# AI Checkpoint — cg.cx Refinement Pass ## Phase **ALL BATCHES COMPLETE.** Refinement pass finished. No blockers. ## Final State - `cargo check --workspace` ✅ passes - `cargo test --workspace` ✅ passes (0 tests, all crates compile) - Frontend `npm run build` ✅ passes - All 10 batches implemented, verified, and merged. ## Completed Work Summary ### Batch 1 — Security + Stability - **B:** `/get_id` extended to channels (`msg.chat.is_channel()`) - **C:** `/help` HTML parse errors fixed (`` → `[arg]`) - **E:** `/blacklist_uid` and `/whitelist_uid` restricted to configured admin groups + admins - **I:** HEAD requests no longer consume auto-destroy views in `serve_file` ### Batch 2 — Misc Report Section - Backend: `POST /api/content/:cxid/report` endpoint added to server - `reqwest` added to `cgcx-server/Cargo.toml` - Server seeds web-reporter user (id=0) to satisfy FK constraint - Frontend: Direct report wired to API; hardcoded `harmfulmeowbot` replaced with dynamic `BOT_USERNAME` ### Batch 3 — Password/Autodestroy + UX - Homepage password flow fixed: `fetchMetadata` now passes password; 401 handled correctly (`needsPassword = true` or "Incorrect password.") - Removed redundant `verifyPassword` call from `Home.svelte` ### Batch 4 — Submission/Review Batching + Hardening - Existing batching logic verified correct - **Fixes applied:** - `serve_raw_file` now increments views (mirrors `serve_file`) - Approval caption truncated to 1024 chars - Video/audio sent as native `InputMediaVideo`/`InputMediaAudio` ### Batch 5 — Review Action Buttons - Verified: `[ Ban ]`, `[ Blackl. ]`, `[ Ban/BL u. ]` present in review keyboard - Verified: handlers for `ban`, `blk`, `banblk`, `approve`, `ignore` all work with permission checks ### Batch 6 — GLOBAL_BAN - Verified: `GroupsConfig.global_ban` config option present - Verified: `propagate_punishment` checks flag and propagates to all known chats ### Batch 7 — Upload Privacy + Metadata - Verified: `show_author` toggle in upload options - Verified: metadata bar in `ViewContent.svelte` shows date, size, author hyperlink ### Batch 8 — Deduplication + Hash Blacklist - Verified: `plaintext_hash` computed, dedup lookup works, ref_count incremented - Verified: `HashBlacklistRepo` blocks re-uploads with `BlockedHash` error ### Batch 9 — Username Tracking - Verified: `UserRepo::ensure_exists` logs changes to configurable `uname_changes_path` ### Batch 10 — Homepage Bot Link + Docs - **Q:** Bot link reordered between Content ID field and "-- cannibal girls --" subtitle - **Q:** Link color changed to `var(--retro-accent)` (very dark green) - **P:** `docs/API.md`, `docs/COMMANDS.md`, `docs/MODERATION.md`, `README.md` all updated ## Files Touched in This Pass - `crates/cgcx-server/src/main.rs` — view increment, report endpoint, web user seed - `crates/cgcx-server/Cargo.toml` — reqwest dependency - `crates/cgcx-bot/src/main.rs` — channel support, help escaping, admin-group gates, media types, caption truncation - `frontend/src/routes/Home.svelte` — password flow, report wiring, bot link reorder - `frontend/src/lib/api.js` — API_BASE export - `docs/API.md`, `docs/COMMANDS.md`, `docs/MODERATION.md`, `README.md` — documentation updates ## Known Limitations (Not Fixed in This Pass) 1. **Zero test coverage** across the workspace. 2. **Memory usage:** Forward approval/review decrypts entire files into memory (`decrypt_bytes` + `InputFile::memory`). Large files risk OOM. 3. **TOCTOU race:** Concurrent requests to `serve_file` can overserve past `max_views` by 1. 4. **Multi-file view counting:** Each file request increments `view_count`, so multi-file content with low `max_views` may become unavailable before all files are viewed. ## Blockers None. ## Next Step None — refinement pass is complete. Future work (if any) should start from this checkpoint.