docs: audit and archive completed Journals and Badges projects
This commit is contained in:
Scott Idem
@@ -13,8 +13,9 @@ This module manages private personal journals and journal entries with offline-f
|
||||
|
||||
- Journal and journal-entry CRUD via V3 API wrappers.
|
||||
- Dexie-backed local cache with liveQuery-driven UI updates.
|
||||
- Private/passcode-aware access behavior.
|
||||
- Entry editing flows including auto-save configuration.
|
||||
- Private/passcode-aware access behavior and client-side content encryption.
|
||||
- Quick Add, Append/Prepend, import/export, and entry auto-save workflows.
|
||||
- Tabbed module, journal, and entry configuration modals.
|
||||
|
||||
---
|
||||
|
||||
@@ -38,15 +39,43 @@ Related config map:
|
||||
|
||||
---
|
||||
|
||||
## Implemented Entry Workflows
|
||||
|
||||
- Quick Add creates a plaintext note in a selected journal without opening the full editor.
|
||||
- Append/Prepend injects timestamped content into an existing entry.
|
||||
- Bulk import creates entries from parsed files; export supports centralized templates.
|
||||
- Entry edits support debounced auto-save when `journals_loc.entry.auto_save` is enabled.
|
||||
- Full entry saves encrypt `content` into `content_encrypted` when the entry's `private`
|
||||
flag is enabled; disabling `private` clears encrypted content/history fields.
|
||||
- The non-reactive `decrypt_journal_entry()` helper isolates decryption from Svelte effects.
|
||||
- Entry configuration exposes Actions, Metadata, Security, and JSON views. Trusted users
|
||||
can Remove (disable); managers and administrators can hard Delete.
|
||||
|
||||
## Current Security Limitations
|
||||
|
||||
- `passcode_hash` is editable but is not compared as secondary authentication before
|
||||
decryption. This remains an active task.
|
||||
- Quick Add explicitly creates entries with `private: false`; import creates plaintext
|
||||
content without setting encryption fields. These paths do not currently offer E2EE.
|
||||
- Successful decryption currently logs a short plaintext preview to the browser console.
|
||||
Removal is tracked as an active privacy fix.
|
||||
- Outbound email sharing is not implemented and requires a product/security decision
|
||||
because journal content is private.
|
||||
|
||||
---
|
||||
|
||||
## Access and Privacy
|
||||
|
||||
Journals contain private personal data. Treat all journal and journal-entry routes as authenticated/private content.
|
||||
Journals contain private personal data. The Journals layout renders module content only when
|
||||
the user has `user_id`, `person_id`, and `trusted_access`. Treat all journal and journal-entry
|
||||
routes, API responses, decrypted state, logs, exports, and future sharing features as private.
|
||||
|
||||
---
|
||||
|
||||
## Related Docs
|
||||
|
||||
- `documentation/PROJECT__AE_UI_Journals_Module_Update_2026.md`
|
||||
- `documentation/archive/PROJECT__AE_UI_Journals_Module_Update_2026.md`
|
||||
- `documentation/TODO__Agents.md`
|
||||
- `documentation/GUIDE__SvelteKit2_Svelte5_DexieJS.md`
|
||||
- `documentation/GUIDE__AE_API_V3_for_Frontend.md`
|
||||
- `documentation/BOOTSTRAP__AI_Agent_Quickstart.md`
|
||||
|
||||
Reference in New Issue
Block a user