Feature/comment conversations threaded

DevLog/DevLog-006-00-Viewer-Stability-and-Refactor-Fixes.md

@@ -122,3 +122,35 @@
 - No raw secret values, real tokens, passwords, private keys, or credential strings are present.
 - Mentions of environment variables (`AUTH_TOKEN`, `API_TOKEN_SECRET`, `TURN_SHARED_SECRET`, `VITE_TURN_PASSWORD`) are generic configuration identifiers only.
 - Commit hashes included are public git identifiers, not sensitive data.
+
+
+# Server rollout + manual QA
+
+## Server steps
+1. SSH in and go to repo.
+2. `git fetch origin`
+3. `git checkout refactor-viewer-stability`
+4. `git pull --ff-only origin refactor-viewer-stability`
+5. Install deps:
+   - root: `pnpm install --frozen-lockfile`
+   - server: `cd server && pnpm install --frozen-lockfile && cd ..`
+6. Ensure `server/.env` has:
+   - `AUTH_TOKEN`
+   - `API_TOKEN_SECRET`
+   - `TURN_SHARED_SECRET` (must match coturn `static-auth-secret`)
+7. Restart server (`server/stop.sh` then `server/start.sh`, or your process manager).
+8. Confirm logs show API token + TURN credential routes enabled.
+
+## Manual tests still needed
+1. Two real clients (different networks): host/join, file sync, viewport sync.
+2. TURN fallback: verify collaboration still works under restrictive NAT/firewall.
+3. Token expiry: wait past TTL, then upload/download/execute again.
+4. Restart resilience: restart server during active session and verify recovery.
+5. Cross-browser check: Chrome + Safari/Firefox collaboration sanity.
+6. Production config sanity: no long-lived frontend file token dependency.
+
+## Optional quick checks
+- `pnpm check`
+- `pnpm test --run`
+- `curl -X POST /api/auth/token` works
+- `curl /api/turn-credentials` works with issued token

DevLog/DevLog-006-01-Comment-Conversations.md

@@ -0,0 +1,55 @@
+# DevLog-006-01: Comment Conversations (Threaded Replies)
+
+**Date**: 2026-02-15  
+**Status**: In Progress  
+**Scope**: Implement conversation-style comments with arbitrary-depth replies, soft delete, host thread delete, and fold/unfold controls.
+
+## Requirements (Confirmed)
+
+1. Arbitrary-depth replies (forum-style).
+2. No new canvas bubbles for replies (root bubble only).
+3. Soft delete for comments; host can delete whole thread.
+4. Single permission toggle controls both comments and replies.
+5. Oldest-first ordering in threads.
+6. Viewer comments enabled by default.
+
+## Plan
+
+- [x] Extend `Comment` model for threads (`parentId`, `rootId`, `deleted`, `deletedAt`).
+- [x] Add normalization for backward compatibility with existing comments.
+- [x] Add update/soft-delete primitives in `commentStore` and `CommentSync`.
+- [x] Update `ViewerCommentController` to create thread-capable root comments.
+- [x] Refactor `CommentPanel` to threaded tree view with:
+  - reply composer
+  - per-comment fold/unfold
+  - soft delete
+  - host delete thread
+- [x] Keep reply comments out of canvas bubbles (root bubbles only).
+- [x] Validate with `pnpm check` and `pnpm test --run`.
+
+## Progress Log
+
+### 2026-02-15 14:44
+
+- Created DevLog and locked final behavior to the user-confirmed decisions above.
+- Next: implement model + sync/store compatibility layer.
+
+### 2026-02-15 15:20
+
+- Implemented threaded conversation panel:
+  - Oldest-first thread traversal.
+  - Arbitrary-depth replies with inline composer.
+  - Per-comment fold/unfold of descendants.
+  - Soft-delete comment action (author or host).
+  - Host-only "Delete Thread" action (soft-deletes all descendants in same root thread).
+- Updated host permissions copy to clarify one toggle controls comment + reply rights.
+- Updated canvas bubble rendering to root comments only (`parentId === null`) so replies do not spawn new bubbles.
+- Validation complete:
+  - `pnpm check`: 0 errors, 0 warnings
+  - `pnpm test --run`: 109/109 passing
+
+### 2026-02-15 15:37
+
+- Fixed global `Space` interception conflict in viewer pan controls:
+  - `MouseController` now ignores `Space` keydown when the focused target is `INPUT`, `TEXTAREA`, or `contenteditable`.
+  - This allows normal typing (including spaces) in the threaded comment reply textarea while keeping `Space+Drag` panning behavior elsewhere.