Worklog: Issue Audit & Roadmap Planning

Date: 2026-02-06 Feature: Issue Audit and Roadmap Planning Outcome: Completed Contributors: @mechelle, Claude Code

---

Objective

Audit open GitHub issues to identify completed work that should be closed, and create a prioritized roadmap for upcoming development based on recent momentum and strategic goals.

---

Work Completed

1. Issue Closure

Closed Issue #245: "SECURITY: Admin password reset breaks Lantern app encryption"

• Status: Fully resolved by PR #259 (merged Feb 6, 2026)
• Implementation:
  • Admin passwords now stored in adminProfiles.adminPasswordHash (separate from Lantern passphrase)
  • New Cloud Functions: setAdminPassword, signInAdmin, requestAdminPasswordReset
  • Encryption corruption detection and reinitialization
  • Server-side canary verification via checkEncryptionCorruption
• Impact: Admin password resets no longer break zero-knowledge encryption for Lantern app data
• Acceptance Criteria: All met ✅

Related PRs:

• PR #259 - "Enhance admin authentication and encryption management"
• PR #258 - "Implement access gate and sign out functionality for admin users"
• PR #257 - "Implement access gate and sign out functionality"

---

2. Issue Status Investigation

Issue #254: "Replace Cloudflare Access with Firebase Auth gate on main app"

Code Implementation: ✅ COMPLETE

• src/App.jsx - PILOT_MODE = true with admin role checks (lines 88-96)
• src/components/AccessGate.jsx - AccessGateLoading, AccessGateLogin, AccessGateDenied components
• src/lib/auth.js - checkAdminRole() function
• docs/engineering/deployment/SUBDOMAINS_AND_ACCESS.md - Documentation updated

Infrastructure Status: ⏳ PENDING VERIFICATION

• Firebase auth gate is fully functional
• Cloudflare Access policy removal from dev.ourlantern.app needs verification
• API investigation attempted but token lacks "Zero Trust" permissions for Access apps
• Recommendation: Enable "Zero Trust" permission on Cloudflare API token OR verify manually in dashboard

Next Steps:

1. Update Cloudflare API token with "Zero Trust" permission
2. Programmatically verify no Access policy exists on dev.ourlantern.app
3. Test site in incognito to confirm Firebase login screen (not Cloudflare PIN prompt)
4. Close Issue #254 once verified

---

3. Roadmap Creation

Created comprehensive 12-week roadmap saved at docs/plans/2026-02-06_12-week-roadmap.md

Priority 1: Issue #254 - Remove Cloudflare Access (Week 1)

• Effort: LOW | Impact: HIGH
• ~80% complete, just needs final verification and policy removal
• Solves cache issues blocking real-time updates

Priority 2: Issue #255 - Bundle Docs/Storybook into Admin Portal (Week 1-2)

• Effort: MEDIUM | Impact: MEDIUM
• Builds on PR #252 (self-hosted docs editor)
• Improves developer experience and admin usability

Priority 3: Issue #246 - Reorganize Monorepo Structure (Week 3-6)

• Effort: HIGH | Impact: MEDIUM-HIGH
• Proposed structure: apps/, services/, packages/
• Prerequisite for mobile development (React Native/Capacitor)

Priority 4: Issue #147 Phase 1 - Security: Advanced Encryption Features (Week 7-12)

• Effort: VERY HIGH | Impact: VERY HIGH
• Phase 1 scope: Recovery codes, tiered data model, warnings
• Phase 2+ deferred: Phone/PIN, biometric, Shamir's Secret Sharing

Priority 5: Admin Portal Enhancements (Ongoing)

• Issues #236, #230, #237 - Good incremental work between major efforts

---

Technical Investigation Details

Authentication Architecture Review

Main Lantern App:

• Email + Passphrase login (zero-knowledge encryption)
• Passphrase serves dual purpose: Firebase Auth password + encryption key derivation
• PBKDF2 (600K iterations) + AES-256-GCM
• No recovery mechanism by design

Admin Portal:

• Separate admin password system (Issue #245 fix)
• Three authentication methods:
  1. signInWithAdminPassword() - NEW: uses adminProfiles.adminPasswordHash
  2. signInWithEmail() - LEGACY: for migration
  3. signInWithGitHub() - OAuth

Cloudflare Configuration:

• Main app and admin portal: In-app Firebase Auth (no Cloudflare Access)
• Wildcards *.dev.ourlantern.app and *.ourlantern.app: Cloudflare Access PIN (safety net)
• No Cloudflare Access/Zero Trust implemented on main domains

API Investigation

Attempted: Cloudflare API check for Access applications Result: Authentication error - API token lacks "Zero Trust" permissions Resolution: Need to add "Account → Zero Trust → Read" permission to CLOUDFLARE_API_TOKEN

API Endpoints Used:

# Works ✅
GET /zones/{zone_id} - Basic zone info

# Needs permission ❌
GET /accounts/{account_id}/access/apps - Access applications

---

Files Modified

Closed Issues

• Issue #245 - Closed with comprehensive resolution summary

Documentation Created

• docs/plans/2026-02-06_12-week-roadmap.md - Full roadmap plan

Documentation Updated

• None (documentation already current from PR #257)

---

Next Immediate Actions

1. Update Cloudflare API Token

   • Go to Cloudflare API Tokens
   • Add "Account → Zero Trust → Read" permission
   • Verify Access applications programmatically

2. Complete Issue #254

   • Verify no Cloudflare Access policy on dev.ourlantern.app
   • Remove policy if it exists
   • Test site in incognito mode
   • Close issue with verification notes

3. Begin Issue #255 Planning

   • Review current admin portal navigation
   • Design unified docs/Storybook navigation
   • Create implementation subtasks

---

Deferred Items

• Issue #239: AI Assistant integration - Nice-to-have, not critical
• Issue #233: Billing/cost data - Important but not urgent for pilot
• Phase 2+ merchant issues (#171, #167, #231) - Wait until after pilot launch
• Issue #147 Phase 2+: Phone/PIN, biometric, advanced recovery - After Phase 1

---

Timeline Summary

Week 1-2:

• ✅ Close Issue #245
• ⏳ Complete Issue #254 (Cloudflare Access removal)
• 🔜 Complete Issue #255 (Docs/Storybook bundling)

Week 3-6:

• 🔜 Issue #246 (Monorepo refactor)

Week 7-12:

• 🔜 Issue #147 Phase 1 (Recovery codes, tiered encryption)

---

Notes

• Pilot Mode: Currently enabled (PILOT_MODE = true in src/App.jsx)
• Admin Authentication: Successfully decoupled from Lantern encryption (PR #259)
• Real-time Updates: Should improve once Cloudflare Access fully removed
• Security Posture: Strong with zero-knowledge encryption, room for improvement with recovery mechanisms

---

References

• Issue #245 - Admin password security (CLOSED)
• Issue #254 - Cloudflare Access removal (OPEN)
• Issue #255 - Bundle Docs/Storybook (OPEN)
• Issue #246 - Monorepo refactor (OPEN)
• Issue #147 - Advanced encryption (OPEN)
• PR #259 - Admin auth enhancement (MERGED)
• PR #258 - Access gate implementation (MERGED)
• PR #257 - Access gate and sign out (MERGED)
• Full Roadmap Plan