Tasks

Board: Silway MVP Kanban Board Snapshot: 2026-04-29 Assignee: hi@egeuysal.com

All 6 tasks are High Priority / Backlog.

Infrastructure

Convex Setup

Set up Convex as the backend database/real-time layer for the app.

Next Steps:

1. Create a new Convex project and initialize it in the repo (npx convex dev)
2. Define initial schema for core data models (users, conversations, messages)
3. Configure environment variables for dev and production
4. Verify real-time sync works end-to-end with a simple test query

Clerk Auth Setup

Integrate Clerk for user authentication and session management.

Next Steps:

1. Install Clerk SDK and add publishable/secret keys to env
2. Wrap the app with <ClerkProvider> and configure sign-in/sign-up flows
3. Connect Clerk user identity to Convex (use Clerk JWT template for Convex)
4. Test auth flow: sign up → sign in → session persistence

Proxy AI Requests through Backend

Route all AI API calls through the backend instead of the client directly.

Next Steps:

1. Create a backend endpoint (e.g., Convex action or API route) that wraps AI calls
2. Move API keys server-side and remove any client-side AI calls
3. Add request validation and rate limiting to the proxy endpoint
4. Update frontend to call the proxy instead of the AI provider directly

Security

Secure API Access & Auth

Lock down API endpoints so only authenticated users can access them.

Next Steps:

1. Add auth middleware to all backend routes (validate Clerk JWT on every request)
2. Return 401 for unauthenticated requests and 403 for unauthorized ones
3. Audit existing endpoints for any gaps in auth coverage
4. Write tests for protected vs. unprotected route behavior

Chat & Conversation Ownership Check

Ensure users can only access their own chats and conversations.

Next Steps:

1. Add ownerId field to conversation/message schemas in Convex
2. Enforce ownership checks in all read/write queries (filter by ctx.auth.userId)
3. Test that user A cannot fetch or mutate user B's conversations
4. Add server-side guards — don't rely solely on client-side filtering

Feature

Connect Slack Data to Arlo

Pipe Slack workspace data into Arlo for use in conversations/context.

Next Steps:

1. Set up a Slack app with required OAuth scopes (channels:history, users:read, etc.)
2. Build an ingestion pipeline to fetch and store Slack messages in Convex
3. Define how Slack data maps to Arlo's data model (threads → conversations?)
4. Surface Slack context in the Arlo UI and verify it appears correctly in AI responses

Suggested order of work: Convex Setup → Clerk Auth → Secure API Access → Proxy AI Requests → Ownership Check → Slack Integration. The first four unblock everything else.