 |
33 |
|
|
| 27 |
37 |
|
- [ ] Migrate inline `onclick` handlers to `addEventListener` for strict CSP
|
| 28 |
38 |
|
- [ ] Monitor scheduler.rs (1249), git/mod.rs (624), license_keys.rs (684) for growth
|
| 29 |
39 |
|
|
|
40 |
+ |
### Dashboard Usability Audit (2026-05-03)
|
|
41 |
+ |
|
|
42 |
+ |
Grade: B-. Complexity B, Completeness B-, Learnability C+, Discoverability C.
|
|
43 |
+ |
|
|
44 |
+ |
#### Discoverability (Critical)
|
|
45 |
+ |
- [ ] Reorganize user dashboard tabs — move Analytics and Creator to visible tab bar by default; only keep SSH Keys, Forums in overflow. Move SyncKit from user dashboard to project dashboard (apps are linked to projects, not users). 10 user tabs (4 visible + 6 hidden) is too many hidden
|
|
46 |
+ |
- [ ] Add dashboard tab customization setting — let users choose which tabs are always visible in the tab bar and which go into the overflow menu. Store preference per user. Sensible defaults (Account, Projects, Payments, Analytics, Creator visible; SSH Keys, Media, Forums, Support in overflow) but fully user-configurable
|
|
47 |
+ |
- [ ] Move SyncKit tab to project dashboard — SyncKit apps are tied to projects (Linked To column). Show as a project-level tab alongside Code, filtered to that project's apps. Keep a user-level summary view (or link) for creators managing apps across multiple projects
|
|
48 |
+ |
- [ ] Surface Stripe requirement on Project Overview — persistent banner "Connect Stripe to sell items" with direct link until connected and charges enabled
|
|
49 |
+ |
- [ ] Add Media Library access from content editors — "Insert Image" button in blog editor and item content editor that opens media library. Currently completely disconnected from where users need it
|
|
50 |
+ |
- [ ] Always show Blog tab with empty state — currently only appears if posts exist. Show "No blog posts yet. Start writing to engage your audience." with "New Post" button
|
|
51 |
+ |
- [ ] Add content search/filter to project Content tab — search by title, filter by status (Draft/Published/Scheduled) and type. Table stakes for any content management interface
|
|
52 |
+ |
- [ ] Add "Embed & Share" quick action on Item Overview — embed codes only discoverable by navigating to specific item's Embed tab
|
|
53 |
+ |
|
|
54 |
+ |
#### Learnability (High)
|
|
55 |
+ |
- [ ] Make breadcrumbs clickable navigation links — currently display-only text; users can't click back to parent; broken with HTMX tab state
|
|
56 |
+ |
- [ ] Add explanatory text to jargon terms: SyncKit ("Cloud sync for indie apps" subtitle), Insertions (rename to "Dynamic Clips" in storage display), AI Classification (add option descriptions: "Handmade — no AI tools", "AI-Assisted — AI tools with human creation", "AI-Generated — primarily created by AI"), Labels ("Platform-curated tags describing your project's commitments"), Revenue Splits (add setup instructions linking to Project Members tab)
|
|
57 |
+ |
- [ ] Improve onboarding checklist context — add brief explanations to each step: "Connect Stripe — required to receive payments, 3% processing only", "Create a project — blog, podcast, course, etc."
|
|
58 |
+ |
- [ ] Add empty state context to analytics — change "No revenue data yet" to "Once you publish items and make sales, revenue data will appear here" with link to publish
|
|
59 |
+ |
- [ ] Add AI Classification option descriptions in item_details dropdown — "Handmade (no AI tools)", "AI-Assisted (AI tools with human creation)", "AI-Generated (primarily created by AI)" with examples
|
|
60 |
+ |
|
|
61 |
+ |
#### Complexity (Medium)
|
|
62 |
+ |
- [ ] Split Account Details tab into sub-sections — currently 13 sections in one scroll. Group into: Profile (name, bio, links, domain), Security (password, 2FA, passkeys, sessions), Notifications, Data & Privacy (export, import, deletion)
|
|
63 |
+ |
- [ ] Hide UUID from item dashboard header — remove or put behind a "Copy ID" button. Creators don't need to see UUIDs
|
|
64 |
+ |
- [ ] Hide Stripe account ID behind disclosure toggle — currently shown in monospace on Payments tab. Collapse behind "Show details"
|
|
65 |
+ |
- [ ] Simplify Stripe status display — replace raw onboarding states with user-intent language: "Ready to receive payments" (green) or "Action required: [task]" (red)
|
|
66 |
+ |
|
|
67 |
+ |
#### Feature Completeness (Medium)
|
|
68 |
+ |
- [ ] Add download count analytics per item — standard on Bandcamp, Gumroad; primary consumption metric for digital goods
|
|
69 |
+ |
- [ ] Add cross-project item view — creator with 3 projects can't see all items in one place; no global search
|
|
70 |
+ |
- [ ] Add refund initiation from dashboard — currently must go to Stripe dashboard to issue refunds
|
|
71 |
+ |
- [ ] Add "Export as CSV" button on item sales tables
|
|
72 |
+ |
|
|
73 |
+ |
#### Discoverability (Lower)
|
|
74 |
+ |
- [ ] Add bulk operations hint on Content tab — show "Select items for bulk actions" tip; show action bar in disabled state so feature is discoverable
|
|
75 |
+ |
- [ ] Add contextual next-step suggestions after key actions — "Next: Set pricing" after creating item; "Next: Create item" after creating project
|
|
76 |
+ |
- [ ] Show all conditional tabs (SyncKit, SSH Keys, Forums) always with empty states explaining prerequisites — instead of hiding them entirely
|
|
77 |
+ |
|
| 30 |
78 |
|
### UX — Deferred (post-beta table stakes)
|
| 31 |
79 |
|
- [ ] Reviews/ratings system for items
|
| 32 |
80 |
|
- [ ] Gift purchases at checkout
|