# PasteAI — Development Backlog Living document. Priority order within each section. Last updated: June 2026. --- ## Recently completed - **019 — Reframe public visibility** ✅ — MCP defaults to `private`; document page has three-state select (public / unlisted / private) with confirmation dialog before going public - **020 — Documents list as table** ✅ — Home feed is a compact table with title, visibility badge, and date - **021 — Mermaid diagram support** ✅ — Fenced ` ```mermaid ` blocks render as diagrams; CSP updated; MCP tool description updated - **022 — Dev AWS account** ✅ — Terraform prefixed for environment; OAuth table names externalised to env vars; `dev.tfvars.example`, `backend-dev.hcl.example`, and runbook committed; `make plan-dev / deploy-dev / smoke-dev` targets in place - **023 — Review system** ✅ — Comment data model, HTTP handlers, BoltDB + DiskContent + DynamoDB backends, MCP `list_reviews` tool, cloud auth middleware, document UI (selection → anchor → sidebar) - **Sitemap** ✅ — `/sitemap.xml` listing all public documents; linked from `robots.txt` - **Kiro / OpenCode MCP setup docs** ✅ — Config snippets and install guides in README --- ## Queued ### Named slugs Move from `/d/` to `/d/<8char>/` where slug is derived from the document title. The 8-char prefix is the stable identifier — rename without breaking existing links. **No spec yet. High effort** — URL format change, redirect strategy, store and API changes. --- ### Sharing Share a document with specific other users by GitHub login, granting read (or edit) access regardless of visibility. **No spec yet. High effort** — new permissions model, user-to-user access. --- ## Analytics ### AWS RUM (Real User Monitoring) Core Web Vitals, JS error tracking, HTTP request tracing, session replay. Stays in AWS console alongside CloudWatch. Cost: ~$1–5/month at current scale. **To do:** 1. Add `aws_rum_app_monitor` Terraform resource 2. Add RUM snippet to `web/templates/base.html` --- ### DAU (Daily Active Users) via CloudWatch Insights Server already emits `UserSignedIn` EMF events. Just needs a saved CloudWatch Insights query: ``` fields @timestamp, userID | filter event = "UserSignedIn" | stats count_distinct(userID) by bin(1d) ``` Save as a named query in CloudWatch and pin to the dashboard. **No code changes needed.** --- ### Plausible custom events Instrument key conversion events beyond pageviews: ```js plausible('SignUp') plausible('DocumentPublished', {props: {via: 'mcp'}}) plausible('MCPToolCall', {props: {tool: 'publish_document'}}) ``` Add calls in the relevant server-side template or JS files. --- ## Infrastructure ### Reserved Lambda concurrency Set a reserved concurrency (e.g. 50) in `terraform/lambda.tf` to cap blast radius of traffic spikes and trigger throttle alarms at a known threshold. --- ### Status page Public status page showing Lambda, DynamoDB, and CloudFront health. Link from the footer. Options: statuspage.io, or a simple static page backed by CloudWatch alarms. --- ## Billing ### Enable Stripe paywall Pro tier is built. Stripe is integrated. Paywall is disabled (`PASTEAI_PAYWALL_ENABLED = "false"`). **To enable:** 1. Test full checkout → webhook → tier upgrade flow in dev account 2. Set `PASTEAI_PAYWALL_ENABLED = "true"` in `terraform/lambda.tf` 3. Add `STRIPE_SECRET_KEY` and `STRIPE_WEBHOOK_SECRET` to GitHub Secrets 4. Sign off on Terms of Service --- ## Product ### Public profile pages `/u/{login}` — all public documents by a user. Gives authors a shareable page. --- ### Document embeds `/d/{id}/embed` — minimal iframe-embeddable version, no nav or footer. Useful for Notion, wikis, etc. --- ## On hold — pending Amazon COI resolution Do not build until COI case is resolved. These evolve PasteAI from a pastebin toward a documentation platform. - **PlantUML rendering** — extend Mermaid with PlantUML support (client-side plugin, low effort once Mermaid is stable) - **Split editor / preview** — CodeMirror 6 editor (left) + rendered preview (right), live before publish - **GitHub sync** — push document content to a GitHub repo as a Markdown file via GitHub Apps - **Real-time collaborative editing** — Yjs CRDT + Hocuspocus WebSocket server; requires architectural change (Lambda is stateless — needs a persistent WS host)