Update task task-022

backlog/tasks/task-022 - Board-Version-History-&-Change-Visualization.md

@@ -0,0 +1,106 @@
+---
+id: task-022
+title: Board Version History & Change Visualization
+status: To Do
+assignee: []
+created_date: '2025-12-04 12:59'
+updated_date: '2025-12-04 13:09'
+labels:
+  - feature
+  - collaboration
+  - R2
+  - tldraw
+  - permissions
+  - security
+dependencies: []
+priority: high
+---
+
+## Description
+
+<!-- SECTION:DESCRIPTION:BEGIN -->
+Implement board permissions, R2 backup version browsing/restoration, and visual change highlighting:
+
+## 1. Board Ownership & Permissions Model
+
+**Ownership:**
+- First user to create/claim a board becomes OWNER
+- Owner can set a 4-digit PIN to protect admin functions
+- Owner can transfer ownership to another user
+
+**Permission Levels:**
+- **OWNER**: Full control, can delete board, transfer ownership, manage all permissions
+- **ADMIN**: Can restore versions, manage EDITOR/VIEWER permissions, cannot delete board
+- **EDITOR**: Can create/edit/delete shapes, changes are tracked
+- **VIEWER**: Read-only access, can see board but not modify
+
+**4-PIN Password System:**
+- Optional PIN set by OWNER to protect admin actions
+- Required for: restoring versions, changing permissions, deleting content
+- Stored hashed in R2 metadata or D1
+- Rate-limited attempts to prevent brute force
+
+## 2. Version History Tool (ADMIN+ only)
+- List available backup versions (by date)
+- Preview backup contents before restore
+- One-click restore with PIN confirmation
+- Audit log of who restored what and when
+
+## 3. Change Visualization
+- Yellow glow: new objects from other users (until viewed)
+- Grey glow: deleted objects as ghosts (until acknowledged)
+- User attribution badges showing who made each change
+- Filter changes by user
+- "Mark all as seen" functionality
+
+## 4. Storage Architecture
+- Board metadata in D1 or R2 JSON: owner, permissions map, PIN hash
+- Permission checks in Durable Object before allowing edits
+- WebSocket messages include user identity for attribution
+<!-- SECTION:DESCRIPTION:END -->
+
+## Acceptance Criteria
+<!-- AC:BEGIN -->
+- [ ] #1 Board creator becomes OWNER automatically
+- [ ] #2 OWNER can set optional 4-digit PIN
+- [ ] #3 OWNER can assign ADMIN/EDITOR/VIEWER roles to users
+- [ ] #4 ADMINs can restore board versions (with PIN if set)
+- [ ] #5 EDITORs can modify board content
+- [ ] #6 VIEWERs have read-only access
+
+- [ ] #7 Version history panel shows available backup dates
+- [ ] #8 Can preview a backup before restoring
+- [ ] #9 New objects from other users show yellow glow
+- [ ] #10 Deleted objects show grey ghost glow until acknowledged
+- [ ] #11 Changes show user attribution (who made the change)
+- [ ] #12 Changes can be marked as seen
+<!-- AC:END -->
+
+## Implementation Notes
+
+<!-- SECTION:NOTES:BEGIN -->
+**Permission Model Clarification:**
+- Anonymous users → VIEWER (read-only)
+- Signed-in users → EDITOR by default
+- Board owner can override with specific permissions
+- This prevents anonymous vandalism while enabling easy collaboration
+
+**Final Access Model:**
+- New board created by signed-in user → auto OWNER
+- Existing unclaimed board → 'Claim admin' button
+- Anonymous users cannot claim boards
+
+**Access Logic:**
+1. Has email permission → Access at assigned role
+2. Signed in + no PIN set → EDITOR
+3. Knows PIN → EDITOR (session-based)
+4. Otherwise → VIEWER
+
+**PIN grants EDITOR access (not configurable)**
+
+**Detailed implementation plan saved to worktree:**
+- Branch: `feature/version-history`
+- Worktree: `/home/jeffe/Github/canvas-website-branch-worktrees/version-history`
+- Plan file: `backlog/tasks/task-023 - Version-History-Permissions-Implementation-Plan.md`
+- Pushed to: gitea.jeffemmett.com
+<!-- SECTION:NOTES:END -->