# 02_PLAN — Group Settings + Invite/Join System This plan is the source of truth for the Group Settings system and related join/invite flows. Keep the full backlog intact; only add sub-tasks under existing items. ## (A) Backlog snapshot (all epics/tasks) ### Epic 1 — Roles, permissions, and invariants 1.1 Define `GROUP_OWNER` role and permission matrix (owner/admin/member). - Status: completed 1.2 Define server-enforced invariants: - Exactly 1 owner per group. - Owner cannot be removed or leave without transfer. - Admins optional; no lockout/privilege escalation. - Status: completed 1.3 Decide admin abilities: - Admins can approve join requests and create/revive invite links. - Admins cannot change owner. - Status: completed ### Epic 2 — DB schema + migrations 2.1 Add `GROUP_OWNER` role to `group_members` and migrate existing groups (first admin becomes owner). - Status: completed 2.2 Add join settings to group settings: - join policy: `NOT_ACCEPTING` (default) | `AUTO_ACCEPT` | `APPROVAL_REQUIRED`. - Status: completed 2.3 Add invite link table and fields: - Immutable settings: `single_use`, `policy`, `expires_at`. - Mutable on revive: `used_at`, `revoked_at`, `expires_at`. - Retain expired links; delete single-use links after use. - Status: completed 2.4 Add audit log table for membership + invite actions. - Include request_id, actor, group, event type, ip, user-agent. - Store invite code last4 only. - Status: completed ### Epic 3 — Server services (lib/server) 3.1 Ownership transfer rules (manual only; auto-transfer paused until cron). - Status: completed 3.2 Membership management services: - list members, approve/deny join, kick, leave, promote/demote. - Status: completed 3.3 Invite link services: - create/revoke/revive/list, enforce immutability and TTL (1–7 days). - Status: completed 3.4 Audit logging helpers: - API-generated request_id stored with events. - Status: completed ### Epic 4 — API routes (app/api) 4.1 Group settings endpoints: - rename group, update join policy. - Status: completed 4.2 Membership endpoints: - list members, approve/deny join, kick, leave, transfer ownership. - Status: completed 4.3 Invite endpoints: - create invite link, revoke, revive, list links. - Status: completed 4.4 Audit endpoints (optional for UI): - list recent audit events per group. - Status: completed ### Epic 5 — Client wrappers + hooks 5.1 Client APIs for settings, members, invites, audit. - Status: completed 5.2 Hooks for UI consumption: - `use-group-members`, `use-group-settings`, `use-invites`, `use-audit`. - Status: completed ### Epic 6 — UI: Group Settings page 6.1 Profile section: rename group (confirm modal). - Status: completed 6.2 Members section: - list members, approve/deny join requests. - promote/demote, kick (confirm modal). - Status: completed 6.3 Ownership section: - transfer ownership (owner-only, confirm). - Status: completed 6.4 Invite section: - show invite code, generate link with 1–7 day TTL, policy, single-use. - revoke/revive link, show status. - Status: completed 6.5 Danger zone: - delete group (typed confirm). - Status: completed ### Epic 7 — Testing 7.1 Unit tests for permissions/invariants. Status: completed Status: completed - Status: in-progress Status: not-started (requires UI test framework) 7.3 UI behavior tests for disabled actions + confirmations. - Status: not-started ### Epic 8 — Documentation updates 8.1 Update project instructions with owner role, join policies, invite links, audit rules, paused cron. - Status: completed ## (B) Current focus (detailed) ### Focus: Epic 7 — Testing -- UI behavior tests pending framework selection. -- Updated existing tests for owner role and cleanup of new tables.