Roadmap

1. Roadmap
2. Features Working
3. High Priority
4. General
5. Optimization
6. Deployment
7. Search
8. Calendar
9. Signal
10. Files
11. People
12. Security
13. New feature modules

Features Working

Core:

• Security
  • Content & attachments are encrypted at rest and not available to the server except during page request.
  • Secure authentication required (passkey or security key)
  • No third party services or content
  • Best practices for web application security
• Data Sovereignty
  • Easy download and upload of full archive of all workspace files
• Full text search
  • Fast full text search of encrypted contents, including events, file contents, tasks, and people.
• Changes
  • View recent changes on landing pages
  • View all changes for a workspace or self
• Sharing
  • By default, workspace members’ have access, no one else does.
  • Specific resource may be shared via time-limited unique URLs
  • Centrally track all the shared URLs for a workspace.
  • Shared URLs may grant view, comment, edit, or admin access
• People
  • allow users to have multiple profiles and choose which one is associated with each workspace.
  • workspaces have members, contacts, admins.
  • Admins may invite people to join a workspace via a join URL
• Under the hood
  • Background job processing for long tasks (encrypted in db)

Modules:

• Files
  • Files stored in a familiar folder tree.
  • Basic file operations: upload, download, rename, move, trash/untrash, purge, cut/copy/paste.
  • Batch or single file operations
  • Collaborative editing of documents, spreadsheets, presentations, pdf via OnlyOffice Docs.
  • Collaborative editing of Markdown files via custom integrated Markdown editor.
  • File versioning.
  • File drafts: unsaved content in editors are retained as drafts and never lost.
  • Preview generation for images, markdown, and office documents.
  • Nice uploads: upload progress bar, drag and drop, multi files and nested folders
  • Auto-refresh when a file or folder changes in another window or by another user.
  • Drag and drop to move files.
  • Download folders as zip archives.
• Events
  • One time events and recurring calendar events.
  • View events by month, week, or day.
• Tasks
  • Quickly assign owners, add attachments, apply labels to tasks.
  • Track all changes for tasks
  • Collaborative Kanban board for group planning.

High Priority

• Separate login username from profile usernames
• Check that workflow for admins, editors, viewers make sense.
• Actually useful events (attendance, better UI, delete/edit event in a series, etc)
• Better profile controls (change profile for a workspace).

General

• Project system: group arbitrary things together in a “project” within a workspace.
• plugin system: the code is highly modular, but some things are still hard coded when
  adding a new rails engine. to fix:
  • allow engines to dynamically add themselves the sidebar navigation
  • allow engines to define archiving/dearchiving handlers for new record types
• Ability to add user comments to records.
• Ability to pin records to the dashboard.
• Ability to star records and search only starred records.
• Gracefully render obnoxious user input (e.g. very long display names). This mostly works, but has not been tested for all views.

Optimization

• Implement a service worker to cache images in memory, since we set a very strict no-store cache header.
• Enable view caching where appropriate
• Add indexes to database where real world usage says they are needed
• Reduce javascript and css file sizes by removing the parts of bootstrap we don’t use
• ActionCable optimization:
  • Replace ActionCable with AnyCable. https://github.com/anycable/anycable-rails
  • Stand alone Cable server https://guides.rubyonrails.org/action_cable_overview.html#running-standalone-cable-servers
  • AnyCable offers a “whisper” feature for publishing transient broadcasts between clients, without touching your Rails backend. This is ideal for cursor position and Y.js. Add whisper: true to your Rails channels when using this Y-rb and AnyCable. https://docs.anycable.io/rails/extensions?id=whispering

Deployment

• infrastructure-as-code container-based deployment recipe
• Multiple postgres database instances
• Multiple web app instances
• Multiple TLS termination instances
• Multiple onlyoffice editor instances
  (requires shard-key https://api.onlyoffice.com/docs/docs-api/get-started/configuration/shard-key/)
• stand alone cable server https://guides.rubyonrails.org/action_cable_overview.html#running-standalone-cable-servers

Search

• use OCR to index content of raster PDF documents?
  (currently just not enabled: https://github.com/kreuzberg-dev/kreuzberg/blob/main/packages/ruby/README.md#tesseract-configuration)

Calendar

• Event attendees
• Event discussion
• Meeting scheduler
• import / export ical

Signal

• Invite to join via signal
• Get notifications via signal

Files

• what happens when you upload a new version of a file with a different content type? i think it should not be allowed, but add a convert button?
• auto merging of versions?
• Enable converting between file formats using either libreoffice or onlyoffice
• move/copy files between workspaces?
• Do lazy preview generate via a background job.
• Remote preview generation
  This gem can be used as an example: https://github.com/botandrose/active_storage-cloud_transformations
  but it works by passing S3 urls, not blobs, so is not compatible with how we do S3 encryption.
  for the server part, we can use https://github.com/unoconv/unoserver/ (needs a Dockerfile)
  here is what a minimal preview service would look like:

    # lib/active_storage/previewer/office_previewer.rb
    class ActiveStorage::Previewer::OfficePreviewer < ActiveStorage::Previewer
      def self.accept?(blob)
        blob.content_type.in?([
          ... list of previewable contents types ...
        ])
      end
      
      def preview(**options)
        result = make_preview_api_request(input.path, blob)
        yield io: StringIO.new(result.body), filename: "#{blob.filename.base}.png", content_type: 'image/png'
      end
      
      def make_preview_api_request(file_path, blob)
        conn = Faraday.new(url: ENV['LIBREOFFICE_API_URL'] || 'http://libreoffice-api:8080')
        conn.post('/convert') do |req|
          req.params['format'] = 'png'
          req.params['quality'] = 'high'
          req.body = blob.download
        end
      end
    end
  

• Support resumable uploads.
  https://github.com/stakach/Resumable-Uploads
  https://javascript.info/resume-upload
• Support better drag and drop file moving. Some possible drop targets are missing.
• Support historical snapshotting of the entire directory tree structure (depends on deduplication).
• Support deduplication (actually pretty easy).
• Support storing diff blobs instead of full change for past versions https://github.com/halostatue/diff-lcs
• Show diffs for text or markdown files: https://github.com/samg/diffy
• Support editing raster images (non-collaboratively):
  • https://github.com/nhn/tui.image-editor
  • https://github.com/scaleflex/filerobot-image-editor

People

• Custom fields for people
• Build custom lists of people
• Show activity for a person
• CRM-light: Simple workflow for person states

Security

• Security audit
• Automatically terminate session when the last tab is closed using a web worker.
• Consider per-record encryption keys derived from the record id and the workspace key.
• Aggressive limits on Link lifetimes.

New feature modules

Forms

• Create simple forms
• Form can be used for new member intake
• Send form via email & signal

Chat

• Simple real time chat, multiple channels for each workspace, including 1:1 chat.

CMS

• Very simple public static web pages for a workspace.

Notes/Pages

• A notes section, separate from files, that is sort of a hierarchical wiki with
  a collaborative markdown editor. Something like a lightweight Notion.
• Pages can be in books that can be made public.

Polls/Discussion

• A lightweight loomio-like discussion board with integrated group decision making tools.